@mft/moneyhub-api-client 6.93.1 → 6.95.0

package/.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "snyk.advanced.autoSelectOrganization": true
+}

package/CHANGELOG.md

@@ -1,3 +1,13 @@
+6.95.0 / 2026-02-23
+==========
+
+**Features**
+
+* **Gateway behaviour**: When `gatewayIdentityServiceUrl` is set, discovery is fetched from it and endpoint URLs in the document are rewritten to that base (discovery `issuer` is left unchanged for JWT validation). When `gatewayResourceServerUrl`, `gatewayCaasResourceServerUrl`, or `gatewayOsipResourceServerUrl` is set, the client uses that URL for that API and rewrites response link URLs in the response body to it. When `gatewayAccountConnectUrl` is set, the client uses that URL for the account-connect API (request routing only; link rewriting applies to resource server, CaaS, and OSIP only). When a gateway URL is not set for a resource, no rewriting occurs for that resource.
+* `getOpenIdConfig()` uses a TTL cache backed by `@isaacs/ttlcache` (configurable via `options.openIdConfigCacheTtlMs`) and returns discovery with endpoint URLs rewritten to `gatewayIdentityServiceUrl` only when that option is set.
+* Identity URLs are detected for versioning via the effective identity base (no hardcoded path prefix list); when provided, any request URL under that base does not have an API version segment added.
+* See the readme section **Using the client behind a gateway** for configuration, verification, and security notes.
+
 6.91.0 / 2025-05-01
 ==================
 
@@ -172,7 +182,7 @@
 **Breaking Changes**
 
 * Normalisation of all methods to use object destructuring to pass parameters. Please refer to the docs of each method when migrating to this version
-* Delete methods only return the status code when succesful
+* Delete methods only return the status code when successful
 * All methods to retrieve data return the body response as json, on previous versions some methods were returning the full response from the got library.
 * When our API response code is not 2xx an HTTP error is thrown. Includes a response property with more information.
 * Removal of all the methods with the suffix `WithToken`. To migrate to this version you can use the method with the same name but without the suffix. e.g `getUserConnectionsWithToken()` => `getUserConnections()`

package/README.md

@@ -0,0 +1,42 @@
+# Moneyhub API Client
+
+Node.js client for the [Moneyhub API](https://docs.moneyhubenterprise.com/docs).
+
+## Install
+
+```bash
+npm install @mft/moneyhub-api-client
+```
+
+## Quick start
+
+```javascript
+const { Moneyhub } = require("@mft/moneyhub-api-client");
+
+const moneyhub = await Moneyhub({
+  resourceServerUrl: "https://api.moneyhub.co.uk/v3",
+  identityServiceUrl: "https://identity.moneyhub.co.uk",
+  client: {
+    client_id: "your client id",
+    client_secret: "your client secret",
+    token_endpoint_auth_method: "client_secret_basic",
+    id_token_signed_response_alg: "RS256",
+    request_object_signing_alg: "none",
+    redirect_uri: "https://your-redirect-uri",
+    response_type: "code",
+  },
+});
+
+const accounts = await moneyhub.getAccounts({
+  userId: "user-id",
+  params: {},
+}, {});
+```
+
+## Documentation
+
+Full API documentation, upgrade guides, configuration options, and examples are in **[docs/readme.md](docs/readme.md)**.
+
+## Changelog
+
+[CHANGELOG.md](CHANGELOG.md)

