@mablhq/mabl-cli 1.18.3 → 1.20.9

package/mablscript/diffing/diffingUtil.js

@@ -63,9 +63,7 @@ function flattenTestFlowsIntoSteps(flows, flowConfig) {
 }
 function flattenTestFlowsIntoLineDiffingFormat(flows, flowConfig) {
     const flattenedSteps = flattenTestFlowsIntoSteps(flows, flowConfig);
-    const diffingFormat = flattenedSteps
-        .map((step) => step.toLineDiffFormat())
-        .join('\n');
+    const diffingFormat = formatLineDiffString(flattenedSteps.map((step) => step.toLineDiffFormat()).join('\n'));
     return { flattenedSteps, diffingFormat };
 }
 exports.flattenTestFlowsIntoLineDiffingFormat = flattenTestFlowsIntoLineDiffingFormat;
@@ -112,13 +110,9 @@ exports.diffTests = diffTests;
 function diffFlows(flow1, flow2) {
     var _a, _b;
     const flow1Steps = (0, importer_1.parseMablScriptIntoSteps)(flow1);
-    const formattedFlow1Steps = flow1Steps
-        .map((step) => step.toLineDiffFormat())
-        .join('\n');
+    const formattedFlow1Steps = formatLineDiffString(flow1Steps.map((step) => step.toLineDiffFormat()).join('\n'));
     const flow2Steps = (0, importer_1.parseMablScriptIntoSteps)(flow2);
-    const formattedFlow2Steps = flow2Steps
-        .map((step) => step.toLineDiffFormat())
-        .join('\n');
+    const formattedFlow2Steps = formatLineDiffString(flow2Steps.map((step) => step.toLineDiffFormat()).join('\n'));
     const flattenedDiffs = lineModeDiff(formattedFlow1Steps, formattedFlow2Steps);
     const stepDiffs = convertDiffingFormatIntoDiffingSteps(flattenedDiffs, flow1Steps, flow2Steps);
     const parametersDiff = diffFlowVariables(flow1.parameters, flow2.parameters);
@@ -144,3 +138,9 @@ function flattenFlowVariables(flowVariables) {
     var _a;
     return ((_a = flowVariables === null || flowVariables === void 0 ? void 0 : flowVariables.sort((a, b) => a.name.localeCompare(b.name)).map((parameter) => (0, fast_json_stable_stringify_1.default)(parameter)).join('\n')) !== null && _a !== void 0 ? _a : '');
 }
+function formatLineDiffString(lineDiff) {
+    if (!lineDiff) {
+        return lineDiff;
+    }
+    return lineDiff + '\n';
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mablhq/mabl-cli",
-  "version": "1.18.3",
+  "version": "1.20.9",
   "license": "SEE LICENSE IN LICENSE.txt",
   "description": "The official mabl command line interface tool",
   "main": "index.js",
@@ -58,6 +58,7 @@
     "js-yaml": "4.1.0",
     "jsesc": "3.0.2",
     "jwt-decode": "2.2.0",
+    "keytar": "7.7.0",
     "lodash.get": "4.4.2",
     "markdown-table": "2.0.0",
     "mime-types": "2.1.27",
@@ -77,7 +78,7 @@
     "retry": "0.13.1",
     "sanitize-html": "2.3.3",
     "serve-handler": "6.1.3",
-    "socks-proxy-agent": "5.0.0",
+    "socks-proxy-agent": "6.1.1",
     "stoppable": "1.1.0",
     "strip-ansi": "6.0.0",
     "tmp-promise": "3.0.2",

package/providers/authenticationProvider.js

@@ -3,39 +3,39 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthenticationProvider = exports.AuthProviderType = void 0;
+exports.isOidcError = exports.AuthenticationProvider = void 0;
 const open_1 = __importDefault(require("open"));
 const axios_1 = __importDefault(require("axios"));
 const env_1 = require("../env/env");
 const cliConfigProvider_1 = require("./cliConfigProvider");
-const basicApiClient_1 = require("../api/basicApiClient");
+const types_1 = require("../api/types");
 const mablApiClientFactory_1 = require("../api/mablApiClientFactory");
 const loggingProvider_1 = require("./logging/loggingProvider");
 const pureUtil_1 = require("../util/pureUtil");
 const OktaClient_1 = require("../auth/OktaClient");
 const httpUtil_1 = require("../util/httpUtil");
+const types_2 = require("./types");
 const humanizeDuration = require('humanize-duration');
 const inquirer = require('inquirer');
 const chalk = require('chalk');
-var AuthProviderType;
-(function (AuthProviderType) {
-    AuthProviderType["Auth0"] = "auth0";
-    AuthProviderType["Mabl"] = "mabl";
-    AuthProviderType["Okta"] = "okta";
