npm - @bcis/sdk - Versions diffs - 0.1.0 → 0.1.2 - Mend

@bcis/sdk 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -1,7 +1,5 @@
 # @bcis/sdk
-> **Auto-generated** — re-run `npm run generate` in the `sdk-generator` project to update this file.
 Type-safe TypeScript SDK for the [BCIS (Building Cost Information Service)](https://bcis.co.uk) APIs.
 Supports both **ESM** and **CommonJS** environments with full TypeScript declarations.

package/dist/index.d.mts CHANGED Viewed

@@ -6,23 +6,43 @@ interface ClientCredentialsConfig {
     clientId: string;
     /** OAuth2 client secret */
     clientSecret: string;
-    /** Token endpoint URL, e.g. 'https://auth.bcis.co.uk/oauth/token' */
-    tokenUrl: string;
+    /**
+     * Token endpoint URL.
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    tokenUrl?: string;
     /** Space-separated or array of OAuth2 scopes to request */
     scopes?: string[];
+    /**
+     * OpenID Connect discovery URL used to resolve endpoints when `tokenUrl` is not set.
+     * Defaults to `https://id.bcis.co.uk/.well-known/openid-configuration`.
+     */
+    discoveryUrl?: string;
 }
 interface AuthorizationCodeConfig {
     flow: 'authorization-code';
     /** OAuth2 client ID */
     clientId: string;
-    /** Token endpoint URL */
-    tokenUrl: string;
-    /** Authorization endpoint URL (where users are redirected to log in) */
-    authorizationUrl: string;
+    /**
+     * Token endpoint URL.
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    tokenUrl?: string;
+    /**
+     * Authorization endpoint URL (where users are redirected to log in).
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    authorizationUrl?: string;
     /** Redirect URI registered with the OAuth2 provider */
     redirectUri: string;
     /** Scopes to request */
     scopes?: string[];
+    /**
+     * OpenID Connect discovery URL used to resolve endpoints when `tokenUrl` or
+     * `authorizationUrl` are not set.
+     * Defaults to `https://id.bcis.co.uk/.well-known/openid-configuration`.
+     */
+    discoveryUrl?: string;
 }
 /** Standard OAuth2 token response */
 interface TokenResponse {
@@ -40,24 +60,25 @@ interface TokenResponse {
  * - Client Credentials flow (server-to-server, fully automatic)
  * - Authorization Code + PKCE flow (user-facing applications)
  *
- * @example Client Credentials
+ * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are
+ * resolved automatically from the BCIS OpenID Connect discovery document at
+ * `https://id.bcis.co.uk/.well-known/openid-configuration`.
+ *
+ * @example Client Credentials (auto-discovered endpoints)
  * ```ts
  * const auth = new AuthManager({
  *   flow: 'client-credentials',
  *   clientId: 'my-id',
  *   clientSecret: 'my-secret',
- *   tokenUrl: 'https://auth.bcis.co.uk/oauth/token',
  * });
  * const token = await auth.getAccessToken();
  * ```
  *
- * @example Authorization Code
+ * @example Authorization Code (auto-discovered endpoints)
  * ```ts
  * const auth = new AuthManager({
  *   flow: 'authorization-code',
  *   clientId: 'my-id',
- *   tokenUrl: 'https://auth.bcis.co.uk/oauth/token',
- *   authorizationUrl: 'https://auth.bcis.co.uk/authorize',
  *   redirectUri: 'https://myapp.com/callback',
  *   scopes: ['openid', 'profile'],
  * });
@@ -78,6 +99,8 @@ declare class AuthManager {
     private readonly store;
     /** Pending token fetch promise to prevent concurrent requests */
     private inflight;
+    /** Cached resolved endpoints (populated lazily from OIDC discovery) */
+    private endpoints;
     constructor(config: AuthConfig);
     /**
      * Returns a valid access token, fetching or refreshing as needed.
@@ -103,6 +126,11 @@ declare class AuthManager {
     handleCallback(code: string, codeVerifier: string): Promise<void>;
     /** Clears all stored tokens. */
     clearTokens(): void;
+    /**
+     * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document
+     * if either URL is absent from the config. Result is cached after the first call.
+     */
+    private resolveEndpoints;
     private refresh;
 }
@@ -288,7 +316,10 @@ interface CodesUpdateParams {
 }
 declare class CoreApiClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** abp-retrieve */
     abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto>;
     /** indices-retrieve */
@@ -362,7 +393,10 @@ interface ReportUsageParams {
 }
 declare class ResidentialRebuildClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** rbls-calculate */
     calculate(params: CalculateParams): Promise<CalculationResponse>;
     /** rbls-report-use */
@@ -590,7 +624,10 @@ interface GetBuildUpParams {
 }
 declare class ScheduleOfRatesClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** Lists books and editions available to user */
     getBooksEdition(): Promise<EditionsDto>;
     /** Lists matching rates */

package/dist/index.d.ts CHANGED Viewed

@@ -6,23 +6,43 @@ interface ClientCredentialsConfig {
     clientId: string;
     /** OAuth2 client secret */
     clientSecret: string;
-    /** Token endpoint URL, e.g. 'https://auth.bcis.co.uk/oauth/token' */
-    tokenUrl: string;
+    /**
+     * Token endpoint URL.
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    tokenUrl?: string;
     /** Space-separated or array of OAuth2 scopes to request */
     scopes?: string[];
+    /**
+     * OpenID Connect discovery URL used to resolve endpoints when `tokenUrl` is not set.
+     * Defaults to `https://id.bcis.co.uk/.well-known/openid-configuration`.
+     */
+    discoveryUrl?: string;
 }
 interface AuthorizationCodeConfig {
     flow: 'authorization-code';
     /** OAuth2 client ID */
     clientId: string;
-    /** Token endpoint URL */
-    tokenUrl: string;
-    /** Authorization endpoint URL (where users are redirected to log in) */
-    authorizationUrl: string;
+    /**
+     * Token endpoint URL.
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    tokenUrl?: string;
+    /**
+     * Authorization endpoint URL (where users are redirected to log in).
+     * If omitted, it is resolved from `discoveryUrl` (defaults to the BCIS identity provider).
+     */
+    authorizationUrl?: string;
     /** Redirect URI registered with the OAuth2 provider */
     redirectUri: string;
     /** Scopes to request */
     scopes?: string[];
+    /**
+     * OpenID Connect discovery URL used to resolve endpoints when `tokenUrl` or
+     * `authorizationUrl` are not set.
+     * Defaults to `https://id.bcis.co.uk/.well-known/openid-configuration`.
+     */
+    discoveryUrl?: string;
 }
 /** Standard OAuth2 token response */
 interface TokenResponse {
@@ -40,24 +60,25 @@ interface TokenResponse {
  * - Client Credentials flow (server-to-server, fully automatic)
  * - Authorization Code + PKCE flow (user-facing applications)
  *
- * @example Client Credentials
+ * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are
+ * resolved automatically from the BCIS OpenID Connect discovery document at
+ * `https://id.bcis.co.uk/.well-known/openid-configuration`.
+ *
+ * @example Client Credentials (auto-discovered endpoints)
  * ```ts
  * const auth = new AuthManager({
  *   flow: 'client-credentials',
  *   clientId: 'my-id',
  *   clientSecret: 'my-secret',
- *   tokenUrl: 'https://auth.bcis.co.uk/oauth/token',
  * });
  * const token = await auth.getAccessToken();
  * ```
  *
- * @example Authorization Code
+ * @example Authorization Code (auto-discovered endpoints)
  * ```ts
  * const auth = new AuthManager({
  *   flow: 'authorization-code',
  *   clientId: 'my-id',
- *   tokenUrl: 'https://auth.bcis.co.uk/oauth/token',
- *   authorizationUrl: 'https://auth.bcis.co.uk/authorize',
  *   redirectUri: 'https://myapp.com/callback',
  *   scopes: ['openid', 'profile'],
  * });
@@ -78,6 +99,8 @@ declare class AuthManager {
     private readonly store;
     /** Pending token fetch promise to prevent concurrent requests */
     private inflight;
+    /** Cached resolved endpoints (populated lazily from OIDC discovery) */
+    private endpoints;
     constructor(config: AuthConfig);
     /**
      * Returns a valid access token, fetching or refreshing as needed.
@@ -103,6 +126,11 @@ declare class AuthManager {
     handleCallback(code: string, codeVerifier: string): Promise<void>;
     /** Clears all stored tokens. */
     clearTokens(): void;
+    /**
+     * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document
+     * if either URL is absent from the config. Result is cached after the first call.