package/dist/discovery.d.ts

@@ -0,0 +1,75 @@
+import type { Agents } from "got";
+import type { MutualTLSOptions } from "./schema/config";
+export interface DiscoveryOptions {
+    timeout?: number;
+    agent?: Agents;
+    mTLS?: MutualTLSOptions;
+}
+/**
+ * Rewrites any string value in a value (object, array, or primitive) that starts with
+ * canonicalBase to use targetBase instead. Does not mutate the original.
+ * Used for both OIDC discovery documents and resource server response bodies (e.g. links).
+ * @param {*} value - Object, array or primitive to rewrite
+ * @param {string} canonicalBase - Base URL to replace
+ * @param {string} targetBase - Base URL to use instead
+ * @returns {*} A copy of value with matching URLs rewritten
+ */
+export declare function rewriteUrlsInObject<T>(value: T, canonicalBase: string, targetBase: string): T;
+/**
+ * Rewrites URL fields in an OIDC discovery document so that endpoint URLs use the
+ * target base. Leaves the discovery "issuer" field unchanged so that JWT iss claim
+ * validation continues to work when the IdP still issues tokens with the canonical issuer.
+ * @param {Object} doc - OIDC discovery document
+ * @param {string} canonicalBase - Base URL to replace
+ * @param {string} targetBase - Base URL to use instead
+ * @returns {Object} Discovery document with endpoint URLs rewritten
+ */
+export declare function rewriteDiscoveryUrls(doc: Record<string, unknown>, canonicalBase: string, targetBase: string): Record<string, unknown>;
+export interface OpenIDDiscoveryMetadata {
+    issuer: string;
+    authorization_endpoint?: string;
+    token_endpoint?: string;
+    jwks_uri?: string;
+    [key: string]: unknown;
+}
+/**
+ * Rewrites a discovery document so endpoint URLs use the identity service base (e.g. gateway).
+ * Single source of truth for canonical/target computation; used by both initial fetch and cache refresh.
+ * @param {string} identityServiceUrl - Identity service base URL (e.g. gateway or https://identity.moneyhub.co.uk)
+ * @param {Record<string, unknown>} doc - Raw OIDC discovery document
+ * @returns {Record<string, unknown>} Discovery document with endpoint URLs rewritten (issuer unchanged)
+ */
+export declare function rewriteDiscoveryDocForIdentityUrl(identityServiceUrl: string, doc: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Fetches the raw OpenID discovery document from identityServiceUrl/oidc (no URL rewriting).
+ * @param {string} identityServiceUrl - Identity service base URL
+ * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings
+ * @returns {Promise<OpenIDDiscoveryMetadata>} Raw OpenID discovery metadata
+ */
+export declare function getDiscovery(identityServiceUrl: string, options?: DiscoveryOptions): Promise<OpenIDDiscoveryMetadata>;
+/**
+ * Fetches the OpenID discovery document from identityServiceUrl/oidc and rewrites
+ * all endpoint URLs (but not the issuer field) to use the configured identity service url, so that
+ * when used behind a gateway all OIDC traffic goes through the gateway.
+ * @param {string} identityServiceUrl - Identity service URL (e.g. https://identity.moneyhub.co.uk)
+ * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings
+ * @returns {Promise<OpenIDDiscoveryMetadata>} OpenID discovery metadata with URLs rewritten for the gateway
+ */
+export declare function getDiscoveryWithGatewayUrl(identityServiceUrl: string, options?: DiscoveryOptions): Promise<OpenIDDiscoveryMetadata>;
+/**
+ * Infers the canonical API base from a response link URL (e.g. links.self) by taking
+ * origin and path up to and including the version segment (e.g. /v3).
+ * @param {string} linkUrl - Full link URL from a resource response
+ * @returns {string|null} Canonical base URL or null if it cannot be inferred
+ */
+export declare function inferCanonicalBaseFromLinkUrl(linkUrl: string): string | null;
+/**
+ * Rewrites URL strings in a resource server response body (e.g. links.self, links.next,
+ * links.prev) so that any canonical API base is replaced with resourceServerUrl.
+ * Returns the body unchanged if no links or no canonical base can be inferred.
+ * @param {*} body - Resource server response body (typically with a links property)
+ * @param {string} resourceServerUrl - Base URL for the resource server (e.g. gateway URL)
+ * @returns {*} Body with link URLs rewritten to use resourceServerUrl
+ */
+export declare function rewriteResourceServerResponseUrls<T>(body: T, resourceServerUrl: string): T;
+//# sourceMappingURL=discovery.d.ts.map

