@fluidframework/odsp-driver 2.1.0-274160 → 2.1.0-276326

package/src/fetchSnapshot.ts

@@ -45,7 +45,7 @@ import {
 } from "./contracts.js";
 import { EpochTracker } from "./epochTracker.js";
 import { getQueryString } from "./getQueryString.js";
-import { getUrlAndHeadersWithAuth } from "./getUrlAndHeadersWithAuth.js";
+import { getHeadersWithAuth } from "./getUrlAndHeadersWithAuth.js";
 import { convertOdspSnapshotToSnapshotTreeAndBlobs } from "./odspSnapshotParser.js";
 import {
 	IOdspResponse,
@@ -57,11 +57,13 @@ import {
 	measure,
 	measureP,
 	useLegacyFlowWithoutGroupsForSnapshotFetch,
+	type TokenFetchOptionsEx,
 } from "./odspUtils.js";
 import { pkgVersion } from "./packageVersion.js";
 
 /**
  * Enum to support different types of snapshot formats.
+ * @legacy
  * @alpha
  */
 export enum SnapshotFormatSupportType {
@@ -73,25 +75,19 @@ export enum SnapshotFormatSupportType {
 /**
  * Fetches a snapshot from the server with a given version id.
  * @param snapshotUrl - snapshot url from where the odsp snapshot will be fetched
- * @param token - token used for authorization in the request
- * @param storageFetchWrapper - Implementation of the get/post methods used to fetch the snapshot
  * @param versionId - id of specific snapshot to be fetched
  * @param fetchFullSnapshot - whether we want to fetch full snapshot(with blobs)
- * @param forceAccessTokenViaAuthorizationHeader - whether to force passing given token via authorization header
+ * @param forceAccessTokenViaAuthorizationHeader - @deprecated Not used, true value always used instead. Whether to force passing given token via authorization header
+ * @param snapshotDownloader - Implementation of the get/post methods used to fetch the snapshot. snapshotDownloader is responsible for generating the appropriate headers (including Authorization header) as well as handling any token refreshes before retrying.
  * @returns A promise of the snapshot and the status code of the response
  */
 export async function fetchSnapshot(
 	snapshotUrl: string,
-	// eslint-disable-next-line @rushstack/no-new-null
-	token: string,
 	versionId: string,
 	fetchFullSnapshot: boolean,
 	forceAccessTokenViaAuthorizationHeader: boolean,
 	logger: ITelemetryLoggerExt,
-	snapshotDownloader: (
-		url: string,
-		fetchOptions: { [index: string]: RequestInit },
-	) => Promise<IOdspResponse<unknown>>,
+	snapshotDownloader: (url: string) => Promise<IOdspResponse<unknown>>,
 ): Promise<ISnapshot> {
 	const path = `/trees/${versionId}`;
 	let queryParams: ISnapshotOptions = {};
@@ -101,17 +97,13 @@ export async function fetchSnapshot(
 	}
 
 	const queryString = getQueryString(queryParams);
-	const { url, headers } = getUrlAndHeadersWithAuth(
-		`${snapshotUrl}${path}${queryString}`,
-		token,
-		forceAccessTokenViaAuthorizationHeader,
-	);
+	const url = `${snapshotUrl}${path}${queryString}`;
 	const response = (await PerformanceEvent.timedExecAsync(
 		logger,
 		{
 			eventName: "fetchSnapshot",
 		},
-		async () => snapshotDownloader(url, { headers }),
+		async () => snapshotDownloader(url),
 	)) as IOdspResponse<IOdspSnapshot>;
 	return convertOdspSnapshotToSnapshotTreeAndBlobs(response.content);
 }
@@ -124,7 +116,8 @@ export async function fetchSnapshotWithRedeem(
 	logger: ITelemetryLoggerExt,
 	snapshotDownloader: (
 		finalOdspResolvedUrl: IOdspResolvedUrl,
-		storageToken: string,
+		getAuthHeader: InstrumentedStorageTokenFetcher,
+		tokenFetchOptions: TokenFetchOptionsEx,
 		loadingGroupIds: string[] | undefined,
 		snapshotOptions: ISnapshotOptions | undefined,
 		controller?: AbortController,
@@ -217,7 +210,7 @@ export async function fetchSnapshotWithRedeem(
 