+     */
+    private resolveEndpoints;
     private refresh;
 }
@@ -288,7 +316,10 @@ interface CodesUpdateParams {
 }
 declare class CoreApiClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** abp-retrieve */
     abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto>;
     /** indices-retrieve */
@@ -362,7 +393,10 @@ interface ReportUsageParams {
 }
 declare class ResidentialRebuildClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** rbls-calculate */
     calculate(params: CalculateParams): Promise<CalculationResponse>;
     /** rbls-report-use */
@@ -590,7 +624,10 @@ interface GetBuildUpParams {
 }
 declare class ScheduleOfRatesClient {
     private readonly client;
-    constructor(auth: AuthManager);
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
     /** Lists books and editions available to user */
     getBooksEdition(): Promise<EditionsDto>;
     /** Lists matching rates */

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,3 @@
-'use strict';var l=class{constructor(){this.token=null;}store(e){let r=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:r,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let r=await fetch(t.tokenUrl,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let n=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${n?` \u2014 ${n}`:""}`)}return r.json()}function b(){let t=new Uint8Array(32);return crypto.getRandomValues(t),y(t)}async function A(t){let r=new TextEncoder().encode(t),n=await crypto.subtle.digest("SHA-256",r);return y(new Uint8Array(n))}function y(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function k(t,e){let r=b(),n=await A(r),s=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:n,code_challenge_method:"S256"});return t.scopes&&t.scopes.length>0&&s.set("scope",t.scopes.join(" ")),e&&s.set("state",e),{url:`${t.authorizationUrl}?${s.toString()}`,codeVerifier:r}}async function R(t,e,r){let n=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:r});return C(t.tokenUrl,n)}async function w(t,e){let r=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e});return C(t.tokenUrl,r)}async function C(t,e){let r=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let n=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${n?` \u2014 ${n}`:""}`)}return r.json()}var d=class{constructor(e){this.config=e;this.store=new l;this.inflight=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");return k(this.config,e)}async handleCallback(e,r){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let n=await R(this.config,e,r);this.store.store(n);}clearTokens(){this.store.clear();}async refresh(){if(this.config.flow==="client-credentials"){let r=await m(this.config);this.store.store(r);return}let e=this.store.getRefreshToken();if(e){let r=await w(this.config,e);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(r,n,s){super(`BCIS API error ${r} ${n}`);this.status=r;this.statusText=n;this.body=s;this.name="BcisApiError";}},o=class{constructor(e){this.auth=e;}async get(e,r,n={}){let s=await this.auth.getAccessToken(),u=new URL(e+r);for(let[a,c]of Object.entries(n))if(c!=null)if(Array.isArray(c))for(let P of c)u.searchParams.append(a,String(P));else u.searchParams.set(a,String(c));let i=await fetch(u.toString(),{method:"GET",headers:{Authorization:`Bearer ${s}`,Accept:"application/json"}});if(!i.ok){let a;try{a=await i.json();}catch{a=await i.text();}throw new p(i.status,i.statusText,a)}return i.json()}};var h=class{constructor(e){this.client=new o(e);}async abpRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/tps-retrieve",e)}async codesUpdate(e){return this.client.get("https://api.bcis.co.uk/core-apis","/codes-update",e)}};var g=class{constructor(e){this.client=new o(e);}async calculate(e){return this.client.get("https://api.bcis.co.uk/residential-rebuild-calculator","/rbls-calculate",e)}async reportUsage(e){return this.client.get("https://api.bcis.co.uk/residential-rebuild-calculator","/rbls-report-use",e)}};var f=class{constructor(e){this.client=new o(e);}async getBooksEdition(){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-books-edition",{})}async getRates(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-rates",e)}async getResources(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-resources",e)}async getBuildUp(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-build-up",e)}};
+'use strict';var u=class{constructor(){this.token=null;}store(e){let n=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:n,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let n=t.tokenUrl;if(!n)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let t=new Uint8Array(32);return crypto.getRandomValues(t),k(t)}async function x(t){let n=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",n);return k(new Uint8Array(r))}function k(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function y(t,e){let n=A(),r=await x(n),o=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:r,code_challenge_method:"S256"});t.scopes&&t.scopes.length>0&&o.set("scope",t.scopes.join(" ")),e&&o.set("state",e);let i=t.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:n}}async function w(t,e,n){let r=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:n}),o=t.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(t,e){let n=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e}),r=t.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,n)}async function U(t,e){let n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!n.ok){let r=await n.text().catch(()=>"");throw new Error(`Token request failed: ${n.status} ${n.statusText}${r?` \u2014 ${r}`:""}`)}return n.json()}var T="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function b(t=T){let e=C.get(t);if(e)return e;let n=await fetch(t);if(!n.ok)throw new Error(`OIDC discovery failed: ${n.status} ${n.statusText} (${t})`);let r=await n.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${t} is missing required endpoints`);return C.set(t,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let n=await this.resolveEndpoints();return y({...this.config,...n},e)}async handleCallback(e,n){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await w({...this.config,...r},e,n);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await b(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await m({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let n=this.store.getRefreshToken();if(n){let r=await R({...this.config,...e},n);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(n,r,o){super(`BCIS API error ${n} ${r}`);this.status=n;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,n,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+n);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let P of l)i.searchParams.append(c,String(P));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var f=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
 exports.AuthManager=d;exports.BcisApiError=p;exports.CoreApiClient=h;exports.ResidentialRebuildClient=g;exports.ScheduleOfRatesClient=f;//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","tokenUrl","AuthManager","token","tokenResponse","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"aAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,IAAA,CAAQ,MAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,EAAS,UAAA,EAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,IAAA,CAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,aAAA,EAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,WAAA,EAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,KAAK,KAAA,CACN,IAAA,CAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,SAAA,CAAYA,CAAAA,CAAgB,IAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,EAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,CAAAA,CAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,CAAAA,CAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAMJ,EAAW,MAAM,KAAA,CAAMI,CAAAA,CAAO,QAAA,CAAU,CAC5C,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMC,EAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMM,CAAAA,CAAO,MAAMN,CAAAA,CAAS,IAAA,GAAO,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGM,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAON,CAAAA,CAAS,IAAA,EAClB,CCzBO,SAASO,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,UAAA,CAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,WAAA,EAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,CAAAA,CAAS,MAAM,MAAA,CAAO,OAAO,MAAA,CAAO,SAAA,CAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,EAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,YAAA,CAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBZ,CAAAA,CACAa,EACgD,CAChD,IAAMC,CAAAA,CAAeX,CAAAA,EAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,cAAe,MAAA,CACf,SAAA,CAAWhB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,cAAA,CAAgBe,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,CAAA,CAED,OAAIf,EAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CgB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAAShB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCa,GACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAGpB,CACL,GAAA,CAAK,CAAA,EAAGb,CAAAA,CAAO,gBAAgB,CAAA,CAAA,EAAIgB,CAAAA,CAAO,QAAA,EAAU,GACpD,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBG,CAAAA,CACpBjB,CAAAA,CACAkB,CAAAA,CACAJ,CAAAA,CACwB,CACxB,IAAMb,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAkB,CAAAA,CACA,aAAA,CAAeJ,CACjB,CAAC,CAAA,CAED,OAAOK,CAAAA,CAAanB,CAAAA,CAAO,QAAA,CAAUC,CAAI,CAC3C,CAKA,eAAsBmB,CAAAA,CACpBpB,CAAAA,CACAqB,CAAAA,CACwB,CACxB,IAAMpB,CAAAA,CAAO,IAAI,gBAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,cAAeqB,CACjB,CAAC,CAAA,CAED,OAAOF,CAAAA,CAAanB,CAAAA,CAAO,SAAUC,CAAI,CAC3C,CAEA,eAAekB,CAAAA,CACbG,CAAAA,CACArB,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAM0B,CAAAA,CAAU,CACrC,OAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMrB,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,EAAS,EAAA,CAAI,CAChB,IAAMM,CAAAA,CAAO,MAAMN,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,MACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGM,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAON,CAAAA,CAAS,IAAA,EAClB,CCnEO,IAAM2B,CAAAA,CAAN,KAAkB,CAKvB,WAAA,CAA6BvB,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAJ7B,KAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAES,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,IAAA,CAAK,KAAA,CAAM,WAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,QAAA,CACJ,IAAA,CAAK,KAAA,CAAM,gBAAe,CAGnC,IAAA,CAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,KAAK,QAAA,CAAW,KAClB,CAEA,IAAM6B,CAAAA,CAAQ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBX,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,CAAA,CAErF,OAAOD,CAAAA,CAAsB,IAAA,CAAK,MAAA,CAAQC,CAAK,CACjD,CAOA,MAAM,cAAA,CAAeK,CAAAA,CAAcJ,EAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMW,CAAAA,CAAgB,MAAMR,CAAAA,CAAa,IAAA,CAAK,MAAA,CAAQC,CAAAA,CAAMJ,CAAY,CAAA,CACxE,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMW,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,KAAK,KAAA,CAAM,KAAA,GACb,CAEA,MAAc,OAAA,EAAyB,CACrC,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CAAsB,CAC7C,IAAMA,EAAgB,MAAM1B,CAAAA,CAA4B,IAAA,CAAK,MAAM,CAAA,CACnE,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM0B,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMJ,CAAAA,CAAe,KAAK,KAAA,CAAM,eAAA,EAAgB,CAChD,GAAIA,CAAAA,CAAc,CAChB,IAAMI,CAAAA,CAAgB,MAAML,CAAAA,CAC1B,IAAA,CAAK,MAAA,CACLC,CACF,EACA,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMI,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,MCrIaC,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,CAAAA,CACAC,CAAAA,CACA3B,CAAAA,CAChB,CACA,KAAA,CAAM,CAAA,eAAA,EAAkB0B,CAAM,CAAA,CAAA,EAAIC,CAAU,EAAE,CAAA,CAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAA3B,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQa4B,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAhB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMQ,CAAAA,CAAQ,MAAM,IAAA,CAAK,IAAA,CAAK,cAAA,EAAe,CACvCS,CAAAA,CAAM,IAAI,GAAA,CAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,EAAKC,CAAK,CAAA,GAAK,MAAA,CAAO,OAAA,CAAQnB,CAAM,CAAA,CAC9C,GAA2BmB,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,OAAA,CAAQA,CAAK,CAAA,CACrB,QAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,CAAAA,CAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,CAAAA,CAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,OAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMvC,CAAAA,CAAW,MAAM,MAAMqC,CAAAA,CAAI,QAAA,EAAS,CAAG,CAC3C,MAAA,CAAQ,KAAA,CACR,QAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUT,CAAK,CAAA,CAAA,CAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAC5B,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,OACxB,CACA,MAAM,IAAI8B,CAAAA,CAAa9B,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,MAClB,CACF,ECZO,IAAMyC,CAAAA,CAAN,KAAoB,CAGzB,WAAA,CAAYP,CAAAA,CAAmB,CAC7B,IAAA,CAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,WAAA,CAAYd,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC1I,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,kCAAA,CAAoC,mBAAA,CAAqBA,CAA4C,CAClJ,CAGA,MAAM,YAAYA,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC1I,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAsB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC5I,CACF,EC5BO,IAAMsB,CAAAA,CAAN,KAA+B,CAGpC,WAAA,CAAYR,CAAAA,CAAmB,CAC7B,IAAA,CAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,SAAA,CAAUd,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,uDAAA,CAAyD,iBAAA,CAAmBA,CAA4C,CACtK,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAmB,uDAAA,CAAyD,kBAAA,CAAoBA,CAA4C,CACjK,CACF,EC/BO,IAAMuB,CAAAA,CAAN,KAA4B,CAGjC,WAAA,CAAYT,CAAAA,CAAmB,CAC7B,KAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAiB,0CAAA,CAA4C,qBAAsB,EAAE,CAC1G,CAGA,MAAM,QAAA,CAASd,CAAAA,CAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,0CAAA,CAA4C,YAAA,CAAcA,CAA4C,CACnJ,CAGA,MAAM,YAAA,CAAaA,CAAAA,CAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA4B,0CAAA,CAA4C,gBAAA,CAAkBA,CAA4C,CAC3J,CAGA,MAAM,UAAA,CAAWA,CAAAA,CAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA2B,0CAAA,CAA4C,eAAA,CAAiBA,CAA4C,CACzJ,CACF","file":"index.js","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. /\nexport class TokenStore {\n private token: StoredToken \| null = null;\n\n store(response: TokenResponse): void {\n const expiresAt =\n response.expires_in != null\n ? Date.now() + response.expires_in 1000\n : null;\n\n this.token = {\n accessToken: response.access_token,\n expiresAt,\n refreshToken: response.refresh_token ?? null,\n };\n }\n\n getAccessToken(): string \| null {\n return this.token?.accessToken ?? null;\n }\n\n getRefreshToken(): string \| null {\n return this.token?.refreshToken ?? null;\n }\n\n /*\n Returns true if there is no token or the token is within `bufferSeconds`\n * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n /\n isExpired(bufferSeconds = 30): boolean {\n if (!this.token) return true;\n if (this.token.expiresAt === null) return false;\n return Date.now() >= this.token.expiresAt - bufferSeconds 1000;\n }\n\n clear(): void {\n this.token = null;\n }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/*\n Fetches a new access token using the OAuth2 Client Credentials flow.