npm - @aiam/ciba - Versions diffs - 0.8.4 → 0.8.6 - Mend

@aiam/ciba 0.8.4 → 0.8.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/ciba.mjs +8 -29
package/package.json +1 -1

package/ciba.mjs CHANGED Viewed

@@ -12,7 +12,7 @@
  *   ciba status              Show session state
  */
 import { createECDH, createHash, createDecipheriv, createSign, createPrivateKey, randomBytes } from 'node:crypto';
-import { exec, spawn } from 'node:child_process';
+import { exec, execFileSync, spawn } from 'node:child_process';
 import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync } from 'node:fs';
 import { createServer, createConnection } from 'node:net';
 import { homedir, hostname } from 'node:os';
@@ -439,22 +439,10 @@ function startDaemon(provider, deviceDoc, privateKey, serverUrl) {
           const requests = deviceDoc.getMap('requests');
           const resourcesMap = deviceDoc.getMap('resources');
+          // Pass attrs straight through — server resolves grant_type from resource URN.
           const attrs = { ...(req.attrs || {}) };
-          const resourceUrn = attrs.resource;
-          if (!attrs.grant_type && typeof resourceUrn === 'string') {
-            if (resourceUrn.startsWith('urn:sap:destination:')) {
-              attrs.grant_type = 'urn:sap:destination';
-              if (!attrs.destination) attrs.destination = resourceUrn.slice('urn:sap:destination:'.length);
-            } else if (resourceUrn.startsWith('urn:sap:identity:') || resourceUrn.startsWith('urn:ietf:params:oauth:resource:')) {
-              attrs.grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer';
-            }
-          }
           const defaultResource = `urn:sap:destination:${process.env.CIBA_DEFAULT_DESTINATION || 'WEBAGENTS_BACKEND'}`;
-          const requestedResource =
-            attrs.grant_type === 'urn:sap:destination' && attrs.destination
-              ? `urn:sap:destination:${attrs.destination}`
-              : attrs.resource ?? defaultResource;
+          const requestedResource = attrs.resource ?? defaultResource;
           const decryptFromTokenMap = (tokenMap) => {
             const ciphertext = tokenMap.get('ciphertext');
@@ -466,14 +454,8 @@ function startDaemon(provider, deviceDoc, privateKey, serverUrl) {
           };
           if (req.command === 'refresh') {
-            // Fire-and-forget: write the request, return immediately.
-            // Server exchanges async; result lands on device doc via Yjs.
-            // Default to the same resource as `ciba token` when none specified.
-            if (!attrs.grant_type && !attrs.resource && !attrs.destination) {
-              attrs.resource = `urn:sap:destination:${process.env.CIBA_DEFAULT_DESTINATION || 'WEBAGENTS_BACKEND'}`;
-              attrs.grant_type = 'urn:sap:destination';
-              attrs.destination = process.env.CIBA_DEFAULT_DESTINATION || 'WEBAGENTS_BACKEND';
-            }
+            // Fire-and-forget — just set default resource if none given.
+            if (!attrs.resource) attrs.resource = defaultResource;
             const newRid = randomBytes(8).toString('base64url');
             dlog(`refresh; writing requests[${newRid}] attrs=${JSON.stringify(attrs)}`);
             requests.set(newRid, { ...attrs, status: 'pending', created_at: new Date().toISOString() });
@@ -749,13 +731,10 @@ const stopCmd = defineCommand({
   meta: { description: 'Stop daemon and clear session' },
   args: {},
   async run() {
+    const cfg = loadConfig();
     if (cfg.pid) { try { process.kill(parseInt(cfg.pid)); } catch {} }
-    // Kill all orphaned ciba daemon processes (previous --persist runs that
-    // were never approved or whose parent exited without storing the PID).
-    try {
-      const { execFileSync } = await import('node:child_process');
-      execFileSync('pkill', ['-f', 'ciba login --daemon'], { stdio: 'ignore' });
-    } catch { /* pkill not found or no matching processes */ }
+    // Kill all orphaned ciba daemon processes.
+    try { execFileSync('pkill', ['-f', 'ciba login --daemon'], { stdio: 'ignore' }); } catch {}
     if (existsSync(SOCKET_PATH)) unlinkSync(SOCKET_PATH);
     const sessionFile = join(CONFIG_DIR, 'session');
     if (existsSync(sessionFile)) unlinkSync(sessionFile);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiam/ciba",
-  "version": "0.8.4",
+  "version": "0.8.6",
   "description": "OAuth 2.0 Device Authorization Grant CLI with cross-device push approval (Yjs sync, ECDH-encrypted token delivery, persistent device id)",
   "type": "module",
   "bin": {