package/dist/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,KAAK,CAAA;AAC/B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAA;AAErD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,IAAI,CAAC,EAAE,gBAAgB,CAAA;CACxB;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EACnC,KAAK,EAAE,CAAC,EACR,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GACjB,CAAC,CAuBH;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5B,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAYzB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,sBAAsB,CAAC,EAAE,MAAM,CAAA;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAUD;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAC/C,kBAAkB,EAAE,MAAM,EAC1B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC3B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,kBAAkB,EAAE,MAAM,EAC1B,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,uBAAuB,CAAC,CAkBlC;AAED;;;;;;;GAOG;AACH,wBAAsB,0BAA0B,CAC9C,kBAAkB,EAAE,MAAM,EAC1B,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,uBAAuB,CAAC,CAIlC;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAa5E;AAED;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,CAAC,EACjD,IAAI,EAAE,CAAC,EACP,iBAAiB,EAAE,MAAM,GACxB,CAAC,CAaH"}

package/dist/discovery.js

@@ -0,0 +1,169 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rewriteResourceServerResponseUrls = exports.inferCanonicalBaseFromLinkUrl = exports.getDiscoveryWithGatewayUrl = exports.getDiscovery = exports.rewriteDiscoveryDocForIdentityUrl = exports.rewriteDiscoveryUrls = exports.rewriteUrlsInObject = void 0;
+const got_1 = __importDefault(require("got"));
+/**
+ * Rewrites any string value in a value (object, array, or primitive) that starts with
+ * canonicalBase to use targetBase instead. Does not mutate the original.
+ * Used for both OIDC discovery documents and resource server response bodies (e.g. links).
+ * @param {*} value - Object, array or primitive to rewrite
+ * @param {string} canonicalBase - Base URL to replace
+ * @param {string} targetBase - Base URL to use instead
+ * @returns {*} A copy of value with matching URLs rewritten
+ */
+function rewriteUrlsInObject(value, canonicalBase, targetBase) {
+    if (canonicalBase === targetBase)
+        return value;
+    if (typeof value === "string") {
+        if (value.startsWith(canonicalBase)) {
+            return (targetBase + value.slice(canonicalBase.length));
+        }
+        return value;
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => rewriteUrlsInObject(item, canonicalBase, targetBase));
+    }
+    if (value !== null && typeof value === "object") {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = rewriteUrlsInObject(v, canonicalBase, targetBase);
+        }
+        return out;
+    }
+    return value;
+}
+exports.rewriteUrlsInObject = rewriteUrlsInObject;
+/**
+ * Rewrites URL fields in an OIDC discovery document so that endpoint URLs use the
+ * target base. Leaves the discovery "issuer" field unchanged so that JWT iss claim
+ * validation continues to work when the IdP still issues tokens with the canonical issuer.
+ * @param {Object} doc - OIDC discovery document
+ * @param {string} canonicalBase - Base URL to replace
+ * @param {string} targetBase - Base URL to use instead
+ * @returns {Object} Discovery document with endpoint URLs rewritten
+ */
+function rewriteDiscoveryUrls(doc, canonicalBase, targetBase) {
+    if (canonicalBase === targetBase)
+        return doc;
+    const result = {};
+    for (const [key, val] of Object.entries(doc)) {
+        if (key === "issuer" && typeof val === "string") {
+            result[key] = val;
+            continue;
+        }
+        result[key] = rewriteUrlsInObject(val, canonicalBase, targetBase);
+    }
+    return result;
+}
+exports.rewriteDiscoveryUrls = rewriteDiscoveryUrls;
+/**
+ * Normalised OIDC base for the given identity service URL (no trailing slash).
+ * @param {string} identityServiceUrl - Identity service base URL
+ * @returns {string} OIDC base URL with no trailing slash
+ */
+const oidcBaseFromIdentityUrl = (identityServiceUrl) => (identityServiceUrl.replace(/\/oidc\/?$/, "") + "/oidc").replace(/\/$/, "");
+/**
+ * Rewrites a discovery document so endpoint URLs use the identity service base (e.g. gateway).
+ * Single source of truth for canonical/target computation; used by both initial fetch and cache refresh.
+ * @param {string} identityServiceUrl - Identity service base URL (e.g. gateway or https://identity.moneyhub.co.uk)
+ * @param {Record<string, unknown>} doc - Raw OIDC discovery document