-})(AuthProviderType = exports.AuthProviderType || (exports.AuthProviderType = {}));
 class AuthenticationProvider {
     constructor() {
         this.verbose = false;
-        const client = axios_1.default.create((0, httpUtil_1.currentProxyConfig)());
-        this.oktaClient = new OktaClient_1.OktaClient(client);
+    }
+    async getOktaClient() {
+        if (!this.oktaClient) {
+            const client = axios_1.default.create(await (0, httpUtil_1.currentProxyConfig)());
+            this.oktaClient = new OktaClient_1.OktaClient(client);
+        }
+        return this.oktaClient;
     }
     async getAuthConfigWithAutoRenew() {
-        let authConfig = cliConfigProvider_1.CliConfigProvider.getCliConfig().authentication;
+        const authConfig = (await cliConfigProvider_1.CliConfigProvider.getCliConfig()).authentication;
         if (authConfig.accessToken) {
             if (this.verbose) {
                 loggingProvider_1.logger.info('Found existing access token');
             }
-            authConfig = await this.maybeRenewAuthentication(authConfig);
+            return this.maybeRenewAuthentication(authConfig);
         }
         return authConfig;
     }
@@ -46,45 +46,71 @@ class AuthenticationProvider {
             }
             return authConfig;
         }
-        if (authConfig.authProvider === AuthProviderType.Auth0) {
+        if (authConfig.authProvider === types_2.AuthProviderType.Auth0) {
             if (this.verbose) {
                 loggingProvider_1.logger.info(`Authentication refresh token ${chalk.yellow.bold('not valid')}`);
             }
             return authConfig;
         }
+        const nowMilliseconds = Date.now();
+        const refreshTokenValidMilliseconds = authConfig.refreshTokenExpirationTimeMilliseconds
+            ? authConfig.refreshTokenExpirationTimeMilliseconds - nowMilliseconds
+            : undefined;
+        if (refreshTokenValidMilliseconds !== undefined &&
+            refreshTokenValidMilliseconds <= 0) {
+            loggingProvider_1.logger.info(`Login has ${chalk.yellow.bold('expired')}.  Please run ${chalk.magenta('mabl auth login')} to log in with your mabl account`);
+            process.exit(1);
+        }
         if (this.verbose) {
-            loggingProvider_1.logger.info('Found refresh token');
+            loggingProvider_1.logger.info('Found valid refresh token');
         }
-        const RefreshAccessTokenWindowMilliseconds = 60 * 60 * 1000;
-        const nowMilliseconds = Date.now();
-        const validMilliseconds = authConfig.accessTokenExpirationTimeMilliseconds - nowMilliseconds;
+        const RefreshAccessTokenWindowMilliseconds = 10 * 60 * 1000;
+        const accessTokenValidMilliseconds = authConfig.accessTokenExpirationTimeMilliseconds - nowMilliseconds;
         if (this.verbose) {
-            loggingProvider_1.logger.info(`Existing token expires in ${chalk.yellow.bold(humanizeExpirationTime(validMilliseconds))}`);
+            if (accessTokenValidMilliseconds > 0) {
+                loggingProvider_1.logger.info(`Existing access token expires in [${chalk.magenta.bold(humanizeExpirationTime(accessTokenValidMilliseconds))}]`);
+            }
+            else {
+                loggingProvider_1.logger.info(`Access token has ${chalk.yellow.bold('expired')}`);
+            }
         }
-        if (validMilliseconds < RefreshAccessTokenWindowMilliseconds) {
+        if (accessTokenValidMilliseconds < RefreshAccessTokenWindowMilliseconds) {
             if (this.verbose) {
                 loggingProvider_1.logger.info(`Renewing authorization...`);
             }
-            const newAuthInfo = await this.oktaClient.exchangeRefreshTokenForAccessToken(authConfig.refreshToken);
+            const oktaClient = await this.getOktaClient();
+            let newAuthInfo;
+            try {
+                newAuthInfo = await oktaClient.exchangeRefreshTokenForAccessToken(authConfig.refreshToken);
+            }
+            catch (error) {