 async function redeemSharingLink(
 	odspResolvedUrl: IOdspResolvedUrl,
-	storageTokenFetcher: InstrumentedStorageTokenFetcher,
+	getAuthHeader: InstrumentedStorageTokenFetcher,
 	logger: ITelemetryLoggerExt,
 	forceAccessTokenViaAuthorizationHeader: boolean,
 ): Promise<void> {
@@ -239,15 +232,16 @@ async function redeemSharingLink(
 			let redeemUrl: string | undefined;
 			async function callSharesAPI(baseUrl: string): Promise<void> {
 				await getWithRetryForTokenRefresh(async (tokenFetchOptions) => {
-					const storageToken = await storageTokenFetcher(tokenFetchOptions, "RedeemShareLink");
 					redeemUrl = `${baseUrl}/_api/v2.0/shares/${encodedShareUrl}`;
-					const { url, headers } = getUrlAndHeadersWithAuth(
-						redeemUrl,
-						storageToken,
-						forceAccessTokenViaAuthorizationHeader,
+					const url = redeemUrl;
+					const method = "GET";
+					const authHeader = await getAuthHeader(
+						{ ...tokenFetchOptions, request: { url, method } },
+						"RedeemShareLink",
 					);
+					const headers = getHeadersWithAuth(authHeader);
 					headers.prefer = "redeemSharingLink";
-					await fetchAndParseAsJSONHelper(url, { headers });
+					await fetchAndParseAsJSONHelper(url, { headers, method });
 				});
 			}
 
@@ -271,7 +265,7 @@ async function redeemSharingLink(
 								shareLinkUrlLength: odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem.length,
 								queryParamsLength: new URL(odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem)
 									.search.length,
-								useHeaders: forceAccessTokenViaAuthorizationHeader,
+								useHeaders: true,
 							}),
 						},
 						error,
@@ -285,12 +279,13 @@ async function redeemSharingLink(
 
 async function fetchLatestSnapshotCore(
 	odspResolvedUrl: IOdspResolvedUrl,
-	storageTokenFetcher: InstrumentedStorageTokenFetcher,
+	getAuthHeader: InstrumentedStorageTokenFetcher,
 	snapshotOptions: ISnapshotOptions | undefined,
 	logger: ITelemetryLoggerExt,
 	snapshotDownloader: (
 		finalOdspResolvedUrl: IOdspResolvedUrl,
-		storageToken: string,
+		getAuthHeader: InstrumentedStorageTokenFetcher,
+		tokenFetchOptions: TokenFetchOptionsEx,
 		loadingGroupIds: string[] | undefined,
 		snapshotOptions: ISnapshotOptions | undefined,
 		controller?: AbortController,
@@ -302,7 +297,6 @@ async function fetchLatestSnapshotCore(
 	return getWithRetryForTokenRefresh(async (tokenFetchOptions) => {
 		const fetchSnapshotForLoadingGroup = isSnapshotFetchForLoadingGroup(loadingGroupIds);
 		const eventName = fetchSnapshotForLoadingGroup ? "TreesLatestForGroup" : "TreesLatest";
-		const storageToken = await storageTokenFetcher(tokenFetchOptions, eventName, true);
 
 		const perfEvent = {
 			eventName,
@@ -331,7 +325,8 @@ async function fetchLatestSnapshotCore(
 			const [response, fetchTime] = await measureP(async () =>
 				snapshotDownloader(
 					odspResolvedUrl,
-					storageToken,
+					getAuthHeader,
+					tokenFetchOptions,
 					loadingGroupIds,
 					snapshotOptions,
 					controller,
@@ -594,7 +589,7 @@ export interface ISnapshotRequestAndResponseOptions {
 
 function getFormBodyAndHeaders(
 	odspResolvedUrl: IOdspResolvedUrl,
-	storageToken: string,
+	authHeader: string,
 	headers?: { [index: string]: string },
 ): {
 	body: string;
@@ -606,7 +601,7 @@ function getFormBodyAndHeaders(
 	const formParams: string[] = [];
 	formParams.push(
 		`--${formBoundary}`,
-		`Authorization: Bearer ${storageToken}`,
+		`Authorization: ${authHeader}`,
 		`X-HTTP-Method-Override: GET`,
 	);
 