+ * @returns {Record<string, unknown>} Discovery document with endpoint URLs rewritten (issuer unchanged)
+ */
+function rewriteDiscoveryDocForIdentityUrl(identityServiceUrl, doc) {
+    const issuer = doc === null || doc === void 0 ? void 0 : doc.issuer;
+    if (!issuer || typeof issuer !== "string")
+        return doc;
+    const canonicalBase = issuer.replace(/\/$/, "");
+    const targetBase = oidcBaseFromIdentityUrl(identityServiceUrl);
+    return rewriteDiscoveryUrls(doc, canonicalBase, targetBase);
+}
+exports.rewriteDiscoveryDocForIdentityUrl = rewriteDiscoveryDocForIdentityUrl;
+/**
+ * Fetches the raw OpenID discovery document from identityServiceUrl/oidc (no URL rewriting).
+ * @param {string} identityServiceUrl - Identity service base URL
+ * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings
+ * @returns {Promise<OpenIDDiscoveryMetadata>} Raw OpenID discovery metadata
+ */
+async function getDiscovery(identityServiceUrl, options = {}) {
+    const base = oidcBaseFromIdentityUrl(identityServiceUrl);
+    const url = `${base}/.well-known/openid-configuration`;
+    const gotOpts = {
+        timeout: options.timeout,
+        responseType: "json",
+    };
+    if (options.agent) {
+        gotOpts.agent = options.agent;
+    }
+    if (options.mTLS) {
+        gotOpts.https = {
+            certificate: options.mTLS.cert,
+            key: options.mTLS.key,
+        };
+    }
+    const doc = (await (0, got_1.default)(url, gotOpts).json());
+    return doc;
+}
+exports.getDiscovery = getDiscovery;
+/**
+ * Fetches the OpenID discovery document from identityServiceUrl/oidc and rewrites
+ * all endpoint URLs (but not the issuer field) to use the configured identity service url, so that
+ * when used behind a gateway all OIDC traffic goes through the gateway.
+ * @param {string} identityServiceUrl - Identity service URL (e.g. https://identity.moneyhub.co.uk)
+ * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings
+ * @returns {Promise<OpenIDDiscoveryMetadata>} OpenID discovery metadata with URLs rewritten for the gateway
+ */
+async function getDiscoveryWithGatewayUrl(identityServiceUrl, options = {}) {
+    const doc = (await getDiscovery(identityServiceUrl, options));
+    const rewritten = rewriteDiscoveryDocForIdentityUrl(identityServiceUrl, doc);
+    return rewritten;
+}
+exports.getDiscoveryWithGatewayUrl = getDiscoveryWithGatewayUrl;
+/**
+ * Infers the canonical API base from a response link URL (e.g. links.self) by taking
+ * origin and path up to and including the version segment (e.g. /v3).
+ * @param {string} linkUrl - Full link URL from a resource response
+ * @returns {string|null} Canonical base URL or null if it cannot be inferred
+ */
+function inferCanonicalBaseFromLinkUrl(linkUrl) {
+    try {
+        const u = new URL(linkUrl);
+        const pathParts = u.pathname.split("/").filter(Boolean);
+        const versionIndex = pathParts.findIndex((p) => /^v\d+(\.\d+)?$/i.test(p));
+        if (versionIndex >= 0) {
+            const versionPath = "/" + pathParts.slice(0, versionIndex + 1).join("/");
+            return `${u.origin}${versionPath}`;
+        }
+        return u.origin;
+    }
+    catch {
+        return null;
+    }
+}
+exports.inferCanonicalBaseFromLinkUrl = inferCanonicalBaseFromLinkUrl;
+/**
+ * Rewrites URL strings in a resource server response body (e.g. links.self, links.next,
+ * links.prev) so that any canonical API base is replaced with resourceServerUrl.
+ * Returns the body unchanged if no links or no canonical base can be inferred.
+ * @param {*} body - Resource server response body (typically with a links property)
+ * @param {string} resourceServerUrl - Base URL for the resource server (e.g. gateway URL)
+ * @returns {*} Body with link URLs rewritten to use resourceServerUrl
+ */
+function rewriteResourceServerResponseUrls(body, resourceServerUrl) {
+    if (body === null || typeof body !== "object")
+        return body;
+    const targetBase = resourceServerUrl.replace(/\/$/, "");
+    const links = body.links;
+    if (!links || typeof links.self !== "string")
+        return body;
+    const canonicalBase = inferCanonicalBaseFromLinkUrl(links.self);
+    if (!canonicalBase || canonicalBase === targetBase)
+        return body;
+    const result = { ...body };
+    result.links = rewriteUrlsInObject(links, canonicalBase, targetBase);
+    return result;
+}
+exports.rewriteResourceServerResponseUrls = rewriteResourceServerResponseUrls;
+//# sourceMappingURL=discovery.js.map