+                processAuthorizationError(error, true);
+                process.exit(1);
+            }
             if (newAuthInfo.error) {
                 loggingProvider_1.logger.error(chalk.red.bold(`Could not refresh authentication due to error: ${newAuthInfo.error_description}`));
                 process.exit(1);
             }
-            newAuthInfo.refresh_token = authConfig.refreshToken;
-            cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(newAuthInfo, nowMilliseconds);
-            return cliConfigProvider_1.CliConfigProvider.getCliConfig().authentication;
+            if (!newAuthInfo.refresh_token_expires_at &&
+                authConfig.refreshTokenExpirationTimeMilliseconds) {
+                newAuthInfo.refresh_token_expires_at =
+                    authConfig.refreshTokenExpirationTimeMilliseconds / 1000;
+            }
+            await cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(newAuthInfo, nowMilliseconds);
+            return (await cliConfigProvider_1.CliConfigProvider.getCliConfig()).authentication;
         }
         return authConfig;
     }
-    static getAuthType() {
-        const config = cliConfigProvider_1.CliConfigProvider.getCliConfig();
+    static async getAuthType() {
+        const config = await cliConfigProvider_1.CliConfigProvider.getCliConfig();
         return config.authentication.authType;
     }
-    displayInfo() {
+    async displayInfo() {
+        var _a;
         try {
-            const config = cliConfigProvider_1.CliConfigProvider.getCliConfig();
-            if (config.authentication.authType === basicApiClient_1.AuthType.ApiKey) {
-                loggingProvider_1.logger.info('You are authenticated by API key');
+            const config = await cliConfigProvider_1.CliConfigProvider.getCliConfig();
+            if (config.authentication.authType === types_1.AuthType.ApiKey) {
+                loggingProvider_1.logger.info(`You are authenticated by ${chalk.magenta.bold('API key')}`);
                 return;
             }
             if (!config.email || config.authentication.authType === undefined) {
@@ -92,7 +118,7 @@ class AuthenticationProvider {
                 return;
             }
             loggingProvider_1.logger.info(`Logged in as user [${chalk.magenta.bold(config.email)}]`);
-            const expirationMilliseconds = config.authentication.accessTokenExpirationTimeMilliseconds -
+            const expirationMilliseconds = ((_a = config.authentication.refreshTokenExpirationTimeMilliseconds) !== null && _a !== void 0 ? _a : config.authentication.accessTokenExpirationTimeMilliseconds) -
                 Date.now();
             if (expirationMilliseconds > 0) {
                 loggingProvider_1.logger.info(`Login expires in [${chalk.magenta.bold(humanizeExpirationTime(expirationMilliseconds))}]`);
@@ -106,36 +132,41 @@ class AuthenticationProvider {
             process.exit(1);
         }
     }
-    clearAuthentication() {
+    async clearAuthentication() {
         try {
-            const config = cliConfigProvider_1.CliConfigProvider.getCliConfig();
-            if (!config.email) {
+            const config = await cliConfigProvider_1.CliConfigProvider.getCliConfig();
+            if (!config.email && config.authentication.authType !== types_1.AuthType.ApiKey) {
                 loggingProvider_1.logger.info('You are not logged in');
                 return;
             }
-            loggingProvider_1.logger.info(`Logged out user [${chalk.magenta.bold(config.email)}]`);
-            cliConfigProvider_1.CliConfigProvider.clearAuthConfig();
+            await cliConfigProvider_1.CliConfigProvider.clearAuthConfig();
+            if (config.email) {
+                loggingProvider_1.logger.info(`Logged out user [${chalk.magenta.bold(config.email)}]`);
+            }
+            else {
+                loggingProvider_1.logger.info(`Removed ${chalk.magenta.bold('API key')}`);
+            }
         }
         catch (error) {