@@ -690,7 +685,8 @@ function getTreeStatsCore(snapshotTree: ISnapshotTree, stats: ITreeStats): void
  */
 export async function downloadSnapshot(
 	odspResolvedUrl: IOdspResolvedUrl,
-	storageToken: string,
+	getAuthHeader: InstrumentedStorageTokenFetcher,
+	tokenFetchOptions: TokenFetchOptionsEx,
 	loadingGroupIds: string[] | undefined,
 	snapshotOptions: ISnapshotOptions | undefined,
 	snapshotFormatFetchType?: SnapshotFormatSupportType,
@@ -724,17 +720,23 @@ export async function downloadSnapshot(
 
 	const queryString = getQueryString(queryParams);
 	const url = `${snapshotUrl}/trees/latest${queryString}`;
+	const method = "POST";
 	// The location of file can move on Spo in which case server returns 308(Permanent Redirect) error.
 	// Adding below header will make VROOM API return 404 instead of 308 and browser can intercept it.
 	// This error thrown by server will contain the new redirect location. Look at the 404 error parsing
 	// for further reference here: \packages\utils\odsp-doclib-utils\src\odspErrorUtils.ts
 	const header = { prefer: "manualredirect" };
-	const { body, headers } = getFormBodyAndHeaders(odspResolvedUrl, storageToken, header);
+	const authHeader = await getAuthHeader(
+		{ ...tokenFetchOptions, request: { url, method } },
+		"downloadSnapshot",
+	);
+	assert(authHeader !== null, 0x1e5 /* "Storage token should not be null" */);
+	const { body, headers } = getFormBodyAndHeaders(odspResolvedUrl, authHeader, header);
 	const fetchOptions = {
 		body,
 		headers,
 		signal: controller?.signal,
-		method: "POST",
+		method,
 	};
 	// Decide what snapshot format to fetch as per the feature gate.
 	switch (snapshotFormatFetchType) {

package/src/getFileLink.ts

@@ -19,7 +19,7 @@ import {
 	isFluidError,
 } from "@fluidframework/telemetry-utils/internal";
 
-import { getUrlAndHeadersWithAuth } from "./getUrlAndHeadersWithAuth.js";
+import { getHeadersWithAuth } from "./getUrlAndHeadersWithAuth.js";
 import {
 	fetchHelper,
 	getWithRetryForTokenRefresh,
@@ -111,6 +111,7 @@ export async function getFileLink(
  * @param odspUrlParts - parts of odsp resolved url.
  * @param logger - logger to send events.
  * @returns Response from the API call.
+ * @legacy
  * @alpha
  */
 async function getFileLinkWithLocationRedirectionHandling(
@@ -165,12 +166,11 @@ async function getFileLinkCore(
 			let additionalProps;
 			const fileLink = await getWithRetryForTokenRefresh(async (options) => {
 				attempts++;
-				const storageTokenFetcher = toInstrumentedOdspStorageTokenFetcher(
+				const getAuthHeader = toInstrumentedOdspStorageTokenFetcher(
 					logger,
 					odspUrlParts,
 					getToken,
 				);
-				const storageToken = await storageTokenFetcher(options, "GetFileLinkCore");
 