package/dist/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":";;;;;;AAAA,8CAA2D;AAU3D;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CACjC,KAAQ,EACR,aAAqB,EACrB,UAAkB;IAElB,IAAI,aAAa,KAAK,UAAU;QAAE,OAAO,KAAK,CAAA;IAE9C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;YACnC,OAAO,CAAC,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAiB,CAAA;SACxE;QACD,OAAO,KAAK,CAAA;KACb;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACxB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,EAAE,aAAa,EAAE,UAAU,CAAC,CAAiB,CAAA;KACjG;IAED,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC/C,MAAM,GAAG,GAA4B,EAAE,CAAA;QACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YAC1C,GAAG,CAAC,CAAC,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;SAC3D;QACD,OAAO,GAAQ,CAAA;KAChB;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AA3BD,kDA2BC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAClC,GAA4B,EAC5B,aAAqB,EACrB,UAAkB;IAElB,IAAI,aAAa,KAAK,UAAU;QAAE,OAAO,GAAG,CAAA;IAE5C,MAAM,MAAM,GAA4B,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QAC5C,IAAI,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;YACjB,SAAQ;SACT;QACD,MAAM,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;KAClE;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAhBD,oDAgBC;AAUD;;;;GAIG;AACH,MAAM,uBAAuB,GAAG,CAAC,kBAA0B,EAAU,EAAE,CACrE,CAAC,kBAAkB,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AAE7E;;;;;;GAMG;AACH,SAAgB,iCAAiC,CAC/C,kBAA0B,EAC1B,GAA4B;IAE5B,MAAM,MAAM,GAAG,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,CAAA;IAC1B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAA;IACrD,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAC/C,MAAM,UAAU,GAAG,uBAAuB,CAAC,kBAAkB,CAAC,CAAA;IAC9D,OAAO,oBAAoB,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;AAC7D,CAAC;AATD,8EASC;AAED;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,kBAA0B,EAC1B,UAA4B,EAAE;IAE9B,MAAM,IAAI,GAAG,uBAAuB,CAAC,kBAAkB,CAAC,CAAA;IACxD,MAAM,GAAG,GAAG,GAAG,IAAI,mCAAmC,CAAA;IACtD,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,YAAY,EAAE,MAAM;KACrB,CAAA;IACD,IAAI,OAAO,CAAC,KAAK,EAAE;QAChB,OAAmB,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;KAC3C;IACD,IAAI,OAAO,CAAC,IAAI,EAAE;QAChB,OAAO,CAAC,KAAK,GAAG;YACd,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;SACtB,CAAA;KACF;IACD,MAAM,GAAG,GAAG,CAAC,MAAM,IAAA,aAAG,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAA;IACvE,OAAO,GAA8B,CAAA;AACvC,CAAC;AArBD,oCAqBC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,0BAA0B,CAC9C,kBAA0B,EAC1B,UAA4B,EAAE;IAE9B,MAAM,GAAG,GAAG,CAAC,MAAM,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAA4B,CAAA;IACxF,MAAM,SAAS,GAAG,iCAAiC,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IAC5E,OAAO,SAAoC,CAAA;AAC7C,CAAC;AAPD,gEAOC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,OAAe;IAC3D,IAAI;QACF,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;QAC1B,MAAM,SAAS,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACvD,MAAM,YAAY,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;QAC1E,IAAI,YAAY,IAAI,CAAC,EAAE;YACrB,MAAM,WAAW,GAAG,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACxE,OAAO,GAAG,CAAC,CAAC,MAAM,GAAG,WAAW,EAAE,CAAA;SACnC;QACD,OAAO,CAAC,CAAC,MAAM,CAAA;KAChB;IAAC,MAAM;QACN,OAAO,IAAI,CAAA;KACZ;AACH,CAAC;AAbD,sEAaC;AAED;;;;;;;GAOG;AACH,SAAgB,iCAAiC,CAC/C,IAAO,EACP,iBAAyB;IAEzB,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAE1D,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACvD,MAAM,KAAK,GAAI,IAAgC,CAAC,KAAoE,CAAA;IACpH,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAEzD,MAAM,aAAa,GAAG,6BAA6B,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC/D,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU;QAAE,OAAO,IAAI,CAAA;IAE/D,MAAM,MAAM,GAAG,EAAC,GAAI,IAAgC,EAAC,CAAA;IACrD,MAAM,CAAC,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,aAAa,EAAE,UAAU,CAAC,CAAA;IACpE,OAAO,MAAsB,CAAA;AAC/B,CAAC;AAhBD,8EAgBC"}