\n /\nexport async function fetchClientCredentialsToken(\n config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'client_credentials',\n client_id: config.clientId,\n client_secret: config.clientSecret,\n });\n\n if (config.scopes && config.scopes.length > 0) {\n body.set('scope', config.scopes.join(' '));\n }\n\n const response = await fetch(config.tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/* Generates a cryptographically random PKCE code verifier (43-128 chars). /\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\n/* Derives a PKCE code challenge (S256) from a code verifier. /\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const digest = await crypto.subtle.digest('SHA-256', data);\n return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n const str = String.fromCharCode(...bytes);\n return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/\n Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n /\nexport async function getAuthorizationUrl(\n config: AuthorizationCodeConfig,\n state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n const params = new URLSearchParams({\n response_type: 'code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n });\n\n if (config.scopes && config.scopes.length > 0) {\n params.set('scope', config.scopes.join(' '));\n }\n\n if (state) {\n params.set('state', state);\n }\n\n return {\n url: `${config.authorizationUrl}?${params.toString()}`,\n codeVerifier,\n };\n}\n\n/\n Exchanges an authorization code for tokens.\n /\nexport async function exchangeCode(\n config: AuthorizationCodeConfig,\n code: string,\n codeVerifier: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code,\n code_verifier: codeVerifier,\n });\n\n return tokenRequest(config.tokenUrl, body);\n}\n\n/\n Refreshes an access token using a refresh token.\n /\nexport async function refreshAccessToken(\n config: AuthorizationCodeConfig,\n refreshToken: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: config.clientId,\n refresh_token: refreshToken,\n });\n\n return tokenRequest(config.tokenUrl, body);\n}\n\nasync function tokenRequest(\n tokenUrl: string,\n body: URLSearchParams\n): Promise<TokenResponse> {\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthConfig, AuthorizationCodeConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n getAuthorizationUrl as buildAuthorizationUrl,\n exchangeCode,\n refreshAccessToken,\n} from './authorization-code';\n\n/\n Centralized OAuth2 authentication manager.\n \n Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n \n @example Client Credentials\n * ```ts\n * const auth = new AuthManager({\n * flow: 'client-credentials',\n * clientId: 'my-id',\n * clientSecret: 'my-secret',\n * tokenUrl: 'https://auth.bcis.co.uk/oauth/token',\n * });\n * const token = await auth.getAccessToken();\n * ```\n \n @example Authorization Code\n * ```ts\n * const auth = new AuthManager({\n * flow: 'authorization-code',\n * clientId: 'my-id',\n * tokenUrl: 'https://auth.bcis.co.uk/oauth/token',\n * authorizationUrl: 'https://auth.bcis.co.uk/authorize',\n * redirectUri: 'https://myapp.com/callback',\n * scopes: ['openid', 'profile'],\n * });\n \n // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n \n // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n \n // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n /\nexport class AuthManager {\n private readonly store = new TokenStore();\n /* Pending token fetch promise to prevent concurrent requests /\n private inflight: Promise<void> \| null = null;\n\n constructor(private readonly config: AuthConfig) {}\n\n /\n Returns a valid access token, fetching or refreshing as needed.\n * For Client Credentials flow this is fully automatic.\n * For Authorization Code flow, `handleCallback` must have been called first.\n /\n async getAccessToken(): Promise<string> {\n if (!this.store.isExpired()) {\n return this.store.getAccessToken()!;\n }\n\n if (this.inflight) {\n await this.inflight;\n return this.store.getAccessToken()!;\n }\n\n this.inflight = this.refresh();\n try {\n await this.inflight;\n } finally {\n this.inflight = null;\n }\n\n const token = this.store.getAccessToken();\n if (!token) throw new Error('Failed to obtain access token');\n return token;\n }\n\n /\n Authorization Code flow only.\n * Builds and returns the authorization URL to redirect the user to.\n * The returned `codeVerifier` must be persisted (e.g. in session storage)\n * and passed to `handleCallback`.\n /\n async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n }\n return buildAuthorizationUrl(this.config, state);\n }\n\n /\n Authorization Code flow only.\n * Exchanges the authorization code (from the redirect callback) for tokens\n * and stores them internally.\n /\n async handleCallback(code: string, codeVerifier: string): Promise<void> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('handleCallback is only available for authorization-code flow');\n }\n const tokenResponse = await exchangeCode(this.config, code, codeVerifier);\n this.store.store(tokenResponse);\n }\n\n /* Clears all stored tokens. /\n clearTokens(): void {\n this.store.clear();\n }\n\n private async refresh(): Promise<void> {\n if (this.config.flow === 'client-credentials') {\n const tokenResponse = await fetchClientCredentialsToken(this.config);\n this.store.store(tokenResponse);\n return;\n }\n\n // Authorization Code flow: try refresh token first, else throw\n const refreshToken = this.store.getRefreshToken();\n if (refreshToken) {\n const tokenResponse = await refreshAccessToken(\n this.config as AuthorizationCodeConfig,\n refreshToken\n );\n this.store.store(tokenResponse);\n return;\n }\n\n throw new Error(\n 'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n );\n }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/* Thrown when an API response is not 2xx. /\nexport class BcisApiError extends Error {\n constructor(\n public readonly status: number,\n public readonly statusText: string,\n public readonly body: unknown\n ) {\n super(`BCIS API error ${status} ${statusText}`);\n this.name = 'BcisApiError';\n }\n}\n\n/\n Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n /\nexport class FetchClient {\n constructor(private readonly auth: AuthManager) {}\n\n async get<T>(\n baseUrl: string,\n path: string,\n params: Record<string, unknown> = {}\n ): Promise<T> {\n const token = await this.auth.getAccessToken();\n const url = new URL(baseUrl + path);\n\n for (const [key, value] of Object.entries(params)) {\n if (value === undefined \|\| value === null) continue;\n\n if (Array.isArray(value)) {\n for (const item of value) {\n url.searchParams.append(key, String(item));\n }\n } else {\n url.searchParams.set(key, String(value));\n }\n }\n\n const response = await fetch(url.toString(), {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${token}`,\n Accept: 'application/json',\n },\n });\n\n if (!response.ok) {\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n body = await response.text();\n }\n throw new BcisApiError(response.status, response.statusText, body);\n }\n\n return response.json() as Promise<T>;\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n /* When true, returns additional data for graph plotting. Default false. /\n 'include-data-for-graph'?: boolean;\n /* When true, includes sub-divided categories (e.g., size bands) in results. Default false. /\n 'include-subclasses'?: boolean;\n /* A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'building-function': string[];\n /* A list of type of work codes to filter the results by, the example contains all valid codes. /\n 'type-of-work': string[];\n /* A six-character code identifying the BCIS study /\n 'abp-study': 'ABPBUI' \| 'ABPFUN' \| 'ABPGRP' \| 'ABPEM2' \| 'ABPEUR' \| 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n /* Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. /\n 'base-of-series'?: string;\n /* Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. /\n regularity?: string[];\n /* Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. /\n 'end-date'?: string;\n /* Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. /\n 'start-date'?: string;\n /* Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n /* Supports suffixes to filter or refine the study data: - Level Filters: - `:region`, `:county`, `:district` - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices) - Postcode Filter: - `:postcode:<POSTCODE>` (no spaces) - Example: `location2000:postcode:SW1P3AD` - Cannot be combined with level filters. - Effective Date Filter: - `:EffectiveDate:<YYYYQn>` - Example: `location2000:EffectiveDate:2015Q2` - Can be combined with postcode or level filters. - Outcode List: - `:outcode` - Example: `location2000:outcode` - Not supported for 1980 boundaries or with EffectiveDate. `short-tps-name` is not case sensitive. For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. /\n 'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n /* A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. /\n 'if-changed-since'?: string;\n /* A version string to select relevant code tables. /\n version?: string;\n /* A string to select the code list required. The supported values are: - `seriesIdentification`: All regularity names (for `/indices-retrieve`) - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`) - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`) - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`) - `BuildingFunction:Categories`: List of building function categories - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`) - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`) - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`) The list of supported code types may be extended in the future. /\n 'code-type': 'shortTPSName' \| 'ABPStudy' \| 'BuildingFunction' \| 'BuildingFunction:Categories' \| 'BuildingFunction:[1-9]' \| 'BuildingFunction:Duration' \| 'BuildingFunction:Duration:Categories' \| 'BuildingFunction:Duration:[1-9]' \| 'BuildingFunction:ABP' \| 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* abp-retrieve /\n async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n return this.client.get<AbpResponseDto>('https://api.bcis.co.uk/core-apis', '/abp-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* indices-retrieve /\n async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n return this.client.get<IndicesResponseDto>('https://api.bcis.co.uk/core-apis', '/indices-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* tps-retrieve /\n async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n return this.client.get<TpsResponseDto>('https://api.bcis.co.uk/core-apis', '/tps-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* codes-update /\n async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n return this.client.get<CodesResponseDto>('https://api.bcis.co.uk/core-apis', '/codes-update', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n /* Postcode of the property /\n postCode: string;\n /* Type of the property /\n type: string;\n /* Number of storeys in the property /\n storeys: string;\n /* Style of the property: detached, terraced, etc /\n style: string;\n /* Type of the walls of the property /\n wallType: string;\n /* Type of the roof of the property /\n roofType?: string;\n /* Year the property was built /\n yearBuilt: number;\n /* Number of flats /\n noOfFlats?: number;\n /* Area of the property in sq.m. /\n area?: number;\n /* Number of rooms in the property /\n noOfRooms?: number;\n /* Number of bedrooms in the property /\n noOfBedrooms?: number;\n /* Number of garage spaces in the property /\n noOfGarageSpaces?: number;\n /* Number of bathrooms in the property /\n noOfBathrooms?: number;\n /* Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' /\n specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n /* First month of the usage report /\n startMonth?: string;\n /* Last month of the usage report /\n endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* rbls-calculate /\n async calculate(params: CalculateParams): Promise<CalculationResponse> {\n return this.client.get<CalculationResponse>('https://api.bcis.co.uk/residential-rebuild-calculator', '/rbls-calculate', params as unknown as Record<string, unknown>);\n }\n\n /* rbls-report-use /\n async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n return this.client.get<UsageResponse>('https://api.bcis.co.uk/residential-rebuild-calculator', '/rbls-report-use', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n /* Id as returned from GetRates or GetResources /\n 'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* Lists books and editions available to user /\n async getBooksEdition(): Promise<EditionsDto> {\n return this.client.get<EditionsDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-books-edition', {});\n }\n\n /* Lists matching rates /\n async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n return this.client.get<GetRateResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-rates', params