@atxp/client 0.9.1 → 0.10.0

package/dist/index.js

@@ -1,4 +1,4 @@
-import { crypto as crypto$1, OAuthResourceClient, ConsoleLogger, getErrorRecoveryHint, PAYMENT_REQUIRED_ERROR_CODE, isSSEResponse, parseMcpMessages, parsePaymentRequests, paymentRequiredError, DEFAULT_AUTHORIZATION_SERVER, getIsReactNative, createReactNativeSafeFetch, isEnumValue, ChainEnum, CurrencyEnum, NetworkEnum, assertNever, DEFAULT_ATXP_ACCOUNTS_SERVER, MemoryOAuthDb, ATXPAccount } from '@atxp/common';
+import { crypto as crypto$1, OAuthResourceClient, ConsoleLogger, getErrorRecoveryHint, PAYMENT_REQUIRED_ERROR_CODE, isSSEResponse, parseMcpMessages, parsePaymentRequests, paymentRequiredError, DEFAULT_AUTHORIZATION_SERVER, createReactNativeSafeFetch, getIsReactNative, isEnumValue, ChainEnum, CurrencyEnum, NetworkEnum, assertNever, DEFAULT_ATXP_ACCOUNTS_SERVER, MemoryOAuthDb, ATXPAccount } from '@atxp/common';
 export { ATXPAccount } from '@atxp/common';
 import * as oauth from 'oauth4webapi';
 import { BigNumber } from 'bignumber.js';
@@ -453,6 +453,7 @@ function atxpFetch(config) {
 }
 class ATXPFetcher {
     constructor(config) {
+        this.oauthClient = null;
         this.defaultPaymentFailureHandler = async (context) => {
             const { payment, error, attemptedNetworks, retryable } = context;
             const recoveryHint = getErrorRecoveryHint(error);
@@ -512,8 +513,9 @@ class ATXPFetcher {
             }
             // Create prospective payment for approval (using first destination for display)
             const firstDest = mappedDestinations[0];
+            const accountId = await this.account.getAccountId();
             const prospectivePayment = {
-                accountId: this.account.accountId,
+                accountId,
                 resourceUrl: paymentRequest.resource?.toString() ?? '',
                 resourceName: paymentRequest.payeeName ?? '',
                 currency: firstDest.currency,
@@ -547,7 +549,7 @@ class ATXPFetcher {
                         network: result.chain
                     });
                     // Submit payment to the server
-                    const jwt = await paymentMaker.generateJWT({ paymentRequestId, codeChallenge: '', accountId: this.account.accountId });
+                    const jwt = await paymentMaker.generateJWT({ paymentRequestId, codeChallenge: '', accountId });
                     const response = await this.sideChannelFetch(paymentRequestUrl.toString(), {
                         method: 'PUT',
                         headers: {
@@ -675,7 +677,8 @@ class ATXPFetcher {
                 const paymentMakerCount = this.account.paymentMakers.length;
                 throw new Error(`Payment maker is missing generateJWT method. Available payment maker count: ${paymentMakerCount}. This indicates the payment maker object does not implement the PaymentMaker interface. If using TypeScript, ensure your payment maker properly implements the PaymentMaker interface.`);
             }
-            const authToken = await paymentMaker.generateJWT({ paymentRequestId: '', codeChallenge: codeChallenge, accountId: this.account.accountId });
+            const accountId = await this.account.getAccountId();
+            const authToken = await paymentMaker.generateJWT({ paymentRequestId: '', codeChallenge: codeChallenge, accountId });
             // Make a fetch call to the authorization URL with the payment ID
             // redirect=false is a hack
             // The OAuth spec calls for the authorization url to return with a redirect, but fetch
@@ -729,42 +732,47 @@ class ATXPFetcher {
             if (paymentMaker) {
                 // We can do the full OAuth flow - we'll generate a signed JWT and call /authorize on the
                 // AS to get a code, then exchange the code for an access token
-                const authorizationUrl = await this.oauthClient.makeAuthorizationUrl(error.url, error.resourceServerUrl);
+                const oauthClient = await this.getOAuthClient();
+                const authorizationUrl = await oauthClient.makeAuthorizationUrl(error.url, error.resourceServerUrl);
                 if (!this.isAllowedAuthServer(authorizationUrl)) {
                     throw new Error(`ATXP: resource server ${error.url} is requesting to use ${authorizationUrl} which is not in the allowed list of authorization servers ${this.allowedAuthorizationServers.join(', ')}`);
                 }
                 try {
                     const redirectUrl = await this.makeAuthRequestWithPaymentMaker(authorizationUrl, paymentMaker);
                     // Handle the OAuth callback
-                    await this.oauthClient.handleCallback(redirectUrl);
+                    const oauthClient = await this.getOAuthClient();
+                    await oauthClient.handleCallback(redirectUrl);
                     // Call onAuthorize callback after successful authorization
+                    const accountId = await this.account.getAccountId();
                     await this.onAuthorize({
                         authorizationServer: authorizationUrl.origin,
-                        userId: this.account.accountId
+                        userId: accountId
                     });
                 }
                 catch (authError) {
                     // Call onAuthorizeFailure callback if authorization fails
+                    const accountId = await this.account.getAccountId();
                     await this.onAuthorizeFailure({
                         authorizationServer: authorizationUrl.origin,
-                        userId: this.account.accountId,
+                        userId: accountId,
                         error: authError
                     });
                     throw authError;
                 }
             }
             else {
-                // Else, we'll see if we've already got an OAuth token from OUR caller (if any). 