 				// IMPORTANT: In past we were using GetFileByUrl() API to get to the list item that was corresponding
 				// to the file. This was intentionally replaced with GetFileById() to solve the following issue:
@@ -178,17 +178,19 @@ async function getFileLinkCore(
 				// where webDavUrl is constructed using legacy ODC format for backward compatibility reasons.
 				// GetFileByUrl() does not understand that format and thus fails. GetFileById() relies on file item
 				// unique guid (sharepointIds.listItemUniqueId) and it works uniformly across Consumer and Commercial.
-				const { url, headers } = getUrlAndHeadersWithAuth(
-					`${
-						odspUrlParts.siteUrl
-					}/_api/web/GetFileById(@a1)/ListItemAllFields/GetSharingInformation?@a1=guid${encodeURIComponent(
-						`'${fileItem.sharepointIds.listItemUniqueId}'`,
-					)}`,
-					storageToken,
-					true,
+				const url = `${
+					odspUrlParts.siteUrl
+				}/_api/web/GetFileById(@a1)/ListItemAllFields/GetSharingInformation?@a1=guid${encodeURIComponent(
+					`'${fileItem.sharepointIds.listItemUniqueId}'`,
+				)}`;
+				const method = "POST";
+				const authHeader = await getAuthHeader(
+					{ ...options, request: { url, method } },
+					"GetFileLinkCore",
 				);
+				const headers = getHeadersWithAuth(authHeader);
 				const requestInit = {
-					method: "POST",
+					method,
 					headers: {
 						"Content-Type": "application/json;odata=verbose",
 						"Accept": "application/json;odata=verbose",
@@ -262,20 +264,25 @@ async function getFileItemLite(
 			const fileItem = await getWithRetryForTokenRefresh(async (options) => {
 				attempts++;
 				const { siteUrl, driveId, itemId } = odspUrlParts;
-				const storageTokenFetcher = toInstrumentedOdspStorageTokenFetcher(
+				const getAuthHeader = toInstrumentedOdspStorageTokenFetcher(
 					logger,
 					odspUrlParts,
 					getToken,
 				);
-				const storageToken = await storageTokenFetcher(options, "GetFileItemLite");
-
-				const { url, headers } = getUrlAndHeadersWithAuth(
-					`${siteUrl}/_api/v2.0/drives/${driveId}/items/${itemId}?select=webUrl,webDavUrl,sharepointIds`,
-					storageToken,
-					forceAccessTokenViaAuthorizationHeader,
+				const url = `${siteUrl}/_api/v2.0/drives/${driveId}/items/${itemId}?select=webUrl,webDavUrl,sharepointIds`;
+				const method = "GET";
+				const authHeader = await getAuthHeader(
+					{ ...options, request: { url, method } },
+					"GetFileItemLite",
+				);
+				assert(
+					authHeader !== null,
+					0x2bc /* "Instrumented token fetcher with throwOnNullToken =true should never return null" */,
 				);
+
+				const headers = getHeadersWithAuth(authHeader);
 				headers.redirect = "manual";
-				const requestInit = { method: "GET", headers };
+				const requestInit = { method, headers };
 				const response = await fetchHelper(url, requestInit);
 				additionalProps = response.propsToLog;
 

package/src/getUrlAndHeadersWithAuth.ts

@@ -5,38 +5,13 @@
 
 import { assert } from "@fluidframework/core-utils/internal";
 
-export function getUrlAndHeadersWithAuth(
-	url: string,
-	token: string,
-	forceAccessTokenViaAuthorizationHeader: boolean,
-): { url: string; headers: { [index: string]: string } } {
-	assert(token.length > 0, 0x936 /* should be token */);
-
-	if (!forceAccessTokenViaAuthorizationHeader) {
-		// Pass access token via query string: this will make request be treated as 'simple' request
-		// which does not require OPTIONS call as part of CORS check.
-		const urlWithAccessTokenInQueryString = new URL(url);
-		// IMPORTANT: Do not apply encodeURIComponent to token, param value is automatically encoded
-		// when set via URLSearchParams class
-		urlWithAccessTokenInQueryString.searchParams.set("access_token", token);
-		// ODSP APIs have a limitation that the query string cannot exceed 2048 characters.
-		// If the query string exceeds 2048, we have to fall back to sending the access token as a header, which
-		// has a negative performance implication as it adds a performance overhead.
-		// NOTE: URL.search.length value includes '?' symbol and it is unclear whether backend logic which enforces
-		// query length limit accounts for it. This logic errs on side of caution and includes that key in overall
-		// query length.
-		if (urlWithAccessTokenInQueryString.search.length <= 2048) {
-			return {
-				headers: {},
-				url: urlWithAccessTokenInQueryString.href,
-			};
-		}
-	}
+export function getHeadersWithAuth(
+	// eslint-disable-next-line @rushstack/no-new-null
+	authHeader: string | null,
+): { [index: string]: string } {
+	assert(!!authHeader, 0x936 /* authHeader should not be null or empty */);
 