as unknown as Record<string, unknown>);\n }\n\n /* Lists matching resources /\n async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n return this.client.get<GetResourceResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-resources', params as unknown as Record<string, unknown>);\n }\n\n /* Lists components of a rate or buildUp */\n async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n return this.client.get<GetBuildUpResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-build-up', params as unknown as Record<string, unknown>);\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"aAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,YAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,KAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,eAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,aAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,KAAA,CACN,KAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,UAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,EAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,EAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,WAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,aAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,EAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,UAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,aAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,CAAAA,CACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,eAAgBgB,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,EAEGhB,CAAAA,CAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,OAAS,CAAA,EAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,CAAAA,EACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAG3B,IAAMI,EAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,GAAGA,CAAO,CAAA,CAAA,EAAID,CAAAA,CAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,CAAAA,CACAoB,EACAL,CAAAA,CACwB,CACxB,IAAMd,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,CAAA,CAEKrB,CAAAA,CAAWF,CAAAA,CAAO,SACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,CAAAA,CACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,EAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,KAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,EAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,EAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,EAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,CAAAA,CAAyC,CAC5F,IAAMI,EAASH,CAAAA,CAAM,GAAA,CAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,EAAW,MAAM,KAAA,CAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,CAAAA,CAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,CAAA,uBAAA,EAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,EAAK,CAEpC,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,CAAA,CACvBA,CACT,CCiBO,IAAM6B,EAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAEzC,IAAA,CAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,KAAK,KAAA,CAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,SACJ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,KAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,IAAA,CAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,CAAAA,CAAQ,KAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,CAAA,CAC5DjB,CACF,CACF,CAOA,MAAM,cAAA,CAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,KAAK,gBAAA,EAAiB,CACxCC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,OAAoC,GAAGY,CAAU,CAAA,CAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMiB,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,IAAA,CAAK,UAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,MAAA,CAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,IAAA,CAAK,OAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,CAAAA,CAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,gBAAA,EAAoBC,CAAAA,CAAK,sBACjD,EACF,MACE,IAAA,CAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,QAAA,CACd,gBAAA,CAAkBA,CAAAA,CAAI,kBAAoB,EAC5C,CAAA,CAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAE9C,GAAI,IAAA,CAAK,MAAA,CAAO,OAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,KAAK,MAAA,CACT,QAAA,CAAUgC,CAAAA,CAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,eAAA,GAChC,GAAIA,CAAAA,CAAc,CAChB,IAAMS,EAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,KAAK,MAAA,CAAoC,GAAGS,CAAU,CAAA,CAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,EACAC,CAAAA,CACApC,CAAAA,CAChB,CACA,KAAA,CAAM,kBAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,EAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMa,CAAAA,CAAQ,MAAM,IAAA,CAAK,KAAK,cAAA,EAAe,CACvCY,CAAAA,CAAM,IAAI,IAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,OAAO,OAAA,CAAQ3B,CAAM,CAAA,CAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,QAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,GAAY,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,GAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,GAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,IAAA,EAClB,CACF,ECZO,IAAMkD,CAAAA,CAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAsB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,MC9Ba+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,EAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,QAAS,kBAAA,CAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMgC,CAAAA,CAAN,KAA4B,CAIjC,WAAA,CAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,SAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,IAAiB,IAAA,CAAK,OAAA,CAAS,oBAAA,CAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,EAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,YAAA,CAAcA,CAA4C,CACrH,CAGA,MAAM,YAAA,CAAaA,EAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,IAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.js","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. /\nexport class TokenStore {\n private token: StoredToken \| null = null;\n\n store(response: TokenResponse): void {\n const expiresAt =\n response.expires_in != null\n ? Date.now() + response.expires_in 1000\n : null;\n\n this.token = {\n accessToken: response.access_token,\n expiresAt,\n refreshToken: response.refresh_token ?? null,\n };\n }\n\n getAccessToken(): string \| null {\n return this.token?.accessToken ?? null;\n }\n\n getRefreshToken(): string \| null {\n return this.token?.refreshToken ?? null;\n }\n\n /*\n Returns true if there is no token or the token is within `bufferSeconds`\n * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n /\n isExpired(bufferSeconds = 30): boolean {\n if (!this.token) return true;\n if (this.token.expiresAt === null) return false;\n return Date.now() >= this.token.expiresAt - bufferSeconds 1000;\n }\n\n clear(): void {\n this.token = null;\n }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/*\n Fetches a new access token using the OAuth2 Client Credentials flow.\n /\nexport async function fetchClientCredentialsToken(\n config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'client_credentials',\n client_id: config.clientId,\n client_secret: config.clientSecret,\n });\n\n if (config.scopes && config.scopes.length > 0) {\n body.set('scope', config.scopes.join(' '));\n }\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/* Generates a cryptographically random PKCE code verifier (43-128 chars). /\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\n/* Derives a PKCE code challenge (S256) from a code verifier. /\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const digest = await crypto.subtle.digest('SHA-256', data);\n return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n const str = String.fromCharCode(...bytes);\n return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/\n Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n /\nexport async function getAuthorizationUrl(\n config: AuthorizationCodeConfig,\n state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n const params = new URLSearchParams({\n response_type: 'code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n });\n\n if (config.scopes && config.scopes.length > 0) {\n params.set('scope', config.scopes.join(' '));\n }\n\n if (state) {\n params.set('state', state);\n }\n\n const authUrl = config.authorizationUrl;\n if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n return {\n url: `${authUrl}?${params.toString()}`,\n codeVerifier,\n };\n}\n\n/\n Exchanges an authorization code for tokens.\n /\nexport async function exchangeCode(\n config: AuthorizationCodeConfig,\n code: string,\n codeVerifier: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code,\n code_verifier: codeVerifier,\n });\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n return tokenRequest(tokenUrl, body);\n}\n\n/\n Refreshes an access token using a refresh token.\n /\nexport async function refreshAccessToken(\n config: AuthorizationCodeConfig,\n refreshToken: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: config.clientId,\n refresh_token: refreshToken,\n });\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n tokenUrl: string,\n body: URLSearchParams\n): Promise<TokenResponse> {\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n token_endpoint: string;\n authorization_endpoint: string;\n [key: string]: unknown;\n}\n\n/* Module-level cache keyed by discovery URL /\nconst cache = new Map<string, OidcConfig>();\n\n/\n Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n /\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n const cached = cache.get(discoveryUrl);\n if (cached) return cached;\n\n const response = await fetch(discoveryUrl);\n if (!response.ok) {\n throw new Error(\n `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n );\n }\n\n const config = (await response.json()) as OidcConfig;\n\n if (!config.token_endpoint \|\| !config.authorization_endpoint) {\n throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n }\n\n cache.set(discoveryUrl, config);\n return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n getAuthorizationUrl as buildAuthorizationUrl,\n exchangeCode,\n refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/\n Centralized OAuth2 authentication manager.\n \n Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n \n Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n \n @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n * flow: 'client-credentials',\n * clientId: 'my-id',\n * clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n \n @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n * flow: 'authorization-code',\n * clientId: 'my-id',\n * redirectUri: 'https://myapp.com/callback',\n * scopes: ['openid', 'profile'],\n * });\n \n // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n \n // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n \n // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n /\nexport class AuthManager {\n private readonly store = new TokenStore();\n /* Pending token fetch promise to prevent concurrent requests /\n private inflight: Promise<void> \| null = null;\n /* Cached resolved endpoints (populated lazily from OIDC discovery) /\n private endpoints: { tokenUrl: string; authorizationUrl: string } \| null = null;\n\n constructor(private readonly config: AuthConfig) {}\n\n /\n Returns a valid access token, fetching or refreshing as needed.\n * For Client Credentials flow this is fully automatic.\n * For Authorization Code flow, `handleCallback` must have been called first.\n /\n async getAccessToken(): Promise<string> {\n if (!this.store.isExpired()) {\n return this.store.getAccessToken()!;\n }\n\n if (this.inflight) {\n await this.inflight;\n return this.store.getAccessToken()!;\n }\n\n this.inflight = this.refresh();\n try {\n await this.inflight;\n } finally {\n this.inflight = null;\n }\n\n const token = this.store.getAccessToken();\n if (!token) throw new Error('Failed to obtain access token');\n return token;\n }\n\n /\n Authorization Code flow only.\n * Builds and returns the authorization URL to redirect the user to.\n * The returned `codeVerifier` must be persisted (e.g. in session storage)\n * and passed to `handleCallback`.\n /\n async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n }\n const endpoints = await this.resolveEndpoints();\n return buildAuthorizationUrl(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n state\n );\n }\n\n /\n Authorization Code flow only.\n * Exchanges the authorization code (from the redirect callback) for tokens\n * and stores them internally.\n /\n async handleCallback(code: string, codeVerifier: string): Promise<void> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('handleCallback is only available for authorization-code flow');\n }\n const endpoints = await this.resolveEndpoints();\n const tokenResponse = await exchangeCode(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n code,\n codeVerifier\n );\n this.store.store(tokenResponse);\n }\n\n /* Clears all stored tokens. /\n clearTokens(): void {\n this.store.clear();\n }\n\n /\n Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n * if either URL is absent from the config. Result is cached after the first call.\n /\n private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n if (this.endpoints) return this.endpoints;\n\n const cfg = this.config as {\n tokenUrl?: string;\n authorizationUrl?: string;\n discoveryUrl?: string;\n };\n\n const needsDiscovery =\n !cfg.tokenUrl \|\|\n (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n if (needsDiscovery) {\n const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n this.endpoints = {\n tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n };\n } else {\n this.endpoints = {\n tokenUrl: cfg.tokenUrl!,\n authorizationUrl: cfg.authorizationUrl ?? '',\n };\n }\n\n return this.endpoints;\n }\n\n private async refresh(): Promise<void> {\n const endpoints = await this.resolveEndpoints();\n\n if (this.config.flow === 'client-credentials') {\n const tokenResponse = await fetchClientCredentialsToken({\n ...