npm - @corti/sdk - Versions diffs - 1.0.0-alpha → 1.0.0-alpha.1 - Mend

@corti/sdk 1.0.0-alpha → 1.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (399) hide show

package/dist/cjs/custom/auth/CortiAuth.js ADDED Viewed

@@ -0,0 +1,195 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CortiAuth = void 0;
+const Client_js_1 = require("../../api/resources/auth/client/Client.js");
+const core = __importStar(require("../../core/index.js"));
+const index_js_1 = require("../../core/schemas/index.js");
+const buildTokenRequestBody_js_1 = require("../utils/buildTokenRequestBody.js");
+const environment_js_1 = require("../utils/environment.js");
+const localStorageHelpers_js_1 = require("../utils/localStorageHelpers.js");
+const pkceHelpers_js_1 = require("../utils/pkceHelpers.js");
+class CortiAuth extends Client_js_1.AuthClient {
+    /** No-op auth provider so super.token() does not trigger OAuth refresh. When auth is omitted, a dummy token is passed so the base constructor does not throw. */
+    constructor(options) {
+        var _a;
+        const { environment } = options, rest = __rest(options, ["environment"]);
+        super(Object.assign(Object.assign({}, rest), { environment: (0, environment_js_1.getEnvironment)(environment), token: (_a = options.token) !== null && _a !== void 0 ? _a : (() => "") }));
+        this._options.authProvider = new core.NoOpAuthProvider();
+    }
+    /**
+     * Exchange credentials for a short-lived access token using the tenant token endpoint (client_credentials).
+     * Resolves tenant from client options. Supports optional scopes (openid is always included).
+     *
+     * @param request - Client credentials and optional scopes
+     * @param requestOptions - Request-specific configuration
+     *
+     * @throws {@link Corti.BadRequestError}
+     * @throws {@link Corti.UnauthorizedError}
+     *
+     * @example
+     *     const response = await auth.getToken({
+     *         clientId: "client_id",
+     *         clientSecret: "client_secret",
+     *         scopes: ["profile"]
+     *     });
+     */
+    getToken(request, requestOptions) {
+        return core.HttpResponsePromise.fromPromise(this._getTokenWithTenant(request, requestOptions !== null && requestOptions !== void 0 ? requestOptions : {}));
+    }
+    _getTokenWithTenant(request, requestOptions) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const authRequest = (0, buildTokenRequestBody_js_1.buildTokenRequestBody)(request);
+            const tenantName = yield core.Supplier.get(this._options.tenantName);
+            return this.token(tenantName, authRequest, requestOptions).withRawResponse();
+        });
+    }
+    /** Exchange username/password for access token via ROPC (resource owner password credentials). */
+    getRopcFlowToken(request, requestOptions) {
+        return core.HttpResponsePromise.fromPromise(this._getTokenWithTenant(request, requestOptions !== null && requestOptions !== void 0 ? requestOptions : {}));
+    }
+    /**
+     * Exchange a refresh token for a new access token (refresh_token grant).
+     * Resolves tenant from client options.
+     *
+     * @param request - Client ID, refresh token, and optional scopes
+     * @param requestOptions - Request-specific configuration
+     *
+     * @throws {@link Corti.BadRequestError}
+     * @throws {@link Corti.UnauthorizedError}
+     *
+     * @example
+     *     const response = await auth.refreshToken({
+     *         clientId: "client_id",
+     *         refreshToken: "refresh_token",
+     *     });
+     */
+    refreshToken(request, requestOptions) {
+        return core.HttpResponsePromise.fromPromise(this._getTokenWithTenant(request, requestOptions !== null && requestOptions !== void 0 ? requestOptions : {}));
+    }
+    /** Exchange an authorization code for an access token (authorization_code grant). */
+    getCodeFlowToken(request, requestOptions) {
+        return core.HttpResponsePromise.fromPromise(this._getTokenWithTenant(request, requestOptions !== null && requestOptions !== void 0 ? requestOptions : {}));
+    }