             loggingProvider_1.logger.error(chalk.red.bold(error));
             process.exit(1);
         }
     }
-    activateApiKey(apiKey) {
+    async activateApiKey(apiKey) {
         const authInfo = {
-            auth_provider: AuthProviderType.Mabl,
-            auth_type: basicApiClient_1.AuthType.ApiKey,
+            auth_provider: types_2.AuthProviderType.Mabl,
+            auth_type: types_1.AuthType.ApiKey,
             api_key: apiKey,
         };
         const requestTimeMilliseconds = Date.now();
-        cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(authInfo, requestTimeMilliseconds);
+        await cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(authInfo, requestTimeMilliseconds);
     }
     async authenticate() {
-        var _a;
+        const oktaClient = await this.getOktaClient();
         try {
-            const { codeChallenge, codeVerifier } = this.oktaClient.generateCodeChallenge();
+            const { codeChallenge, codeVerifier } = oktaClient.generateCodeChallenge();
             const redirectUri = `${env_1.BASE_APP_URL}/app-code`;
-            const authUrl = this.oktaClient.buildAuthorizationUrl(codeChallenge, redirectUri);
+            const authUrl = oktaClient.buildAuthorizationUrl(codeChallenge, redirectUri);
             loggingProvider_1.logger.info(`Your browser has been opened to the following URL for obtaining an authorization code:
 
 ${authUrl}
@@ -152,34 +183,23 @@ ${authUrl}
             const requestTimeMilliseconds = Date.now();
             let authInfo;
             try {
-                authInfo = await this.oktaClient.validateAuthCode(response.authCode, codeVerifier, redirectUri);
+                authInfo = await oktaClient.validateAuthCode(response.authCode, codeVerifier, redirectUri);
             }
             catch (error) {
-                loggingProvider_1.logger.error(chalk.red.bold(`Authorization failed.`));
-                loggingProvider_1.logger.error(chalk.red.bold(error.toString()));
-                const data = (_a = error.response) === null || _a === void 0 ? void 0 : _a.data;
-                if (isOidcError(data)) {
-                    loggingProvider_1.logger.error(chalk.red.bold(`Authorization failed: ${data.error_description} [${data.error}]`));
-                }
-                else if (data) {
-                    loggingProvider_1.logger.error(chalk.red.bold(`Response data: ${JSON.stringify(data)}`));
-                }
-                else {
-                    loggingProvider_1.logger.error(chalk.red.bold('No response data'));
-                }
+                processAuthorizationError(error, false);
                 process.exit(1);
             }
             if (authInfo.error) {
                 loggingProvider_1.logger.error(chalk.red.bold(`Could not login due to error: ${authInfo.error_description}`));
                 process.exit(1);
             }
-            cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(authInfo, requestTimeMilliseconds);
+            await cliConfigProvider_1.CliConfigProvider.setCliAuthInfo(authInfo, requestTimeMilliseconds);
             const userData = await AuthenticationProvider.requestUserInfo(authInfo.access_token);
-            const config = cliConfigProvider_1.CliConfigProvider.getCliConfig();
+            const config = await cliConfigProvider_1.CliConfigProvider.getCliConfig();
             config.userId = userData.id;
             config.email = userData.email;
             config.userFullName = userData.name;
-            cliConfigProvider_1.CliConfigProvider.setCliConfig(config);
+            await cliConfigProvider_1.CliConfigProvider.setCliConfig(config);
             loggingProvider_1.logger.info(chalk.green.bold(`Login successful for: ${userData.email}`));
         }
         catch (error) {
@@ -192,11 +212,35 @@ ${authUrl}
         return (0, open_1.default)(path);
     }
     static async requestUserInfo(accessToken) {
-        const apiClient = mablApiClientFactory_1.MablApiClientFactory.createApiClientForAccessToken(accessToken);