(this.config as ClientCredentialsConfig),\n tokenUrl: endpoints.tokenUrl,\n });\n this.store.store(tokenResponse);\n return;\n }\n\n // Authorization Code flow: try refresh token first, else throw\n const refreshToken = this.store.getRefreshToken();\n if (refreshToken) {\n const tokenResponse = await refreshAccessToken(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n refreshToken\n );\n this.store.store(tokenResponse);\n return;\n }\n\n throw new Error(\n 'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n );\n }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/* Thrown when an API response is not 2xx. /\nexport class BcisApiError extends Error {\n constructor(\n public readonly status: number,\n public readonly statusText: string,\n public readonly body: unknown\n ) {\n super(`BCIS API error ${status} ${statusText}`);\n this.name = 'BcisApiError';\n }\n}\n\n/\n Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n /\nexport class FetchClient {\n constructor(private readonly auth: AuthManager) {}\n\n async get<T>(\n baseUrl: string,\n path: string,\n params: Record<string, unknown> = {}\n ): Promise<T> {\n const token = await this.auth.getAccessToken();\n const url = new URL(baseUrl + path);\n\n for (const [key, value] of Object.entries(params)) {\n if (value === undefined \|\| value === null) continue;\n\n if (Array.isArray(value)) {\n for (const item of value) {\n url.searchParams.append(key, String(item));\n }\n } else {\n url.searchParams.set(key, String(value));\n }\n }\n\n const response = await fetch(url.toString(), {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${token}`,\n Accept: 'application/json',\n },\n });\n\n if (!response.ok) {\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n body = await response.text();\n }\n throw new BcisApiError(response.status, response.statusText, body);\n }\n\n return response.json() as Promise<T>;\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n /* When true, returns additional data for graph plotting. Default false. /\n 'include-data-for-graph'?: boolean;\n /* When true, includes sub-divided categories (e.g., size bands) in results. Default false. /\n 'include-subclasses'?: boolean;\n /* A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'building-function': string[];\n /* A list of type of work codes to filter the results by, the example contains all valid codes. /\n 'type-of-work': string[];\n /* A six-character code identifying the BCIS study /\n 'abp-study': 'ABPBUI' \| 'ABPFUN' \| 'ABPGRP' \| 'ABPEM2' \| 'ABPEUR' \| 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n /* Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. /\n 'base-of-series'?: string;\n /* Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. /\n regularity?: string[];\n /* Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. /\n 'end-date'?: string;\n /* Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. /\n 'start-date'?: string;\n /* Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n /* Supports suffixes to filter or refine the study data: - Level Filters: - `:region`, `:county`, `:district` - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices) - Postcode Filter: - `:postcode:<POSTCODE>` (no spaces) - Example: `location2000:postcode:SW1P3AD` - Cannot be combined with level filters. - Effective Date Filter: - `:EffectiveDate:<YYYYQn>` - Example: `location2000:EffectiveDate:2015Q2` - Can be combined with postcode or level filters. - Outcode List: - `:outcode` - Example: `location2000:outcode` - Not supported for 1980 boundaries or with EffectiveDate. `short-tps-name` is not case sensitive. For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. /\n 'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n /* A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. /\n 'if-changed-since'?: string;\n /* A version string to select relevant code tables. /\n version?: string;\n /* A string to select the code list required. The supported values are: - `seriesIdentification`: All regularity names (for `/indices-retrieve`) - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`) - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`) - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`) - `BuildingFunction:Categories`: List of building function categories - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`) - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`) - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`) The list of supported code types may be extended in the future. /\n 'code-type': 'shortTPSName' \| 'ABPStudy' \| 'BuildingFunction' \| 'BuildingFunction:Categories' \| 'BuildingFunction:[1-9]' \| 'BuildingFunction:Duration' \| 'BuildingFunction:Duration:Categories' \| 'BuildingFunction:Duration:[1-9]' \| 'BuildingFunction:ABP' \| 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n }\n\n /* abp-retrieve /\n async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* indices-retrieve /\n async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* tps-retrieve /\n async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* codes-update /\n async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n /* Postcode of the property /\n postCode: string;\n /* Type of the property /\n type: string;\n /* Number of storeys in the property /\n storeys: string;\n /* Style of the property: detached, terraced, etc /\n style: string;\n /* Type of the walls of the property /\n wallType: string;\n /* Type of the roof of the property /\n roofType?: string;\n /* Year the property was built /\n yearBuilt: number;\n /* Number of flats /\n noOfFlats?: number;\n /* Area of the property in sq.m. /\n area?: number;\n /* Number of rooms in the property /\n noOfRooms?: number;\n /* Number of bedrooms in the property /\n noOfBedrooms?: number;\n /* Number of garage spaces in the property /\n noOfGarageSpaces?: number;\n /* Number of bathrooms in the property /\n noOfBathrooms?: number;\n /* Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' /\n specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n /* First month of the usage report /\n startMonth?: string;\n /* Last month of the usage report /\n endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n }\n\n /* rbls-calculate /\n async calculate(params: CalculateParams): Promise<CalculationResponse> {\n return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n }\n\n /* rbls-report-use /\n async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n /* Id as returned from GetRates or GetResources /\n 'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n }\n\n /* Lists books and editions available to user /\n async getBooksEdition(): Promise<EditionsDto> {\n return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n }\n\n /* Lists matching rates /\n async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n }\n\n /* Lists matching resources /\n async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n }\n\n /* Lists components of a rate or buildUp */\n async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n }\n}\n"]}

package/dist/index.mjs CHANGED Viewed

@@ -1,3 +1,3 @@
-var l=class{constructor(){this.token=null;}store(e){let r=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:r,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let r=await fetch(t.tokenUrl,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let n=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${n?` \u2014 ${n}`:""}`)}return r.json()}function b(){let t=new Uint8Array(32);return crypto.getRandomValues(t),y(t)}async function A(t){let r=new TextEncoder().encode(t),n=await crypto.subtle.digest("SHA-256",r);return y(new Uint8Array(n))}function y(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function k(t,e){let r=b(),n=await A(r),s=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:n,code_challenge_method:"S256"});return t.scopes&&t.scopes.length>0&&s.set("scope",t.scopes.join(" ")),e&&s.set("state",e),{url:`${t.authorizationUrl}?${s.toString()}`,codeVerifier:r}}async function R(t,e,r){let n=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:r});return C(t.tokenUrl,n)}async function w(t,e){let r=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e});return C(t.tokenUrl,r)}async function C(t,e){let r=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let n=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${n?` \u2014 ${n}`:""}`)}return r.json()}var d=class{constructor(e){this.config=e;this.store=new l;this.inflight=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");return k(this.config,e)}async handleCallback(e,r){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let n=await R(this.config,e,r);this.store.store(n);}clearTokens(){this.store.clear();}async refresh(){if(this.config.flow==="client-credentials"){let r=await m(this.config);this.store.store(r);return}let e=this.store.getRefreshToken();if(e){let r=await w(this.config,e);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(r,n,s){super(`BCIS API error ${r} ${n}`);this.status=r;this.statusText=n;this.body=s;this.name="BcisApiError";}},o=class{constructor(e){this.auth=e;}async get(e,r,n={}){let s=await this.auth.getAccessToken(),u=new URL(e+r);for(let[a,c]of Object.entries(n))if(c!=null)if(Array.isArray(c))for(let P of c)u.searchParams.append(a,String(P));else u.searchParams.set(a,String(c));let i=await fetch(u.toString(),{method:"GET",headers:{Authorization:`Bearer ${s}`,Accept:"application/json"}});if(!i.ok){let a;try{a=await i.json();}catch{a=await i.text();}throw new p(i.status,i.statusText,a)}return i.json()}};var h=class{constructor(e){this.client=new o(e);}async abpRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get("https://api.bcis.co.uk/core-apis","/tps-retrieve",e)}async codesUpdate(e){return this.client.get("https://api.bcis.co.uk/core-apis","/codes-update",e)}};var g=class{constructor(e){this.client=new o(e);}async calculate(e){return this.client.get("https://api.bcis.co.uk/residential-rebuild-calculator","/rbls-calculate",e)}async reportUsage(e){return this.client.get("https://api.bcis.co.uk/residential-rebuild-calculator","/rbls-report-use",e)}};var f=class{constructor(e){this.client=new o(e);}async getBooksEdition(){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-books-edition",{})}async getRates(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-rates",e)}async getResources(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-resources",e)}async getBuildUp(e){return this.client.get("https://api.bcis.co.uk/schedule-of-rates","/get-build-up",e)}};
+var u=class{constructor(){this.token=null;}store(e){let n=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:n,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let n=t.tokenUrl;if(!n)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let t=new Uint8Array(32);return crypto.getRandomValues(t),k(t)}async function x(t){let n=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",n);return k(new Uint8Array(r))}function k(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function y(t,e){let n=A(),r=await x(n),o=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:r,code_challenge_method:"S256"});t.scopes&&t.scopes.length>0&&o.set("scope",t.scopes.join(" ")),e&&o.set("state",e);let i=t.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:n}}async function w(t,e,n){let r=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:n}),o=t.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(t,e){let n=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e}),r=t.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,n)}async function U(t,e){let n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!n.ok){let r=await n.text().catch(()=>"");throw new Error(`Token request failed: ${n.status} ${n.statusText}${r?` \u2014 ${r}`:""}`)}return n.json()}var T="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function b(t=T){let e=C.get(t);if(e)return e;let n=await fetch(t);if(!n.ok)throw new Error(`OIDC discovery failed: ${n.status} ${n.statusText} (${t})`);let r=await n.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${t} is missing required endpoints`);return C.set(t,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let n=await this.resolveEndpoints();return y({...this.config,...n},e)}async handleCallback(e,n){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await w({...this.config,...r},e,n);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await b(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await m({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let n=this.store.getRefreshToken();if(n){let r=await R({...this.config,...e},n);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(n,r,o){super(`BCIS API error ${n} ${r}`);this.status=n;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,n,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+n);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let P of l)i.searchParams.append(c,String(P));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var f=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