+                // Else, we'll see if we've already got an OAuth token from OUR caller (if any).
                 // If we do, we'll use it to auth to the downstream resource
                 // (In pass-through scenarios, the atxpServer() middleware stores the incoming
                 // token in the DB under the '' resource URL).
-                const existingToken = await this.db.getAccessToken(this.account.accountId, '');
+                const accountId = await this.account.getAccountId();
+                const existingToken = await this.db.getAccessToken(accountId, '');
                 if (!existingToken) {
                     this.logger.info(`ATXP: no token found for the current server - we can't exchange a token if we don't have one`);
                     throw error;
                 }
                 const newToken = await this.exchangeToken(existingToken, error.resourceServerUrl);
-                this.db.saveAccessToken(this.account.accountId, error.resourceServerUrl, newToken);
+                this.db.saveAccessToken(accountId, error.resourceServerUrl, newToken);
             }
         };
         this.exchangeToken = async (myToken, newResourceUrl) => {
@@ -808,9 +816,10 @@ class ATXPFetcher {
         this.fetch = async (url, init) => {
             let response = null;
             let fetchError = null;
+            const oauthClient = await this.getOAuthClient();
             try {
                 // Try to fetch the resource
-                response = await this.oauthClient.fetch(url, init);
+                response = await oauthClient.fetch(url, init);
                 await this.checkForATXPResponse(response);
                 return response;
             }
@@ -822,7 +831,7 @@ class ATXPFetcher {
                     await this.authToService(error);
                     try {
                         // Retry the request once - we should be auth'd now
-                        response = await this.oauthClient.fetch(url, init);
+                        response = await oauthClient.fetch(url, init);
                         await this.checkForATXPResponse(response);
                         return response;
                     }
@@ -838,7 +847,7 @@ class ATXPFetcher {
                     this.logger.info(`Payment required - ATXP client starting payment flow ${mcpError?.data?.paymentRequestUrl}`);
                     if (await this.handlePaymentRequestError(mcpError)) {
                         // Retry the request once - we should be auth'd now
-                        response = await this.oauthClient.fetch(url, init);
+                        response = await oauthClient.fetch(url, init);
                         await this.checkForATXPResponse(response);
                     }
                     else {
@@ -857,26 +866,15 @@ class ATXPFetcher {
         };
         const { account, db, destinationMakers, fetchFn = fetch, sideChannelFetch = fetchFn, strict = true, allowInsecureRequests = process.env.NODE_ENV === 'development', allowedAuthorizationServers = [DEFAULT_AUTHORIZATION_SERVER], approvePayment = async () => true, logger = new ConsoleLogger(), onAuthorize = async () => { }, onAuthorizeFailure = async () => { }, onPayment = async () => { }, onPaymentFailure, onPaymentAttemptFailed } = config;
         // Use React Native safe fetch if in React Native environment
-        const safeFetchFn = getIsReactNative() ? createReactNativeSafeFetch(fetchFn) : fetchFn;
+        this.safeFetchFn = getIsReactNative() ? createReactNativeSafeFetch(fetchFn) : fetchFn;
         const safeSideChannelFetch = getIsReactNative() ? createReactNativeSafeFetch(sideChannelFetch) : sideChannelFetch;
-        // ATXPClient should never actually use the callback url - instead of redirecting the user to
-        // an authorization url which redirects back to the callback url, ATXPClient posts the payment
-        // directly to the authorization server, then does the token exchange itself
-        this.oauthClient = new OAuthClient({
-            userId: account.accountId,
-            db,
-            callbackUrl: 'http://localhost:3000/unused-dummy-atxp-callback',
-            isPublic: false,
-            fetchFn: safeFetchFn,
-            sideChannelFetch: safeSideChannelFetch,
-            strict,
-            allowInsecureRequests,
-            logger: logger
-        });
+        // OAuthClient is initialized lazily in getOAuthClient() since it needs async accountId
         this.account = account;
         this.destinationMakers = destinationMakers;
         this.sideChannelFetch = safeSideChannelFetch;
         this.db = db;
+        this.strict = strict;
+        this.allowInsecureRequests = allowInsecureRequests;
         this.allowedAuthorizationServers = allowedAuthorizationServers;
         this.approvePayment = approvePayment;
         this.logger = logger;
@@ -886,6 +884,27 @@ class ATXPFetcher {
         this.onPaymentFailure = onPaymentFailure || this.defaultPaymentFailureHandler;
         this.onPaymentAttemptFailed = onPaymentAttemptFailed;
     }
+    /**
+     * Get or create the OAuthClient (lazy initialization to support async accountId)
+     */
+    async getOAuthClient() {
+        if (this.oauthClient) {
+            return this.oauthClient;
+        }
+        const accountId = await this.account.getAccountId();
+        this.oauthClient = new OAuthClient({
+            userId: accountId,
+            db: this.db,
+            callbackUrl: 'http://localhost:3000/unused-dummy-atxp-callback',
+            isPublic: false,
+            fetchFn: this.safeFetchFn,
+            sideChannelFetch: this.sideChannelFetch,
+            strict: this.strict,
+            allowInsecureRequests: this.allowInsecureRequests,
+            logger: this.logger
+        });
+        return this.oauthClient;
+    }
 }
 
 var util$1;