+        const apiClient = await mablApiClientFactory_1.MablApiClientFactory.createApiClientForAccessToken(accessToken);
         return apiClient.getSelf();
     }
 }
 exports.AuthenticationProvider = AuthenticationProvider;
+function processAuthorizationError(error, isTokenRefresh) {
+    var _a;
+    const mainErrorMessage = isTokenRefresh ? 'Token refresh' : 'Authorization';
+    loggingProvider_1.logger.error(chalk.red.bold(`${mainErrorMessage} failed.`));
+    loggingProvider_1.logger.error(chalk.red.bold(error.toString()));
+    let hasResponseData = false;
+    if (axios_1.default.isAxiosError(error)) {
+        const data = (_a = error.response) === null || _a === void 0 ? void 0 : _a.data;
+        if (isOidcError(data)) {
+            loggingProvider_1.logger.error(chalk.red.bold(`${mainErrorMessage} failed: ${data.error_description} [${data.error}]`));
+            hasResponseData = true;
+        }
+        else if (data) {
+            loggingProvider_1.logger.error(chalk.red.bold(`Response data: ${JSON.stringify(data)}`));
+            hasResponseData = true;
+        }
+    }
+    if (!hasResponseData) {
+        loggingProvider_1.logger.error(chalk.red.bold('No response data'));
+    }
+    if (isTokenRefresh) {
+        loggingProvider_1.logger.error(`Please try again. If the issue persists authenticate again with ${chalk.magenta('mabl auth login')}.`);
+    }
+}
 function humanizeExpirationTime(milliseconds) {
     return humanizeDuration(milliseconds, {
         maxDecimalPoints: 0,
@@ -204,5 +248,7 @@ function humanizeExpirationTime(milliseconds) {
     });
 }
 function isOidcError(err) {
-    return (0, pureUtil_1.isString)(err === null || err === void 0 ? void 0 : err.error) && (0, pureUtil_1.isString)(err === null || err === void 0 ? void 0 : err.error_description);
+    return ((0, pureUtil_1.isString)(err === null || err === void 0 ? void 0 : err.error) &&
+        (0, pureUtil_1.isString)(err === null || err === void 0 ? void 0 : err.error_description));
 }
+exports.isOidcError = isOidcError;

package/providers/cliConfigProvider.js

@@ -1,15 +1,41 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CliConfigProvider = exports.getAuthConfigFile = void 0;
+exports.__resetIsKeytarAvailable = exports.CliConfigProvider = exports.getAuthConfigFile = exports.getEncryptionKey = exports.AUTH_KEY_NAMES = exports.IS_CONFIG_ENCRYPTED_KEY_NAME = void 0;
 const env_1 = require("../env/env");
 const conf_1 = __importDefault(require("conf"));
-const authenticationProvider_1 = require("./authenticationProvider");
-const basicApiClient_1 = require("../api/basicApiClient");
-const set_1 = require("../commands/config/config_cmds/set");
+const types_1 = require("./types");
+const types_2 = require("../api/types");
+const configKeys_1 = require("../commands/config/config_cmds/configKeys");
 const httpUtil_1 = require("../util/httpUtil");
+const crypto = __importStar(require("crypto"));
+const loggingProvider_1 = require("./logging/loggingProvider");
+const utilities_1 = require("../utilities");
 const USER_ID_NAME = 'userId';
 const USER_FULL_NAME_NAME = 'userFullName';
 const EMAIL_NAME = 'email';
@@ -19,17 +45,71 @@ const AUTH_TYPE = 'authType';
 const ACCESS_TOKEN_NAME = 'accessToken';
 const REFRESH_TOKEN_NAME = 'refreshToken';
 const ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME = 'accessTokenExpirationTimeMilliseconds';
-const AUTH_KEY_NAMES = [
+const REFRESH_TOKEN_EXPIRATION_MILLISECONDS_NAME = `${REFRESH_TOKEN_NAME}ExpirationTimeMilliseconds`;
+exports.IS_CONFIG_ENCRYPTED_KEY_NAME = '_isConfigEncrypted';
+exports.AUTH_KEY_NAMES = [
     AUTH_PROVIDER,
     AUTH_TYPE,
     ACCESS_TOKEN_NAME,
     ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME,
     REFRESH_TOKEN_NAME,
+    REFRESH_TOKEN_EXPIRATION_MILLISECONDS_NAME,
     USER_FULL_NAME_NAME,
     USER_ID_NAME,
     EMAIL_NAME,
 ];
-function getAuthConfigFile() {
+let isKeytarAvailable = true;