+    /**
+     * Exchange a PKCE authorization code for an access token (authorization_code grant with code_verifier).
+     * If codeVerifier is omitted, it is read from localStorage (set by authorizePkceUrl).
+     */
+    getPkceFlowToken(request, requestOptions) {
+        var _a;
+        const codeVerifier = (_a = request.codeVerifier) !== null && _a !== void 0 ? _a : (0, localStorageHelpers_js_1.getLocalStorageItem)(localStorageHelpers_js_1.CODE_VERIFIER_KEY);
+        if (!codeVerifier) {
+            throw new index_js_1.ParseError([
+                {
+                    path: ["codeVerifier"],
+                    message: "Code verifier was not provided and not found in localStorage.",
+                },
+            ]);
+        }
+        return core.HttpResponsePromise.fromPromise(this._getTokenWithTenant(Object.assign(Object.assign({}, request), { codeVerifier }), requestOptions !== null && requestOptions !== void 0 ? requestOptions : {}));
+    }
+    /**
+     * Build the Keycloak authorization endpoint URL for the PKCE flow.
+     * Generates a code verifier if not provided, stores it in localStorage, and computes the challenge.
+     * In a browser environment, redirects to the URL unless skipRedirect is true.
+     */
+    authorizePkceUrl(_a, options_1) {
+        return __awaiter(this, arguments, void 0, function* ({ clientId, redirectUri, scopes, codeVerifier }, options) {
+            const verifier = codeVerifier !== null && codeVerifier !== void 0 ? codeVerifier : (0, pkceHelpers_js_1.generateCodeVerifier)();
+            (0, localStorageHelpers_js_1.setLocalStorageItem)(localStorageHelpers_js_1.CODE_VERIFIER_KEY, verifier);
+            const codeChallenge = yield (0, pkceHelpers_js_1.generateCodeChallenge)(verifier);
+            return this.authorizeURL({ clientId, redirectUri, codeChallenge, scopes }, options);
+        });
+    }
+    /** Read the PKCE code verifier stored in localStorage by authorizePkceUrl. Returns null if not found. */
+    static getCodeVerifier() {
+        return (0, localStorageHelpers_js_1.getLocalStorageItem)(localStorageHelpers_js_1.CODE_VERIFIER_KEY);
+    }
+    /**
+     * Build the Keycloak authorization endpoint URL for the authorization code flow.
+     * In a browser environment, redirects to the URL unless skipRedirect is true.
+     * In a server environment (no window), always returns the URL string.
+     *
+     * @param client - clientId, redirectUri, and optional codeChallenge/scopes
+     * @param options - { skipRedirect?: boolean }
+     */
+    authorizeURL(_a, options_1) {
+        return __awaiter(this, arguments, void 0, function* ({ clientId, redirectUri, codeChallenge, scopes }, options) {
+            const envUrls = yield core.Supplier.get(this._options.environment);
+            const tenantName = yield core.Supplier.get(this._options.tenantName);
+            const authUrl = new URL(core.url.join(envUrls.login, tenantName, "protocol/openid-connect/auth"));
+            authUrl.searchParams.set("response_type", "code");
+            const allScopes = ["openid", "profile", ...(scopes !== null && scopes !== void 0 ? scopes : [])];
+            authUrl.searchParams.set("scope", [...new Set(allScopes)].join(" "));
+            if (clientId !== undefined) {
+                authUrl.searchParams.set("client_id", clientId);
+            }
+            if (redirectUri !== undefined) {
+                authUrl.searchParams.set("redirect_uri", redirectUri);
+            }
+            if (codeChallenge !== undefined) {
+                authUrl.searchParams.set("code_challenge", codeChallenge);
+                authUrl.searchParams.set("code_challenge_method", "S256");
+            }
+            const authUrlString = authUrl.toString();
+            if (typeof window !== "undefined" && !(options === null || options === void 0 ? void 0 : options.skipRedirect)) {
+                window.location.href = authUrlString;
+                return authUrlString;
+            }
+            return authUrlString;
+        });
+    }
+}
+exports.CortiAuth = CortiAuth;

