@faable/sdk-base 1.5.0 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
import type { AuthStrategyBuilder } from "../../types/AuthStrategy.js";
|
|
2
|
+
export type AudienceResolver = () => string | undefined | Promise<string | undefined>;
|
|
2
3
|
export type ClientCredentialsConfig = {
|
|
3
4
|
client_id: string;
|
|
4
5
|
client_secret: string;
|
|
5
6
|
domain?: string;
|
|
7
|
+
audience?: string | AudienceResolver;
|
|
8
|
+
scope?: string | string[];
|
|
6
9
|
};
|
|
7
10
|
export declare const authClientCredentials: AuthStrategyBuilder<ClientCredentialsConfig>;
|
|
8
11
|
//# sourceMappingURL=client_credentials.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client_credentials.d.ts","sourceRoot":"","sources":["../../../src/auth/client_credentials/client_credentials.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"client_credentials.d.ts","sourceRoot":"","sources":["../../../src/auth/client_credentials/client_credentials.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAcvE,MAAM,MAAM,gBAAgB,GAAG,MAC3B,MAAM,GACN,SAAS,GACT,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AAEhC,MAAM,MAAM,uBAAuB,GAAG;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IAMtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAKhB,QAAQ,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAAC;IAIrC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC3B,CAAC;AAOF,eAAO,MAAM,qBAAqB,EAAE,mBAAmB,CACrD,uBAAuB,CAkGxB,CAAC"}
|
|
@@ -34,11 +34,32 @@ export const authClientCredentials = (config, context) => {
|
|
|
34
34
|
return expires_at < Date.now();
|
|
35
35
|
};
|
|
36
36
|
const fetcher = fetcher_axios({ baseURL: auth_domain });
|
|
37
|
+
// Resolve the audience once (the resolver may do I/O, e.g. OIDC discovery)
|
|
38
|
+
// and memoize it for the strategy's lifetime so token refreshes don't re-run
|
|
39
|
+
// it. A resolver returning `undefined` is retried (treated as "not resolved").
|
|
40
|
+
let resolved_audience;
|
|
41
|
+
const resolveAudience = async () => {
|
|
42
|
+
if (resolved_audience !== undefined)
|
|
43
|
+
return resolved_audience;
|
|
44
|
+
resolved_audience =
|
|
45
|
+
typeof config.audience === "function"
|
|
46
|
+
? await config.audience()
|
|
47
|
+
: config.audience;
|
|
48
|
+
return resolved_audience;
|
|
49
|
+
};
|
|
37
50
|
const requestToken = async () => {
|
|
38
51
|
const params = new URLSearchParams();
|
|
39
52
|
params.append("grant_type", "client_credentials");
|
|
40
53
|
params.append("client_id", client_id);
|
|
41
54
|
params.append("client_secret", client_secret);
|
|
55
|
+
const audience = await resolveAudience();
|
|
56
|
+
if (audience)
|
|
57
|
+
params.append("audience", audience);
|
|
58
|
+
const scope = Array.isArray(config.scope)
|
|
59
|
+
? config.scope.join(" ")
|
|
60
|
+
: config.scope;
|
|
61
|
+
if (scope)
|
|
62
|
+
params.append("scope", scope);
|
|
42
63
|
const token_response = await fetcher.post("/oauth/token", params);
|
|
43
64
|
store.saveTokenResponse(token_response);
|
|
44
65
|
return token_response;
|