+async function getEncryptionKey() {
+    var _a;
+    if ((0, utilities_1.areWeTestingInJest)()) {
+        return;
+    }
+    let maybeEncryptionKey;
+    if (isKeytarAvailable) {
+        try {
+            const keytar = require('keytar');
+            maybeEncryptionKey =
+                (_a = (await keytar.getPassword(env_1.CONF_FILE_PROJECT_NAME, env_1.ENV))) !== null && _a !== void 0 ? _a : undefined;
+            if (!maybeEncryptionKey) {
+                maybeEncryptionKey = crypto
+                    .randomFillSync(Buffer.alloc(48))
+                    .toString('base64');
+                await keytar.setPassword(env_1.CONF_FILE_PROJECT_NAME, env_1.ENV, maybeEncryptionKey);
+            }
+        }
+        catch (error) {
+            loggingProvider_1.logger.warn(`Creating finite login session because login auto-renewal is unsupported on this system.`);
+            isKeytarAvailable = false;
+        }
+    }
+    return maybeEncryptionKey;
+}
+exports.getEncryptionKey = getEncryptionKey;
+async function getAuthConfigFile() {
+    const maybeEncryptionKey = await getEncryptionKey();
+    if (!isKeytarAvailable || (0, utilities_1.areWeTestingInJest)()) {
+        return getNonEncryptedConfig();
+    }
+    const conf = new conf_1.default({
+        configName: 'access-enc',
+        projectName: env_1.CONF_FILE_PROJECT_NAME,
+        projectVersion: env_1.CONF_FILE_VERSION,
+        accessPropertiesByDotNotation: false,
+        encryptionKey: maybeEncryptionKey,
+    });
+    if (conf.has(exports.IS_CONFIG_ENCRYPTED_KEY_NAME)) {
+        return conf;
+    }
+    const oldConf = getNonEncryptedConfig();
+    copyConf(oldConf, conf);
+    conf.set(exports.IS_CONFIG_ENCRYPTED_KEY_NAME, true);
+    return conf;
+}
+exports.getAuthConfigFile = getAuthConfigFile;
+function shouldStoreRefreshTokens() {
+    return isKeytarAvailable || (0, utilities_1.areWeTestingInJest)();
+}
+function getNonEncryptedConfig() {
     return new conf_1.default({
         configName: 'access',
         projectName: env_1.CONF_FILE_PROJECT_NAME,
@@ -37,56 +117,62 @@ function getAuthConfigFile() {
         accessPropertiesByDotNotation: false,
     });
 }
-exports.getAuthConfigFile = getAuthConfigFile;
+function copyConf(confFrom, confTo) {
+    for (const key of [...exports.AUTH_KEY_NAMES, ...configKeys_1.validConfigKeyChoices]) {
+        const value = confFrom.get(key);
+        if (value !== undefined) {
+            confTo.set(key, value);
+        }
+    }
+}
 class CliConfigProvider {
     static setWorkspace(workspaceId) {
-        setValue(WORKSPACE, workspaceId);
+        return setValue(WORKSPACE, workspaceId);
     }
     static clearWorkspace() {
-        clearValue(WORKSPACE);
+        return clearValue(WORKSPACE);
     }
-    static getWorkspace() {
-        return getAuthConfigFile().get(WORKSPACE);
+    static async getWorkspace() {
+        return (await getAuthConfigFile()).get(WORKSPACE);
     }
     static getConfigProperty(key) {
-        return getValue(this.propertyKeyToStoredKey(key));
+        return getValue(propertyKeyToStoredKey(key));
     }
     static clearConfigProperty(key) {
-        return clearValue(this.propertyKeyToStoredKey(key));
+        return clearValue(propertyKeyToStoredKey(key));
     }
     static setConfigProperty(key, value) {
-        return setValue(this.propertyKeyToStoredKey(key), value);
+        return setValue(propertyKeyToStoredKey(key), value);
     }
-    static propertyKeyToStoredKey(key) {
-        return `properties.${key}`;
-    }
-    static getCliConfig() {
-        const authType = getAuthConfigFile().get(AUTH_TYPE);
-        let authProvider = getAuthConfigFile().get(AUTH_PROVIDER);
+    static async getCliConfig() {
+        const config = await getAuthConfigFile();
+        const authType = config.get(AUTH_TYPE);
+        let authProvider = config.get(AUTH_PROVIDER);
         if (!authProvider && authType !== undefined) {
             authProvider =
-                authType === basicApiClient_1.AuthType.ApiKey