 	return {
-		headers: {
-			Authorization: `Bearer ${token}`,
-		},
-		url,
+		Authorization: authHeader,
 	};
 }

package/src/odspCache.ts

@@ -17,6 +17,7 @@ import {
 
 /**
  * Similar to IPersistedCache, but exposes cache interface for single file
+ * @legacy
  * @alpha
  */
 export interface IPersistedFileCache {
@@ -95,6 +96,7 @@ export class PromiseCacheWithOneHourSlidingExpiry<T> extends PromiseCache<string
 
 /**
  * Internal cache interface used within driver only
+ * @legacy
  * @alpha
  */
 export interface INonPersistentCache {
@@ -120,6 +122,7 @@ export interface INonPersistentCache {
 
 /**
  * Internal cache interface used within driver only
+ * @legacy
  * @alpha
  */
 export interface IOdspCache extends INonPersistentCache {
@@ -144,6 +147,7 @@ export class NonPersistentCache implements INonPersistentCache {
 }
 
 /**
+ * @legacy
  * @alpha
  */
 export interface IPrefetchSnapshotContents extends ISnapshot {

package/src/odspDelayLoadedDeltaStream.ts

@@ -70,7 +70,7 @@ export class OdspDelayLoadedDeltaStream {
 	/**
 	 * @param odspResolvedUrl - resolved url identifying document that will be managed by this service instance.
 	 * @param policies - Document service policies.
-	 * @param getStorageToken - function that can provide the storage token. This is is also referred to as
+	 * @param getAuthHeader - function that can provide the Authentication header value. This is is also referred to as
 	 * the "Vroom" token in SPO.
 	 * @param getWebsocketToken - function that can provide a token for accessing the web socket. This is also referred
 	 * to as the "Push" token in SPO. If undefined then websocket token is expected to be returned with joinSession
@@ -85,13 +85,13 @@ export class OdspDelayLoadedDeltaStream {
 	public constructor(
 		public readonly odspResolvedUrl: IOdspResolvedUrl,
 		public policies: IDocumentServicePolicies,
-		private readonly getStorageToken: InstrumentedStorageTokenFetcher,
+		private readonly getAuthHeader: InstrumentedStorageTokenFetcher,
 		private readonly getWebsocketToken:
 			| ((options: TokenFetchOptions) => Promise<string | null>)
 			| undefined,
 		private readonly mc: MonitoringContext,
 		private readonly cache: IOdspCache,
-		private readonly hostPolicy: HostStoragePolicy,
+		_hostPolicy: HostStoragePolicy,
 		private readonly epochTracker: EpochTracker,
 		private readonly opsReceived: (ops: ISequencedDocumentMessage[]) => void,
 		private readonly metadataUpdateHandler: (metadata: Record<string, string>) => void,
@@ -391,13 +391,12 @@ export class OdspDelayLoadedDeltaStream {
 				"opStream/joinSession",
 				"POST",
 				this.mc.logger,
-				this.getStorageToken,
+				this.getAuthHeader,
 				this.epochTracker,
 				requestSocketToken,
 				options,
 				disableJoinSessionRefresh,
 				isRefreshingJoinSession,
-				this.hostPolicy.sessionOptions?.unauthenticatedUserDisplayName,
 			);
 			// Emit event only in case it is fetched from the network.
 			if (joinSessionResponse.sensitivityLabelsInfo !== undefined) {