package/dist/index.d.ts

@@ -5,6 +5,7 @@ declare const _Moneyhub: (apiClientConfig: ApiClientConfig) => Promise<{
         keys: import("jose").JWK[];
     } | null;
     generators: typeof generators;
+    getConsentHistory: (params?: import("./schema/consent-history").ConsentHistorySearchParams | undefined, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./schema/consent-history").ConsentHistory[]>>;
     categoriseTransactions: import("./requests/types/categorise-transactions").CategoriseTransactionsRequest;
     createResellerCheckRequest: import("./requests/types/reseller-check").CreateResellerCheckRequest;
     registerUser: ({ clientUserId, }: {
@@ -63,14 +64,54 @@ declare const _Moneyhub: (apiClientConfig: ApiClientConfig) => Promise<{
         clientId?: string | undefined;
     } | undefined) => Promise<Connections.WellKnownConnection[]>;
     getOpenIdConfig: () => Promise<unknown>;
+    caasDeleteUser: ({ userId, }: {
+        userId: string;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<void>;
+    caasPatchTransaction: ({ accountId, transactionId, l2CategoryId, }: {
+        accountId: string;
+        transactionId: string;
+        l2CategoryId: string;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/transactions").CaasTransaction[]>>;
+    caasEnrichTransactions: ({ transactions, }: {
+        transactions: import("./requests/caas/types/transactions").CaasTransactionInput[];
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/transactions").CaasTransaction[]>>;
+    caasGetTransactions: ({ userId, accountId, limit, }: {
+        userId?: string | undefined;
+        accountId: string;
+        limit?: number | undefined;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/transactions").CaasTransaction[]>>;
+    caasDeleteTransaction: ({ accountId, transactionId, }: {
+        accountId: string;
+        transactionId: string;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<void>;
+    caasGetGeotags: ({ geotagIds, }: {
+        geotagIds: string[];
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/transactions").CaasGeotag[]>>;
+    caasGetCounterparties: ({ limit, offset, }: {
+        limit?: number | undefined;
+        offset?: number | undefined;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/transactions").CaasCounterparty[]>>;
+    caasGetCategories: (options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/categories").CaasCategory[]>>;
+    caasGetCategoryGroups: (options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<import("./requests/caas/types/categories").CaasCategoryGroup[]>>;
+    caasDeleteAccount: ({ accountId, }: {
+        accountId: string;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<void>;
     getTransactions: ({ userId, params, }: {
         userId?: string | undefined;