-                    ? authenticationProvider_1.AuthProviderType.Mabl
-                    : authenticationProvider_1.AuthProviderType.Auth0;
+                authType === types_2.AuthType.ApiKey
+                    ? types_1.AuthProviderType.Mabl
+                    : types_1.AuthProviderType.Auth0;
         }
         const authentication = {
             authProvider,
             authType,
-            accessToken: getAuthConfigFile().get(ACCESS_TOKEN_NAME),
-            refreshToken: getAuthConfigFile().get(REFRESH_TOKEN_NAME),
-            accessTokenExpirationTimeMilliseconds: getAuthConfigFile().get(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME),
+            accessToken: config.get(ACCESS_TOKEN_NAME),
+            refreshToken: config.get(REFRESH_TOKEN_NAME),
+            accessTokenExpirationTimeMilliseconds: config.get(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME),
+            refreshTokenExpirationTimeMilliseconds: config.get(REFRESH_TOKEN_EXPIRATION_MILLISECONDS_NAME),
         };
         const httpConfig = {
             sslVerify: httpUtil_1.EXECUTION_ENGINE_SSL_VERIFY,
         };
-        const proxyHostValue = this.getConfigProperty(set_1.configKeys.proxy);
+        const proxyHostValue = await this.getConfigProperty(configKeys_1.configKeys.proxy);
         if (proxyHostValue) {
             if (typeof proxyHostValue !== 'string') {
                 throw new Error('Invalid proxy host value');
             }
             httpConfig.proxyHost = new URL(proxyHostValue);
         }
-        const sslVerifyValue = this.getConfigProperty(set_1.configKeys.sslVerify);
+        const sslVerifyValue = await this.getConfigProperty(configKeys_1.configKeys.sslVerify);
         if (sslVerifyValue !== undefined) {
             if (typeof sslVerifyValue !== 'boolean') {
                 throw new Error(`Invalid proxy sslVerify value`);
@@ -95,60 +181,72 @@ class CliConfigProvider {
         }
         return {
             authentication,
-            userId: getAuthConfigFile().get(USER_ID_NAME),
-            email: getAuthConfigFile().get(EMAIL_NAME),
-            userFullName: getAuthConfigFile().get(USER_FULL_NAME_NAME),
-            workspace: getAuthConfigFile().get(WORKSPACE),
+            userId: config.get(USER_ID_NAME),
+            email: config.get(EMAIL_NAME),
+            userFullName: config.get(USER_FULL_NAME_NAME),
+            workspace: config.get(WORKSPACE),
             http: httpConfig,
         };
     }
     static clearAuthConfig() {
-        AUTH_KEY_NAMES.forEach((keyName) => clearValue(keyName));
+        exports.AUTH_KEY_NAMES.forEach((keyName) => clearValue(keyName));
         return this.getCliConfig();
     }
-    static setCliConfig(config) {
-        var _a, _b, _c, _d, _e;
-        setValue(AUTH_PROVIDER, (_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.authProvider);
-        setValue(AUTH_TYPE, (_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.authType);
-        setValue(ACCESS_TOKEN_NAME, (_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.accessToken);
-        setValue(REFRESH_TOKEN_NAME, (_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.refreshToken);
-        setValue(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME, (_e = config === null || config === void 0 ? void 0 : config.authentication) === null || _e === void 0 ? void 0 : _e.accessTokenExpirationTimeMilliseconds);
-        setValue(USER_ID_NAME, config.userId);
-        setValue(EMAIL_NAME, config.email);
-        setValue(USER_FULL_NAME_NAME, config.userFullName);
+    static async setCliConfig(config) {
+        var _a, _b, _c, _d, _e, _f;
+        await setValue(AUTH_PROVIDER, (_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.authProvider);
+        await setValue(AUTH_TYPE, (_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.authType);
+        await setValue(ACCESS_TOKEN_NAME, (_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.accessToken);