package/dist/cjs/custom/auth/OAuthAuthCodeAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { OAuthAuthProvider } from "../../auth/OAuthAuthProvider.js";
+import type { BaseClientOptions } from "../../BaseClient.js";
+import * as core from "../../core/index.js";
+export declare class OAuthAuthCodeAuthProvider implements core.AuthProvider {
+    private readonly options;
+    private readonly authClient;
+    private accessToken;
+    private expiresAt;
+    private refreshPromise;
+    private storedRefreshToken;
+    private refreshExpiresAt;
+    constructor(options: BaseClientOptions & OAuthAuthProvider.AuthCodeCredentials);
+    static canCreate(options?: Partial<OAuthAuthProvider.AuthCodeCredentials & BaseClientOptions>): options is BaseClientOptions & OAuthAuthProvider.AuthCodeCredentials;
+    private clientIdSupplier;
+    private clientSecretSupplier;
+    private codeSupplier;
+    private redirectUriSupplier;
+    getAuthRequest({ endpointMetadata, }?: {
+        endpointMetadata?: core.EndpointMetadata;
+    }): Promise<core.AuthRequest>;
+    private getToken;
+    private refresh;
+}

package/dist/cjs/custom/auth/OAuthAuthCodeAuthProvider.js ADDED Viewed

@@ -0,0 +1,164 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthAuthCodeAuthProvider = void 0;
+const core = __importStar(require("../../core/index.js"));
+const errors = __importStar(require("../../errors/index.js"));
+const CortiAuth_js_1 = require("./CortiAuth.js");
+const oauthAuthHelpers_js_1 = require("../utils/oauthAuthHelpers.js");
+class OAuthAuthCodeAuthProvider {
+    constructor(options) {
+        this.options = options;
+        this.authClient = new CortiAuth_js_1.CortiAuth(options);
+        this.expiresAt = new Date();
+    }
+    static canCreate(options) {
+        return ((options === null || options === void 0 ? void 0 : options[oauthAuthHelpers_js_1.CLIENT_ID_PARAM]) != null &&
+            (options === null || options === void 0 ? void 0 : options[oauthAuthHelpers_js_1.CLIENT_SECRET_PARAM]) != null &&
+            (options === null || options === void 0 ? void 0 : options[oauthAuthHelpers_js_1.CODE_PARAM]) != null &&
+            (options === null || options === void 0 ? void 0 : options[oauthAuthHelpers_js_1.REDIRECT_URI_PARAM]) != null);
+    }
+    clientIdSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CLIENT_ID_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.CLIENT_ID_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    clientSecretSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CLIENT_SECRET_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.CLIENT_SECRET_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    codeSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CODE_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.CODE_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    redirectUriSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.REDIRECT_URI_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.REDIRECT_URI_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    getAuthRequest() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const token = yield this.getToken({ endpointMetadata });
+            return {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            };
+        });
+    }
+    getToken() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata } = {}) {
+            if (this.accessToken && this.expiresAt > new Date()) {
+                return this.accessToken;
+            }
+            if (this.refreshPromise != null) {
+                return this.refreshPromise;
+            }
+            return this.refresh({ endpointMetadata });
+        });
+    }
+    refresh() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata } = {}) {
+            this.refreshPromise = (() => __awaiter(this, void 0, void 0, function* () {
+                try {
+                    const clientId = yield this.clientIdSupplier({ endpointMetadata });
+                    const clientSecret = yield this.clientSecretSupplier({ endpointMetadata });
+                    let tokenResponse;
+                    if (clientId &&
+                        this.storedRefreshToken &&
+                        this.refreshExpiresAt &&
+                        this.refreshExpiresAt > new Date()) {
+                        tokenResponse = yield this.authClient.refreshToken({
+                            clientId,
+                            refreshToken: this.storedRefreshToken,
+                            clientSecret,
+                        });
+                    }
+                    else {
+                        const code = yield this.codeSupplier({ endpointMetadata });
+                        const redirectUri = yield this.redirectUriSupplier({ endpointMetadata });
+                        tokenResponse = yield this.authClient.getCodeFlowToken({
+                            clientId,
+                            clientSecret,
+                            code,
+                            redirectUri,
+                        });
+                    }
+                    this.accessToken = tokenResponse.accessToken;
+                    this.expiresAt = (0, oauthAuthHelpers_js_1.getExpiresAt)(tokenResponse.expiresIn, oauthAuthHelpers_js_1.BUFFER_IN_MINUTES);
+                    if (tokenResponse.refreshToken) {
+                        this.storedRefreshToken = tokenResponse.refreshToken;
+                        this.refreshExpiresAt = tokenResponse.refreshExpiresIn
+                            ? (0, oauthAuthHelpers_js_1.getExpiresAt)(tokenResponse.refreshExpiresIn, oauthAuthHelpers_js_1.BUFFER_IN_MINUTES)
+                            : undefined;
+                    }
+                    return this.accessToken;
+                }
+                finally {
+                    this.refreshPromise = undefined;
+                }
+            }))();
+            return this.refreshPromise;
+        });
+    }
+}
+exports.OAuthAuthCodeAuthProvider = OAuthAuthCodeAuthProvider;