package/src/odspDeltaStorageService.ts

@@ -31,7 +31,7 @@ import { getWithRetryForTokenRefresh } from "./odspUtils.js";
 export class OdspDeltaStorageService {
 	constructor(
 		private readonly deltaFeedUrl: string,
-		private readonly getStorageToken: InstrumentedStorageTokenFetcher,
+		private readonly getAuthHeader: InstrumentedStorageTokenFetcher,
 		private readonly epochTracker: EpochTracker,
 		private readonly logger: ITelemetryLoggerExt,
 	) {}
@@ -52,9 +52,13 @@ export class OdspDeltaStorageService {
 	): Promise<IDeltasFetchResult> {
 		return getWithRetryForTokenRefresh(async (options) => {
 			// Note - this call ends up in getSocketStorageDiscovery() and can refresh token
-			// Thus it needs to be done before we call getStorageToken() to reduce extra calls
-			const baseUrl = this.buildUrl(from, to);
-			const storageToken = await this.getStorageToken(options, "DeltaStorage");
+			// Thus it needs to be done before we call getAuthHeader() to reduce extra calls
+			const url = this.buildUrl(from, to);
+			const method = "POST";
+			const authHeader = await this.getAuthHeader(
+				{ ...options, request: { url, method } },
+				"DeltaStorage",
+			);
 
 			return PerformanceEvent.timedExecAsync(
 				this.logger,
@@ -69,7 +73,7 @@ export class OdspDeltaStorageService {
 				async (event) => {
 					const formBoundary = uuid();
 					let postBody = `--${formBoundary}\r\n`;
-					postBody += `Authorization: Bearer ${storageToken}\r\n`;
+					postBody += `Authorization: ${authHeader}\r\n`;
 					postBody += `X-HTTP-Method-Override: GET\r\n`;
 
 					postBody += `_post: 1\r\n`;
@@ -88,11 +92,11 @@ export class OdspDeltaStorageService {
 
 					const response =
 						await this.epochTracker.fetchAndParseAsJSON<IDeltaStorageGetResponse>(
-							baseUrl,
+							url,
 							{
 								headers,
 								body: postBody,
-								method: "POST",
+								method,
 								signal: abort.signal,
 							},
 							"ops",

package/src/odspDocumentService.ts

@@ -64,7 +64,7 @@ export class OdspDocumentService
 	 * Creates a new OdspDocumentService instance.
 	 *
 	 * @param resolvedUrl - resolved url identifying document that will be managed by returned service instance.
-	 * @param getStorageToken - function that can provide the storage token. This is is also referred to as
+	 * @param getAuthHeader - function that can provide the Authentication header value. This is is also referred to as
 	 * the "Vroom" token in SPO.
 	 * @param getWebsocketToken - function that can provide a token for accessing the web socket. This is also referred
 	 * to as the "Push" token in SPO. If undefined then websocket token is expected to be returned with joinSession
@@ -77,7 +77,7 @@ export class OdspDocumentService
 	 */
 	public static async create(
 		resolvedUrl: IResolvedUrl,
-		getStorageToken: InstrumentedStorageTokenFetcher,
+		getAuthHeader: InstrumentedStorageTokenFetcher,
 		// eslint-disable-next-line @rushstack/no-new-null
 		getWebsocketToken: ((options: TokenFetchOptions) => Promise<string | null>) | undefined,
 		logger: ITelemetryLoggerExt,
@@ -89,7 +89,7 @@ export class OdspDocumentService
 	): Promise<IDocumentService> {
 		return new OdspDocumentService(
 			getOdspResolvedUrl(resolvedUrl),
-			getStorageToken,
+			getAuthHeader,
 			getWebsocketToken,
 			logger,
 			cache,
@@ -110,7 +110,7 @@ export class OdspDocumentService
 