+        await setValue(REFRESH_TOKEN_NAME, (_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.refreshToken);
+        await setValue(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME, (_e = config === null || config === void 0 ? void 0 : config.authentication) === null || _e === void 0 ? void 0 : _e.accessTokenExpirationTimeMilliseconds);
+        await setValue(REFRESH_TOKEN_EXPIRATION_MILLISECONDS_NAME, (_f = config === null || config === void 0 ? void 0 : config.authentication) === null || _f === void 0 ? void 0 : _f.refreshTokenExpirationTimeMilliseconds);
+        await setValue(USER_ID_NAME, config.userId);
+        await setValue(EMAIL_NAME, config.email);
+        await setValue(USER_FULL_NAME_NAME, config.userFullName);
         return config;
     }
-    static setCliAuthInfo(authInfo, updateMilliseconds) {
-        setValue(AUTH_TYPE, authInfo === null || authInfo === void 0 ? void 0 : authInfo.auth_type);
+    static async setCliAuthInfo(authInfo, updateMilliseconds) {
+        await setValue(AUTH_TYPE, authInfo === null || authInfo === void 0 ? void 0 : authInfo.auth_type);
         switch (authInfo.auth_type) {
-            case basicApiClient_1.AuthType.Bearer:
+            case types_2.AuthType.Bearer:
                 const bearerAuthInfo = authInfo;
                 const expirationTimeMilliseconds = updateMilliseconds + bearerAuthInfo.expires_in * 1000;
-                setValue(AUTH_PROVIDER, bearerAuthInfo.auth_provider);
-                setValue(ACCESS_TOKEN_NAME, bearerAuthInfo === null || bearerAuthInfo === void 0 ? void 0 : bearerAuthInfo.access_token);
-                setValue(REFRESH_TOKEN_NAME, bearerAuthInfo === null || bearerAuthInfo === void 0 ? void 0 : bearerAuthInfo.refresh_token);
-                setValue(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME, expirationTimeMilliseconds);
+                await setValue(AUTH_PROVIDER, bearerAuthInfo.auth_provider);
+                await setValue(ACCESS_TOKEN_NAME, bearerAuthInfo === null || bearerAuthInfo === void 0 ? void 0 : bearerAuthInfo.access_token);
+                await setValue(REFRESH_TOKEN_NAME, bearerAuthInfo === null || bearerAuthInfo === void 0 ? void 0 : bearerAuthInfo.refresh_token);
+                await setValue(ACCESS_TOKEN_EXPIRATION_MILLISECONDS_NAME, expirationTimeMilliseconds);
+                if (bearerAuthInfo.refresh_token_expires_at) {
+                    await setValue(REFRESH_TOKEN_EXPIRATION_MILLISECONDS_NAME, bearerAuthInfo.refresh_token_expires_at * 1000);
+                }
                 return;
-            case basicApiClient_1.AuthType.ApiKey:
+            case types_2.AuthType.ApiKey:
                 const apiKeyAuthInfo = authInfo;
-                setValue(AUTH_PROVIDER, apiKeyAuthInfo.auth_provider);
-                setValue(ACCESS_TOKEN_NAME, apiKeyAuthInfo.api_key);
+                await setValue(AUTH_PROVIDER, apiKeyAuthInfo.auth_provider);
+                await setValue(ACCESS_TOKEN_NAME, apiKeyAuthInfo.api_key);
                 return;
         }
     }
 }
 exports.CliConfigProvider = CliConfigProvider;
-function setValue(key, value) {
+function propertyKeyToStoredKey(key) {
+    return `properties.${key}`;
+}
+async function setValue(key, value) {
     if (value === undefined) {
-        clearValue(key);
+        return clearValue(key);
     }
-    else {
-        getAuthConfigFile().set(key, value);
+    if (!shouldStoreRefreshTokens() && key.includes(REFRESH_TOKEN_NAME)) {
+        return;
     }
+    (await getAuthConfigFile()).set(key, value);
+}
+async function getValue(key) {
+    return (await getAuthConfigFile()).get(key);
 }
-function getValue(key) {
-    return getAuthConfigFile().get(key);
+async function clearValue(key) {
+    (await getAuthConfigFile()).delete(key);
 }
-function clearValue(key) {
-    getAuthConfigFile().delete(key);
+function __resetIsKeytarAvailable() {
+    isKeytarAvailable = true;
 }
+exports.__resetIsKeytarAvailable = __resetIsKeytarAvailable;