package/dist/cjs/custom/auth/OAuthPkceAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { OAuthAuthProvider } from "../../auth/OAuthAuthProvider.js";
+import type { BaseClientOptions } from "../../BaseClient.js";
+import * as core from "../../core/index.js";
+export declare class OAuthPkceAuthProvider implements core.AuthProvider {
+    private readonly options;
+    private readonly authClient;
+    private accessToken;
+    private expiresAt;
+    private refreshPromise;
+    private storedRefreshToken;
+    private refreshExpiresAt;
+    constructor(options: BaseClientOptions & OAuthAuthProvider.PkceCredentials);
+    static canCreate(options?: Partial<OAuthAuthProvider.PkceCredentials & BaseClientOptions>): options is BaseClientOptions & OAuthAuthProvider.PkceCredentials;
+    private clientIdSupplier;
+    private codeSupplier;
+    private redirectUriSupplier;
+    private codeVerifierSupplier;
+    getAuthRequest({ endpointMetadata, }?: {
+        endpointMetadata?: core.EndpointMetadata;
+    }): Promise<core.AuthRequest>;
+    private getToken;
+    private refresh;
+}

package/dist/cjs/custom/auth/OAuthPkceAuthProvider.js ADDED Viewed

@@ -0,0 +1,164 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthPkceAuthProvider = void 0;
+const core = __importStar(require("../../core/index.js"));
+const errors = __importStar(require("../../errors/index.js"));
+const CortiAuth_js_1 = require("./CortiAuth.js");
+const oauthAuthHelpers_js_1 = require("../utils/oauthAuthHelpers.js");
+class OAuthPkceAuthProvider {
+    constructor(options) {
+        this.options = options;
+        this.authClient = new CortiAuth_js_1.CortiAuth(options);
+        this.expiresAt = new Date();
+    }
+    static canCreate(options) {
+        const opts = options;
+        return ((opts === null || opts === void 0 ? void 0 : opts[oauthAuthHelpers_js_1.CLIENT_ID_PARAM]) != null &&
+            (opts === null || opts === void 0 ? void 0 : opts[oauthAuthHelpers_js_1.CLIENT_SECRET_PARAM]) == null &&
+            (opts === null || opts === void 0 ? void 0 : opts[oauthAuthHelpers_js_1.CODE_PARAM]) != null &&
+            (opts === null || opts === void 0 ? void 0 : opts[oauthAuthHelpers_js_1.REDIRECT_URI_PARAM]) != null);
+    }
+    clientIdSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CLIENT_ID_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.CLIENT_ID_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    codeSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CODE_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.CODE_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    redirectUriSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.REDIRECT_URI_PARAM];
+            if (supplier == null) {
+                throw new errors.CortiError({ message: oauthAuthHelpers_js_1.REDIRECT_URI_REQUIRED_ERROR_MESSAGE });
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    codeVerifierSupplier() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const supplier = this.options[oauthAuthHelpers_js_1.CODE_VERIFIER_PARAM];
+            if (supplier == null) {
+                return undefined;
+            }
+            return core.EndpointSupplier.get(supplier, { endpointMetadata });
+        });
+    }
+    getAuthRequest() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata, } = {}) {
+            const token = yield this.getToken({ endpointMetadata });
+            return {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            };
+        });
+    }
+    getToken() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata } = {}) {
+            if (this.accessToken && this.expiresAt > new Date()) {