 	/**
 	 * @param odspResolvedUrl - resolved url identifying document that will be managed by this service instance.
-	 * @param getStorageToken - function that can provide the storage token. This is is also referred to as
+	 * @param getAuthHeader - function that can provide the Authentication header value. This is is also referred to as
 	 * the "Vroom" token in SPO.
 	 * @param getWebsocketToken - function that can provide a token for accessing the web socket. This is also referred
 	 * to as the "Push" token in SPO. If undefined then websocket token is expected to be returned with joinSession
@@ -124,7 +124,7 @@ export class OdspDocumentService
 	 */
 	private constructor(
 		public readonly odspResolvedUrl: IOdspResolvedUrl,
-		private readonly getStorageToken: InstrumentedStorageTokenFetcher,
+		private readonly getAuthHeader: InstrumentedStorageTokenFetcher,
 		private readonly getWebsocketToken:
 			| ((options: TokenFetchOptions) => Promise<string | null>)
 			| undefined,
@@ -175,7 +175,7 @@ export class OdspDocumentService
 		if (!this.storageManager) {
 			this.storageManager = new OdspDocumentStorageService(
 				this.odspResolvedUrl,
-				this.getStorageToken,
+				this.getAuthHeader,
 				this.mc.logger,
 				true,
 				this.cache,
@@ -208,7 +208,7 @@ export class OdspDocumentService
 		const snapshotOps = this.storageManager?.ops ?? [];
 		const service = new OdspDeltaStorageService(
 			this.odspResolvedUrl.endpoints.deltaStorageUrl,
-			this.getStorageToken,
+			this.getAuthHeader,
 			this.epochTracker,
 			this.mc.logger,
 		);
@@ -285,7 +285,7 @@ export class OdspDocumentService
 		this.odspDelayLoadedDeltaStream = new module.OdspDelayLoadedDeltaStream(
 			this.odspResolvedUrl,
 			this._policies,
-			this.getStorageToken,
+			this.getAuthHeader,
 			this.getWebsocketToken,
 			this.mc,
 			this.cache,

package/src/odspDocumentServiceFactory.ts

@@ -18,6 +18,7 @@ import { OdspDocumentServiceFactoryCore } from "./odspDocumentServiceFactoryCore
 /**
  * Factory for creating the sharepoint document service. Use this if you want to
  * use the sharepoint implementation.
+ * @legacy
  * @alpha
  */
 export class OdspDocumentServiceFactory extends OdspDocumentServiceFactoryCore {
@@ -37,6 +38,7 @@ export class OdspDocumentServiceFactory extends OdspDocumentServiceFactoryCore {
  * @remarks Use if you don't want to connect to any kind of external/internal storages and want to provide
  * content directly.
  *
+ * @legacy
  * @alpha
  */
 export function createLocalOdspDocumentServiceFactory(

package/src/odspDocumentServiceFactoryCore.ts

@@ -57,6 +57,7 @@ import {
  *
  * This constructor should be used by environments that support dynamic imports and that wish
  * to leverage code splitting as a means to keep bundles as small as possible.
+ * @legacy
  * @alpha
  */
 export class OdspDocumentServiceFactoryCore
@@ -167,7 +168,7 @@ export class OdspDocumentServiceFactoryCore
 					this.hostPolicy.enableSingleRequestForShareLinkWithCreate,
 			},
 			async (event) => {
-				const getStorageToken = toInstrumentedOdspStorageTokenFetcher(
+				const getAuthHeader = toInstrumentedOdspStorageTokenFetcher(
 					odspLogger,
 					resolvedUrlData,
 					this.getStorageToken,
@@ -188,7 +189,7 @@ export class OdspDocumentServiceFactoryCore
 					});
 				const _odspResolvedUrl = isNewFileInfo(fileInfo)
 					? await module.createNewFluidFile(
-							getStorageToken,
+							getAuthHeader,
 							fileInfo,
 							odspLogger,
 							createNewSummary,
@@ -200,7 +201,7 @@ export class OdspDocumentServiceFactoryCore
 							this.hostPolicy.enableSingleRequestForShareLinkWithCreate,
 						)
 					: await module.createNewContainerOnExistingFile(
-							getStorageToken,
+							getAuthHeader,
 							fileInfo,
 							odspLogger,
 							createNewSummary,
@@ -300,11 +301,13 @@ export class OdspDocumentServiceFactoryCore
 			this.getWebsocketToken === undefined
 				? undefined
 				: async (options: TokenFetchOptions): Promise<string | null> =>
+						// websocket expects a plain token
 						toInstrumentedOdspTokenFetcher(
 							extLogger,
 							resolvedUrlData,
 							this.getWebsocketToken!,
 							false /* throwOnNullToken */,
+							true /* returnPlainToken */,
 						)(options, "GetWebsocketToken");
 
 		return OdspDocumentService.create(