 export{d as AuthManager,p as BcisApiError,h as CoreApiClient,g as ResidentialRebuildClient,f as ScheduleOfRatesClient};//# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","tokenUrl","AuthManager","token","tokenResponse","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"AAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,IAAA,CAAQ,MAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,EAAS,UAAA,EAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,IAAA,CAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,aAAA,EAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,WAAA,EAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,KAAK,KAAA,CACN,IAAA,CAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,SAAA,CAAYA,CAAAA,CAAgB,IAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,EAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,CAAAA,CAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,CAAAA,CAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAMJ,EAAW,MAAM,KAAA,CAAMI,CAAAA,CAAO,QAAA,CAAU,CAC5C,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMC,EAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMM,CAAAA,CAAO,MAAMN,CAAAA,CAAS,IAAA,GAAO,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGM,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAON,CAAAA,CAAS,IAAA,EAClB,CCzBO,SAASO,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,UAAA,CAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,WAAA,EAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,CAAAA,CAAS,MAAM,MAAA,CAAO,OAAO,MAAA,CAAO,SAAA,CAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,EAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,YAAA,CAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBZ,CAAAA,CACAa,EACgD,CAChD,IAAMC,CAAAA,CAAeX,CAAAA,EAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,cAAe,MAAA,CACf,SAAA,CAAWhB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,cAAA,CAAgBe,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,CAAA,CAED,OAAIf,EAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CgB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAAShB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCa,GACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAGpB,CACL,GAAA,CAAK,CAAA,EAAGb,CAAAA,CAAO,gBAAgB,CAAA,CAAA,EAAIgB,CAAAA,CAAO,QAAA,EAAU,GACpD,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBG,CAAAA,CACpBjB,CAAAA,CACAkB,CAAAA,CACAJ,CAAAA,CACwB,CACxB,IAAMb,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAkB,CAAAA,CACA,aAAA,CAAeJ,CACjB,CAAC,CAAA,CAED,OAAOK,CAAAA,CAAanB,CAAAA,CAAO,QAAA,CAAUC,CAAI,CAC3C,CAKA,eAAsBmB,CAAAA,CACpBpB,CAAAA,CACAqB,CAAAA,CACwB,CACxB,IAAMpB,CAAAA,CAAO,IAAI,gBAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,cAAeqB,CACjB,CAAC,CAAA,CAED,OAAOF,CAAAA,CAAanB,CAAAA,CAAO,SAAUC,CAAI,CAC3C,CAEA,eAAekB,CAAAA,CACbG,CAAAA,CACArB,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAM0B,CAAAA,CAAU,CACrC,OAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMrB,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,EAAS,EAAA,CAAI,CAChB,IAAMM,CAAAA,CAAO,MAAMN,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,MACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGM,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAON,CAAAA,CAAS,IAAA,EAClB,CCnEO,IAAM2B,CAAAA,CAAN,KAAkB,CAKvB,WAAA,CAA6BvB,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAJ7B,KAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAES,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,IAAA,CAAK,KAAA,CAAM,WAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,QAAA,CACJ,IAAA,CAAK,KAAA,CAAM,gBAAe,CAGnC,IAAA,CAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,KAAK,QAAA,CAAW,KAClB,CAEA,IAAM6B,CAAAA,CAAQ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBX,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,CAAA,CAErF,OAAOD,CAAAA,CAAsB,IAAA,CAAK,MAAA,CAAQC,CAAK,CACjD,CAOA,MAAM,cAAA,CAAeK,CAAAA,CAAcJ,EAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMW,CAAAA,CAAgB,MAAMR,CAAAA,CAAa,IAAA,CAAK,MAAA,CAAQC,CAAAA,CAAMJ,CAAY,CAAA,CACxE,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMW,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,KAAK,KAAA,CAAM,KAAA,GACb,CAEA,MAAc,OAAA,EAAyB,CACrC,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CAAsB,CAC7C,IAAMA,EAAgB,MAAM1B,CAAAA,CAA4B,IAAA,CAAK,MAAM,CAAA,CACnE,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM0B,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMJ,CAAAA,CAAe,KAAK,KAAA,CAAM,eAAA,EAAgB,CAChD,GAAIA,CAAAA,CAAc,CAChB,IAAMI,CAAAA,CAAgB,MAAML,CAAAA,CAC1B,IAAA,CAAK,MAAA,CACLC,CACF,EACA,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMI,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,MCrIaC,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,CAAAA,CACAC,CAAAA,CACA3B,CAAAA,CAChB,CACA,KAAA,CAAM,CAAA,eAAA,EAAkB0B,CAAM,CAAA,CAAA,EAAIC,CAAU,EAAE,CAAA,CAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAA3B,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQa4B,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAhB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMQ,CAAAA,CAAQ,MAAM,IAAA,CAAK,IAAA,CAAK,cAAA,EAAe,CACvCS,CAAAA,CAAM,IAAI,GAAA,CAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,EAAKC,CAAK,CAAA,GAAK,MAAA,CAAO,OAAA,CAAQnB,CAAM,CAAA,CAC9C,GAA2BmB,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,OAAA,CAAQA,CAAK,CAAA,CACrB,QAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,CAAAA,CAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,CAAAA,CAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,OAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMvC,CAAAA,CAAW,MAAM,MAAMqC,CAAAA,CAAI,QAAA,EAAS,CAAG,CAC3C,MAAA,CAAQ,KAAA,CACR,QAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUT,CAAK,CAAA,CAAA,CAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAC5B,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,OACxB,CACA,MAAM,IAAI8B,CAAAA,CAAa9B,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,MAClB,CACF,ECZO,IAAMyC,CAAAA,CAAN,KAAoB,CAGzB,WAAA,CAAYP,CAAAA,CAAmB,CAC7B,IAAA,CAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,WAAA,CAAYd,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC1I,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,kCAAA,CAAoC,mBAAA,CAAqBA,CAA4C,CAClJ,CAGA,MAAM,YAAYA,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC1I,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAsB,kCAAA,CAAoC,eAAA,CAAiBA,CAA4C,CAC5I,CACF,EC5BO,IAAMsB,CAAAA,CAAN,KAA+B,CAGpC,WAAA,CAAYR,CAAAA,CAAmB,CAC7B,IAAA,CAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,SAAA,CAAUd,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,uDAAA,CAAyD,iBAAA,CAAmBA,CAA4C,CACtK,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAmB,uDAAA,CAAyD,kBAAA,CAAoBA,CAA4C,CACjK,CACF,EC/BO,IAAMuB,CAAAA,CAAN,KAA4B,CAGjC,WAAA,CAAYT,CAAAA,CAAmB,CAC7B,KAAK,MAAA,CAAS,IAAID,CAAAA,CAAYC,CAAI,EACpC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAiB,0CAAA,CAA4C,qBAAsB,EAAE,CAC1G,CAGA,MAAM,QAAA,CAASd,CAAAA,CAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,0CAAA,CAA4C,YAAA,CAAcA,CAA4C,CACnJ,CAGA,MAAM,YAAA,CAAaA,CAAAA,CAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA4B,0CAAA,CAA4C,gBAAA,CAAkBA,CAA4C,CAC3J,CAGA,MAAM,UAAA,CAAWA,CAAAA,CAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA2B,0CAAA,CAA4C,eAAA,CAAiBA,CAA4C,CACzJ,CACF","file":"index.mjs","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. /\nexport class TokenStore {\n private token: StoredToken \| null = null;\n\n store(response: TokenResponse): void {\n const expiresAt =\n response.expires_in != null\n ? Date.now() + response.expires_in 1000\n : null;\n\n this.token = {\n accessToken: response.access_token,\n expiresAt,\n refreshToken: response.refresh_token ?? null,\n };\n }\n\n getAccessToken(): string \| null {\n return this.token?.accessToken ?? null;\n }\n\n getRefreshToken(): string \| null {\n return this.token?.refreshToken ?? null;\n }\n\n /*\n Returns true if there is no token or the token is within `bufferSeconds`\n * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n /\n isExpired(bufferSeconds = 30): boolean {\n if (!this.token) return true;\n if (this.token.expiresAt === null) return false;\n return Date.now() >= this.token.expiresAt - bufferSeconds 1000;\n }\n\n clear(): void {\n this.token = null;\n }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/*\n Fetches a new access token using the OAuth2 Client Credentials flow.\n /\nexport async function fetchClientCredentialsToken(\n config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'client_credentials',\n client_id: config.clientId,\n client_secret: config.clientSecret,\n });\n\n if (config.scopes && config.scopes.length > 0) {\n body.set('scope', config.scopes.join(' '));\n }\n\n const response = await fetch(config.tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/* Generates a cryptographically random PKCE code verifier (43-128 chars). /\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\n/* Derives a PKCE code challenge (S256) from a code verifier. /\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const digest = await crypto.subtle.digest('SHA-256', data);\n return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n const str = String.fromCharCode(...bytes);\n return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/\n Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n /\nexport async function getAuthorizationUrl(\n config: AuthorizationCodeConfig,\n state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n const params = new URLSearchParams({\n response_type: 'code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n });\n\n if (config.scopes && config.scopes.length > 0) {\n params.set('scope', config.scopes.join(' '));\n }\n\n if (state) {\n params.set('state', state);\n }\n\n return {\n url: `${config.authorizationUrl}?${params.toString()}`,\n codeVerifier,\n };\n}\n\n/\n Exchanges an authorization code for tokens.\n /\nexport async function exchangeCode(\n config: AuthorizationCodeConfig,\n code: string,\n codeVerifier: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code,\n code_verifier: codeVerifier,\n });\n\n return tokenRequest(config.tokenUrl, body);\n}\n\n/\n Refreshes an access token using a refresh token.\n /\nexport async function refreshAccessToken(\n config: AuthorizationCodeConfig,\n refreshToken: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: config.clientId,\n refresh_token: refreshToken,\n });\n\n return tokenRequest(config.tokenUrl, body);\n}\n\nasync function tokenRequest(\n tokenUrl: string,\n body: URLSearchParams\n): Promise<TokenResponse> {\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthConfig, AuthorizationCodeConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n getAuthorizationUrl as buildAuthorizationUrl,\n exchangeCode,\n refreshAccessToken,\n} from './authorization-code';\n\n/\n Centralized OAuth2 authentication manager.\n \n Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n \n @example Client Credentials\n * ```ts\n * const auth = new AuthManager({\n * flow: 'client-credentials',\n * clientId: 'my-id',\n * clientSecret: 'my-secret',\n * tokenUrl: 'https://auth.bcis.co.uk/oauth/token',\n * });\n * const token = await auth.getAccessToken();\n * ```\n \n @example Authorization Code\n * ```ts\n * const auth = new AuthManager({\n * flow: 'authorization-code',\n * clientId: 'my-id',\n * tokenUrl: 'https://auth.bcis.co.uk/oauth/token',\n * authorizationUrl: 'https://auth.bcis.co.uk/authorize',\n * redirectUri: 'https://myapp.com/callback',\n * scopes: ['openid', 'profile'],\n * });\n \n // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n \n // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n \n // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n /\nexport class AuthManager {\n private readonly store = new TokenStore();\n /* Pending token fetch promise to prevent concurrent requests /\n private inflight: Promise<void> \| null = null;\n\n constructor(private readonly config: AuthConfig) {}\n\n /\n Returns a valid access token, fetching or refreshing as needed.\n * For Client Credentials flow this is fully automatic.\n * For Authorization Code flow, `handleCallback` must have been called first.\n /\n async getAccessToken(): Promise<string> {\n if (!this.store.isExpired()) {\n return this.store.getAccessToken()!;\n }\n\n if (this.inflight) {\n await this.inflight;\n return this.store.getAccessToken()!;\n }\n\n this.inflight = this.refresh();\n try {\n await this.inflight;\n } finally {\n this.inflight = null;\n }\n\n const token = this.store.getAccessToken();\n if (!token) throw new Error('Failed to obtain access token');\n return token;\n }\n\n /\n Authorization Code flow only.\n * Builds and returns the authorization URL to redirect the user to.\n * The returned `codeVerifier` must be persisted (e.g. in session storage)\n * and passed to `handleCallback`.\n /\n async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n }\n return buildAuthorizationUrl(this.config, state);\n }\n\n /\n Authorization Code flow only.\n * Exchanges the authorization code (from the redirect callback) for tokens\n * and stores them internally.\n /\n async handleCallback(code: string, codeVerifier: string): Promise<void> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('handleCallback is only available for authorization-code flow');\n }\n const tokenResponse = await exchangeCode(this.config, code, codeVerifier);\n this.store.store(tokenResponse);\n }\n\n /* Clears all stored tokens. /\n clearTokens(): void {\n this.store.clear();\n }\n\n private async refresh(): Promise<void> {\n if (this.config.flow === 'client-credentials') {\n const tokenResponse = await fetchClientCredentialsToken(this.config);\n this.store.store(tokenResponse);\n return;\n }\n\n // Authorization Code flow: try refresh token first, else throw\n const refreshToken = this.store.getRefreshToken();\n if (refreshToken) {\n const tokenResponse = await refreshAccessToken(\n this.config as AuthorizationCodeConfig,\n refreshToken\n );\n this.store.store(tokenResponse);\n return;\n }\n\n throw new Error(\n 'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n );\n }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/* Thrown when an API response is not 2xx. /\nexport class BcisApiError extends Error {\n constructor(\n public readonly status: number,\n public readonly statusText: string,\n public readonly body: unknown\n ) {\n super(`BCIS API error ${status} ${statusText}`);\n this.name = 'BcisApiError';\n }\n}\n\n/\n Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n /\nexport class FetchClient {\n constructor(private readonly auth: AuthManager) {}\n\n async get<T>(\n baseUrl: string,\n path: string,\n params: Record<string, unknown> = {}\n ): Promise<T> {\n const token = await this.auth.getAccessToken();\n const url = new URL(baseUrl + path);\n\n for (const [key, value] of Object.entries(params)) {\n if (value === undefined \|\| value === null) continue;\n\n if (Array.isArray(value)) {\n for (const item of value) {\n url.searchParams.append(key, String(item));\n }\n } else {\n url.searchParams.set(key, String(value));\n }\n }\n\n const response = await fetch(url.toString(), {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${token}`,\n Accept: 'application/json',\n },\n });\n\n if (!response.ok) {\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n body = await response.text();\n }\n throw new BcisApiError(response.status, response.statusText, body);\n }\n\n return response.json() as Promise<T>;\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n /* When true, returns additional data for graph plotting. Default false. /\n 'include-data-for-graph'?: boolean;\n /* When true, includes sub-divided categories (e.g., size bands) in results. Default false. /\n 'include-subclasses'?: boolean;\n /* A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'building-function': string[];\n /* A list of type of work codes to filter the results by, the example contains all valid codes. /\n 'type-of-work': string[];\n /* A six-character code identifying the BCIS study /\n 'abp-study': 'ABPBUI' \| 'ABPFUN' \| 'ABPGRP' \| 'ABPEM2' \| 'ABPEUR' \| 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n /* Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. /\n 'base-of-series'?: string;\n /* Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. /\n regularity?: string[];\n /* Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. /\n 'end-date'?: string;\n /* Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. /\n 'start-date'?: string;\n /* Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n /* Supports suffixes to filter or refine the study data: - Level Filters: - `:region`, `:county`, `:district` - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices) - Postcode Filter: - `:postcode:<POSTCODE>` (no spaces) - Example: `location2000:postcode:SW1P3AD` - Cannot be combined with level filters. - Effective Date Filter: - `:EffectiveDate:<YYYYQn>` - Example: `location2000:EffectiveDate:2015Q2` - Can be combined with postcode or level filters. - Outcode List: - `:outcode` - Example: `location2000:outcode` - Not supported for 1980 boundaries or with EffectiveDate. `short-tps-name` is not case sensitive. For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. /\n 'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n /* A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. /\n 'if-changed-since'?: string;\n /* A version string to select relevant code tables. /\n version?: string;\n /* A string to select the code list required. The supported values are: - `seriesIdentification`: All regularity names (for `/indices-retrieve`) - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`) - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`) - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`) - `BuildingFunction:Categories`: List of building function categories - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`) - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`) - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`) The list of supported code types may be extended in the future. /\n 'code-type': 'shortTPSName' \| 'ABPStudy' \| 'BuildingFunction' \| 'BuildingFunction:Categories' \| 'BuildingFunction:[1-9]' \| 'BuildingFunction:Duration' \| 'BuildingFunction:Duration:Categories' \| 'BuildingFunction:Duration:[1-9]' \| 'BuildingFunction:ABP' \| 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* abp-retrieve /\n async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n return this.client.get<AbpResponseDto>('https://api.bcis.co.uk/core-apis', '/abp-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* indices-retrieve /\n async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n return this.client.get<IndicesResponseDto>('https://api.bcis.co.uk/core-apis', '/indices-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* tps-retrieve /\n async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n return this.client.get<TpsResponseDto>('https://api.bcis.co.uk/core-apis', '/tps-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* codes-update /\n async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n return this.client.get<CodesResponseDto>('https://api.bcis.co.uk/core-apis', '/codes-update', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n /* Postcode of the property /\n postCode: string;\n /* Type of the property /\n type: string;\n /* Number of storeys in the property /\n storeys: string;\n /* Style of the property: detached, terraced, etc /\n style: string;\n /* Type of the walls of the property /\n wallType: string;\n /* Type of the roof of the property /\n roofType?: string;\n /* Year the property was built /\n yearBuilt: number;\n /* Number of flats /\n noOfFlats?: number;\n /* Area of the property in sq.m. /\n area?: number;\n /* Number of rooms in the property /\n noOfRooms?: number;\n /* Number of bedrooms in the property /\n noOfBedrooms?: number;\n /* Number of garage spaces in the property /\n noOfGarageSpaces?: number;\n /* Number of bathrooms in the property /\n noOfBathrooms?: number;\n /* Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' /\n specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n /* First month of the usage report /\n startMonth?: string;\n /* Last month of the usage report /\n endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* rbls-calculate /\n async calculate(params: CalculateParams): Promise<CalculationResponse> {\n return this.client.get<CalculationResponse>('https://api.bcis.co.uk/residential-rebuild-calculator', '/rbls-calculate', params as unknown as Record<string, unknown>);\n }\n\n /* rbls-report-use /\n async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n return this.client.get<UsageResponse>('https://api.bcis.co.uk/residential-rebuild-calculator', '/rbls-report-use', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n /* Id as returned from GetRates or GetResources /\n 'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n private readonly client: FetchClient;\n\n constructor(auth: AuthManager) {\n this.client = new FetchClient(auth);\n }\n\n /* Lists books and editions available to user /\n async getBooksEdition(): Promise<EditionsDto> {\n return this.client.get<EditionsDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-books-edition', {});\n }\n\n /* Lists matching rates /\n async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n return this.client.get<GetRateResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-rates', params as unknown as Record<string, unknown>);\n }\n\n /* Lists matching resources /\n async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n return this.client.get<GetResourceResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-resources', params as unknown as Record<string, unknown>);\n }\n\n /* Lists components of a rate or buildUp */\n async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n return this.client.get<GetBuildUpResponseDto>('https://api.bcis.co.uk/schedule-of-rates', '/get-build-up', params as unknown as Record<string, unknown>);\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"AAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,YAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,KAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,eAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,aAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,KAAA,CACN,KAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,UAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,EAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,EAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,WAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,aAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,EAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,UAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,aAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,CAAAA,CACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,eAAgBgB,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,EAEGhB,CAAAA,CAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,OAAS,CAAA,EAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,CAAAA,EACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAG3B,IAAMI,EAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,GAAGA,CAAO,CAAA,CAAA,EAAID,CAAAA,CAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,CAAAA,CACAoB,EACAL,CAAAA,CACwB,CACxB,IAAMd,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,CAAA,CAEKrB,CAAAA,CAAWF,CAAAA,CAAO,SACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,CAAAA,CACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,EAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,KAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,EAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,EAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,EAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,CAAAA,CAAyC,CAC5F,IAAMI,EAASH,CAAAA,CAAM,GAAA,CAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,EAAW,MAAM,KAAA,CAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,CAAAA,CAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,CAAA,uBAAA,EAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,EAAK,CAEpC,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,CAAA,CACvBA,CACT,CCiBO,IAAM6B,EAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAEzC,IAAA,CAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,KAAK,KAAA,CAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,SACJ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,KAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,IAAA,CAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,CAAAA,CAAQ,KAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,CAAA,CAC5DjB,CACF,CACF,CAOA,MAAM,cAAA,CAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,KAAK,gBAAA,EAAiB,CACxCC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,OAAoC,GAAGY,CAAU,CAAA,CAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMiB,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,IAAA,CAAK,UAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,MAAA,CAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,IAAA,CAAK,OAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,CAAAA,CAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,gBAAA,EAAoBC,CAAAA,CAAK,sBACjD,EACF,MACE,IAAA,CAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,QAAA,CACd,gBAAA,CAAkBA,CAAAA,CAAI,kBAAoB,EAC5C,CAAA,CAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAE9C,GAAI,IAAA,CAAK,MAAA,CAAO,OAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,KAAK,MAAA,CACT,QAAA,CAAUgC,CAAAA,CAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,eAAA,GAChC,GAAIA,CAAAA,CAAc,CAChB,IAAMS,EAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,KAAK,MAAA,CAAoC,GAAGS,CAAU,CAAA,CAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,EACAC,CAAAA,CACApC,CAAAA,CAChB,CACA,KAAA,CAAM,kBAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,EAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMa,CAAAA,CAAQ,MAAM,IAAA,CAAK,KAAK,cAAA,EAAe,CACvCY,CAAAA,CAAM,IAAI,IAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,OAAO,OAAA,CAAQ3B,CAAM,CAAA,CAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,QAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,GAAY,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,GAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,GAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,IAAA,EAClB,CACF,ECZO,IAAMkD,CAAAA,CAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAsB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,MC9Ba+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,EAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,QAAS,kBAAA,CAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMgC,CAAAA,CAAN,KAA4B,CAIjC,WAAA,CAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,SAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,IAAiB,IAAA,CAAK,OAAA,CAAS,oBAAA,CAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,EAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,YAAA,CAAcA,CAA4C,CACrH,CAGA,MAAM,YAAA,CAAaA,EAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,IAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.mjs","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. /\nexport class TokenStore {\n private token: StoredToken \| null = null;\n\n store(response: TokenResponse): void {\n const expiresAt =\n response.expires_in != null\n ? Date.now() + response.expires_in 1000\n : null;\n\n this.token = {\n accessToken: response.access_token,\n expiresAt,\n refreshToken: response.refresh_token ?? null,\n };\n }\n\n getAccessToken(): string \| null {\n return this.token?.accessToken ?? null;\n }\n\n getRefreshToken(): string \| null {\n return this.token?.refreshToken ?? null;\n }\n\n /*\n Returns true if there is no token or the token is within `bufferSeconds`\n * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n /\n isExpired(bufferSeconds = 30): boolean {\n if (!this.token) return true;\n if (this.token.expiresAt === null) return false;\n return Date.now() >= this.token.expiresAt - bufferSeconds 1000;\n }\n\n clear(): void {\n this.token = null;\n }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/*\n Fetches a new access token using the OAuth2 Client Credentials flow.\n /\nexport async function fetchClientCredentialsToken(\n config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'client_credentials',\n client_id: config.clientId,\n client_secret: config.clientSecret,\n });\n\n if (config.scopes && config.scopes.length > 0) {\n body.set('scope', config.scopes.join(' '));\n }\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/* Generates a cryptographically random PKCE code verifier (43-128 chars). /\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\n/* Derives a PKCE code challenge (S256) from a code verifier. /\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const digest = await crypto.subtle.digest('SHA-256', data);\n return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n const str = String.fromCharCode(...bytes);\n return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/\n Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n /\nexport async function getAuthorizationUrl(\n config: AuthorizationCodeConfig,\n state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n const params = new URLSearchParams({\n response_type: 'code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n });\n\n if (config.scopes && config.scopes.length > 0) {\n params.set('scope', config.scopes.join(' '));\n }\n\n if (state) {\n params.set('state', state);\n }\n\n const authUrl = config.authorizationUrl;\n if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n return {\n url: `${authUrl}?