+                return this.accessToken;
+            }
+            if (this.refreshPromise != null) {
+                return this.refreshPromise;
+            }
+            return this.refresh({ endpointMetadata });
+        });
+    }
+    refresh() {
+        return __awaiter(this, arguments, void 0, function* ({ endpointMetadata } = {}) {
+            this.refreshPromise = (() => __awaiter(this, void 0, void 0, function* () {
+                try {
+                    const clientId = yield this.clientIdSupplier({ endpointMetadata });
+                    let tokenResponse;
+                    if (clientId &&
+                        this.storedRefreshToken &&
+                        this.refreshExpiresAt &&
+                        this.refreshExpiresAt > new Date()) {
+                        tokenResponse = yield this.authClient.refreshToken({
+                            clientId,
+                            refreshToken: this.storedRefreshToken,
+                        });
+                    }
+                    else {
+                        const code = yield this.codeSupplier({ endpointMetadata });
+                        const redirectUri = yield this.redirectUriSupplier({ endpointMetadata });
+                        const codeVerifier = yield this.codeVerifierSupplier({ endpointMetadata });
+                        tokenResponse = yield this.authClient.getPkceFlowToken({
+                            clientId,
+                            code,
+                            redirectUri,
+                            codeVerifier,
+                        });
+                    }
+                    this.accessToken = tokenResponse.accessToken;
+                    this.expiresAt = (0, oauthAuthHelpers_js_1.getExpiresAt)(tokenResponse.expiresIn, oauthAuthHelpers_js_1.BUFFER_IN_MINUTES);
+                    if (tokenResponse.refreshToken) {
+                        this.storedRefreshToken = tokenResponse.refreshToken;
+                        this.refreshExpiresAt = tokenResponse.refreshExpiresIn
+                            ? (0, oauthAuthHelpers_js_1.getExpiresAt)(tokenResponse.refreshExpiresIn, oauthAuthHelpers_js_1.BUFFER_IN_MINUTES)
+                            : undefined;
+                    }
+                    return this.accessToken;
+                }
+                finally {
+                    this.refreshPromise = undefined;
+                }
+            }))();
+            return this.refreshPromise;
+        });
+    }
+}
+exports.OAuthPkceAuthProvider = OAuthPkceAuthProvider;

package/dist/cjs/custom/auth/OAuthRopcAuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { OAuthAuthProvider } from "../../auth/OAuthAuthProvider.js";
+import type { BaseClientOptions } from "../../BaseClient.js";
+import * as core from "../../core/index.js";
+export declare class OAuthRopcAuthProvider implements core.AuthProvider {
+    private readonly options;
+    private readonly authClient;
+    private accessToken;
+    private expiresAt;
+    private refreshPromise;
+    private storedRefreshToken;
+    private refreshExpiresAt;
+    constructor(options: BaseClientOptions & OAuthAuthProvider.RopcCredentials);
+    static canCreate(options?: Partial<OAuthAuthProvider.RopcCredentials & BaseClientOptions>): options is BaseClientOptions & OAuthAuthProvider.RopcCredentials;
+    private clientIdSupplier;
+    private usernameSupplier;
+    private passwordSupplier;
+    getAuthRequest({ endpointMetadata, }?: {
+        endpointMetadata?: core.EndpointMetadata;
+    }): Promise<core.AuthRequest>;
+    private getToken;
+    private refresh;
+}