@aiam/ciba 0.9.2 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/token.mjs +20 -32
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aiam/ciba",
3
- "version": "0.9.2",
3
+ "version": "0.9.4",
4
4
  "description": "OAuth 2.0 Device Authorization Grant CLI with cross-device push approval (Yjs sync, ECDH-encrypted token delivery, persistent device id)",
5
5
  "type": "module",
6
6
  "bin": {
package/token.mjs CHANGED
@@ -106,38 +106,15 @@ function decrypt(map) {
106
106
  // ─── tryGet ───────────────────────────────────────────────────────────────────
107
107
 
108
108
  function tryGet(resourcesMap, deviceDoc, res) {
109
- // Try the exact key first, then try known aliases.
110
- const aliases = res ? [res] : [];
111
- // If short name, also try known URN forms.
112
- if (res && !res.includes(':')) {
113
- // Read aliases from options if available (future: server can provide)
114
- const opts = deviceDoc.getMap('options').get('resources') ?? {};
115
- const meta = opts[res] ?? {};
116
- if (meta.urn) aliases.push(meta.urn);
117
- // Common fallbacks for known short names
118
- if (res === 'webagents') aliases.push('urn:sap:destination:WEBAGENTS_BACKEND', 'urn:sap:destination:web_agents_gateway');
119
- if (res === 'a2a') aliases.push('urn:sap:identity:application:provider:name:agent-gateway');
120
- }
121
- // No resource = try first entry
122
- if (!res) {
123
- const first = [...resourcesMap.values()][0];
124
- if (!first) return null;
125
- const map = deviceDoc.getMap(first);
126
- const expiresAt = map.get('expires_at');
127
- if (expiresAt && expiresAt < Date.now()) return null;
128
- if (!map.get('ciphertext')) return null;
129
- return map;
130
- }
131
- for (const alias of aliases) {
132
- const key = resourcesMap.get(alias);
133
- if (!key) continue;
134
- const map = deviceDoc.getMap(key);
135
- const expiresAt = map.get('expires_at');
136
- if (expiresAt && expiresAt < Date.now()) continue;
137
- if (!map.get('ciphertext')) continue;
138
- return map;
139
- }
140
- return null;
109
+ const key = res
110
+ ? resourcesMap.get(res)
111
+ : [...resourcesMap.values()][0];
112
+ if (!key) return null;
113
+ const map = deviceDoc.getMap(key);
114
+ const expiresAt = map.get('expires_at');
115
+ if (expiresAt && expiresAt < Date.now()) return null; // expired
116
+ if (!map.get('ciphertext')) return null;
117
+ return map;
141
118
  }
142
119
 
143
120
  // ─── Output ───────────────────────────────────────────────────────────────────
@@ -247,6 +224,7 @@ log('→ waiting for token...');
247
224
  const token = await new Promise((resolve, reject) => {
248
225
  const timer = setTimeout(() => {
249
226
  resourcesMap.unobserve(observer);
227
+ log(`→ timeout — resources at that point: ${JSON.stringify([...resourcesMap.entries()])}`);
250
228
  reject(new Error('Timeout waiting for token'));
251
229
  }, 30_000);
252
230
 
@@ -260,6 +238,16 @@ const token = await new Promise((resolve, reject) => {
260
238
  }
261
239
  };
262
240
  resourcesMap.observe(observer);
241
+ // Also observe provider synced events in case doc re-syncs
242
+ provider.on('synced', () => {
243
+ log(`→ re-synced — resources: ${JSON.stringify([...resourcesMap.entries()])}`);
244
+ const found = tryGet(resourcesMap, deviceDoc, resolvedResource);
245
+ if (found) {
246
+ clearTimeout(timer);
247
+ resourcesMap.unobserve(observer);
248
+ resolve(decrypt(found));
249
+ }
250
+ });
263
251
  });
264
252
 
265
253
  provider.destroy();