${params.toString()}`,\n codeVerifier,\n };\n}\n\n/\n Exchanges an authorization code for tokens.\n /\nexport async function exchangeCode(\n config: AuthorizationCodeConfig,\n code: string,\n codeVerifier: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n client_id: config.clientId,\n redirect_uri: config.redirectUri,\n code,\n code_verifier: codeVerifier,\n });\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n return tokenRequest(tokenUrl, body);\n}\n\n/\n Refreshes an access token using a refresh token.\n /\nexport async function refreshAccessToken(\n config: AuthorizationCodeConfig,\n refreshToken: string\n): Promise<TokenResponse> {\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: config.clientId,\n refresh_token: refreshToken,\n });\n\n const tokenUrl = config.tokenUrl;\n if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n tokenUrl: string,\n body: URLSearchParams\n): Promise<TokenResponse> {\n const response = await fetch(tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n\n if (!response.ok) {\n const text = await response.text().catch(() => '');\n throw new Error(\n `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n );\n }\n\n return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n token_endpoint: string;\n authorization_endpoint: string;\n [key: string]: unknown;\n}\n\n/* Module-level cache keyed by discovery URL /\nconst cache = new Map<string, OidcConfig>();\n\n/\n Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n /\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n const cached = cache.get(discoveryUrl);\n if (cached) return cached;\n\n const response = await fetch(discoveryUrl);\n if (!response.ok) {\n throw new Error(\n `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n );\n }\n\n const config = (await response.json()) as OidcConfig;\n\n if (!config.token_endpoint \|\| !config.authorization_endpoint) {\n throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n }\n\n cache.set(discoveryUrl, config);\n return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n getAuthorizationUrl as buildAuthorizationUrl,\n exchangeCode,\n refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/\n Centralized OAuth2 authentication manager.\n \n Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n \n Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n \n @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n * flow: 'client-credentials',\n * clientId: 'my-id',\n * clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n \n @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n * flow: 'authorization-code',\n * clientId: 'my-id',\n * redirectUri: 'https://myapp.com/callback',\n * scopes: ['openid', 'profile'],\n * });\n \n // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n \n // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n \n // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n /\nexport class AuthManager {\n private readonly store = new TokenStore();\n /* Pending token fetch promise to prevent concurrent requests /\n private inflight: Promise<void> \| null = null;\n /* Cached resolved endpoints (populated lazily from OIDC discovery) /\n private endpoints: { tokenUrl: string; authorizationUrl: string } \| null = null;\n\n constructor(private readonly config: AuthConfig) {}\n\n /\n Returns a valid access token, fetching or refreshing as needed.\n * For Client Credentials flow this is fully automatic.\n * For Authorization Code flow, `handleCallback` must have been called first.\n /\n async getAccessToken(): Promise<string> {\n if (!this.store.isExpired()) {\n return this.store.getAccessToken()!;\n }\n\n if (this.inflight) {\n await this.inflight;\n return this.store.getAccessToken()!;\n }\n\n this.inflight = this.refresh();\n try {\n await this.inflight;\n } finally {\n this.inflight = null;\n }\n\n const token = this.store.getAccessToken();\n if (!token) throw new Error('Failed to obtain access token');\n return token;\n }\n\n /\n Authorization Code flow only.\n * Builds and returns the authorization URL to redirect the user to.\n * The returned `codeVerifier` must be persisted (e.g. in session storage)\n * and passed to `handleCallback`.\n /\n async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n }\n const endpoints = await this.resolveEndpoints();\n return buildAuthorizationUrl(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n state\n );\n }\n\n /\n Authorization Code flow only.\n * Exchanges the authorization code (from the redirect callback) for tokens\n * and stores them internally.\n /\n async handleCallback(code: string, codeVerifier: string): Promise<void> {\n if (this.config.flow !== 'authorization-code') {\n throw new Error('handleCallback is only available for authorization-code flow');\n }\n const endpoints = await this.resolveEndpoints();\n const tokenResponse = await exchangeCode(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n code,\n codeVerifier\n );\n this.store.store(tokenResponse);\n }\n\n /* Clears all stored tokens. /\n clearTokens(): void {\n this.store.clear();\n }\n\n /\n Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n * if either URL is absent from the config. Result is cached after the first call.\n /\n private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n if (this.endpoints) return this.endpoints;\n\n const cfg = this.config as {\n tokenUrl?: string;\n authorizationUrl?: string;\n discoveryUrl?: string;\n };\n\n const needsDiscovery =\n !cfg.tokenUrl \|\|\n (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n if (needsDiscovery) {\n const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n this.endpoints = {\n tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n };\n } else {\n this.endpoints = {\n tokenUrl: cfg.tokenUrl!,\n authorizationUrl: cfg.authorizationUrl ?? '',\n };\n }\n\n return this.endpoints;\n }\n\n private async refresh(): Promise<void> {\n const endpoints = await this.resolveEndpoints();\n\n if (this.config.flow === 'client-credentials') {\n const tokenResponse = await fetchClientCredentialsToken({\n ...(this.config as ClientCredentialsConfig),\n tokenUrl: endpoints.tokenUrl,\n });\n this.store.store(tokenResponse);\n return;\n }\n\n // Authorization Code flow: try refresh token first, else throw\n const refreshToken = this.store.getRefreshToken();\n if (refreshToken) {\n const tokenResponse = await refreshAccessToken(\n { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n refreshToken\n );\n this.store.store(tokenResponse);\n return;\n }\n\n throw new Error(\n 'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n );\n }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/* Thrown when an API response is not 2xx. /\nexport class BcisApiError extends Error {\n constructor(\n public readonly status: number,\n public readonly statusText: string,\n public readonly body: unknown\n ) {\n super(`BCIS API error ${status} ${statusText}`);\n this.name = 'BcisApiError';\n }\n}\n\n/\n Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n /\nexport class FetchClient {\n constructor(private readonly auth: AuthManager) {}\n\n async get<T>(\n baseUrl: string,\n path: string,\n params: Record<string, unknown> = {}\n ): Promise<T> {\n const token = await this.auth.getAccessToken();\n const url = new URL(baseUrl + path);\n\n for (const [key, value] of Object.entries(params)) {\n if (value === undefined \|\| value === null) continue;\n\n if (Array.isArray(value)) {\n for (const item of value) {\n url.searchParams.append(key, String(item));\n }\n } else {\n url.searchParams.set(key, String(value));\n }\n }\n\n const response = await fetch(url.toString(), {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${token}`,\n Accept: 'application/json',\n },\n });\n\n if (!response.ok) {\n let body: unknown;\n try {\n body = await response.json();\n } catch {\n body = await response.text();\n }\n throw new BcisApiError(response.status, response.statusText, body);\n }\n\n return response.json() as Promise<T>;\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n /* When true, returns additional data for graph plotting. Default false. /\n 'include-data-for-graph'?: boolean;\n /* When true, includes sub-divided categories (e.g., size bands) in results. Default false. /\n 'include-subclasses'?: boolean;\n /* A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'building-function': string[];\n /* A list of type of work codes to filter the results by, the example contains all valid codes. /\n 'type-of-work': string[];\n /* A six-character code identifying the BCIS study /\n 'abp-study': 'ABPBUI' \| 'ABPFUN' \| 'ABPGRP' \| 'ABPEM2' \| 'ABPEUR' \| 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n /* Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. /\n 'base-of-series'?: string;\n /* Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. /\n regularity?: string[];\n /* Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. /\n 'end-date'?: string;\n /* Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. /\n 'start-date'?: string;\n /* Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). /\n 'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n /* Supports suffixes to filter or refine the study data: - Level Filters: - `:region`, `:county`, `:district` - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices) - Postcode Filter: - `:postcode:<POSTCODE>` (no spaces) - Example: `location2000:postcode:SW1P3AD` - Cannot be combined with level filters. - Effective Date Filter: - `:EffectiveDate:<YYYYQn>` - Example: `location2000:EffectiveDate:2015Q2` - Can be combined with postcode or level filters. - Outcode List: - `:outcode` - Example: `location2000:outcode` - Not supported for 1980 boundaries or with EffectiveDate. `short-tps-name` is not case sensitive. For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. /\n 'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n /* A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. /\n 'if-changed-since'?: string;\n /* A version string to select relevant code tables. /\n version?: string;\n /* A string to select the code list required. The supported values are: - `seriesIdentification`: All regularity names (for `/indices-retrieve`) - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`) - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`) - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`) - `BuildingFunction:Categories`: List of building function categories - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`) - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`) - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`) - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`) The list of supported code types may be extended in the future. /\n 'code-type': 'shortTPSName' \| 'ABPStudy' \| 'BuildingFunction' \| 'BuildingFunction:Categories' \| 'BuildingFunction:[1-9]' \| 'BuildingFunction:Duration' \| 'BuildingFunction:Duration:Categories' \| 'BuildingFunction:Duration:[1-9]' \| 'BuildingFunction:ABP' \| 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n }\n\n /* abp-retrieve /\n async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* indices-retrieve /\n async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* tps-retrieve /\n async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n }\n\n /* codes-update /\n async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n /* Postcode of the property /\n postCode: string;\n /* Type of the property /\n type: string;\n /* Number of storeys in the property /\n storeys: string;\n /* Style of the property: detached, terraced, etc /\n style: string;\n /* Type of the walls of the property /\n wallType: string;\n /* Type of the roof of the property /\n roofType?: string;\n /* Year the property was built /\n yearBuilt: number;\n /* Number of flats /\n noOfFlats?: number;\n /* Area of the property in sq.m. /\n area?: number;\n /* Number of rooms in the property /\n noOfRooms?: number;\n /* Number of bedrooms in the property /\n noOfBedrooms?: number;\n /* Number of garage spaces in the property /\n noOfGarageSpaces?: number;\n /* Number of bathrooms in the property /\n noOfBathrooms?: number;\n /* Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' /\n specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n /* First month of the usage report /\n startMonth?: string;\n /* Last month of the usage report /\n endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n }\n\n /* rbls-calculate /\n async calculate(params: CalculateParams): Promise<CalculationResponse> {\n return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n }\n\n /* rbls-report-use /\n async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n /* node id, returned data are for the selected node /\n 'selected-node-id'?: string;\n /* filter term, returned nodes contain the text somewhere in that branch /\n 'filter-text'?: string;\n /* id obtained from get-books-edition /\n 'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n /* Id as returned from GetRates or GetResources /\n 'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n private readonly client: FetchClient;\n private readonly baseUrl: string;\n\n constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n this.client = new FetchClient(auth);\n this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n }\n\n /* Lists books and editions available to user /\n async getBooksEdition(): Promise<EditionsDto> {\n return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n }\n\n /* Lists matching rates /\n async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n }\n\n /* Lists matching resources /\n async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n }\n\n /* Lists components of a rate or buildUp */\n async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bcis/sdk",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Type-safe TypeScript SDK for BCIS APIs",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",