         params?: Transactions.TransactionSearchParams | undefined;
     }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<Transactions.Transaction[]>>;
+    getUnenrichedTransactions: ({ userId, params, }: {
+        userId?: string | undefined;
+        params?: Transactions.TransactionUnenrichedSearchParams | undefined;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<Transactions.TransactionUnenriched[]>>;
     getTransaction: ({ userId, transactionId, }: {
         userId?: string | undefined;
         transactionId: string;
     }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<Transactions.Transaction>>;
+    getUnenrichedTransaction: ({ userId, transactionId, }: {
+        userId?: string | undefined;
+        transactionId: string;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<Transactions.TransactionUnenriched>>;
     addTransaction: ({ userId, transaction, }: {
         userId: string;
         transaction: Transactions.TransactionPost;
@@ -251,6 +292,10 @@ declare const _Moneyhub: (apiClientConfig: ApiClientConfig) => Promise<{
     revokeRecurringPayment: ({ recurringPaymentId, }: {
         recurringPaymentId: string;
     }, options?: import("./request").ExtraOptions | undefined) => Promise<number>;
+    confirmFundsForRecurringPayment: ({ recurringPaymentId, fundsConfirmation, }: {
+        recurringPaymentId: string;
+        fundsConfirmation: Payments.FundsConfirmationRequest;
+    }, options?: import("./request").ExtraOptions | undefined) => Promise<import("./request").ApiResponse<Payments.FundsConfirmationResponse>>;
     getProjects: ({ userId, params, }: {
         userId: string;
         params?: import("./request").SearchParams | undefined;

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,UAAU,EAAC,MAAM,eAAe,CAAA;AAMxD,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,iBAAiB,CAAA;AAGpD,QAAA,MAAM,SAAS,oBAA2B,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgExD,CAAA;AAED,oBAAY,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC,CAAA;AACpE,QAAA,MAAM,QAAQ,EAAE,CAAC,eAAe,EAAE,eAAe,KAAK,OAAO,CAAC,gBAAgB,CAAa,CAAA;AAE3F,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,YAAY,MAAM,uBAAuB,CAAA;AAC1D,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,aAAa,MAAM,sBAAsB,CAAA;AAC1D,OAAO,KAAK,KAAK,UAAU,MAAM,mBAAmB,CAAA;AACpD,OAAO,KAAK,KAAK,uBAAuB,MAAM,mCAAmC,CAAA;AACjF,OAAO,KAAK,KAAK,cAAc,MAAM,uBAAuB,CAAA;AAC5D,OAAO,KAAK,KAAK,WAAW,MAAM,qBAAqB,CAAA;AACvD,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,sBAAsB,MAAM,iCAAiC,CAAA;AAC9E,OAAO,KAAK,KAAK,IAAI,MAAM,eAAe,CAAA;AAC1C,OAAO,KAAK,KAAK,MAAM,MAAM,gBAAgB,CAAA;AAC7C,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,mBAAmB,MAAM,8BAA8B,CAAA;AACxE,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,YAAY,MAAM,uBAAuB,CAAA;AAC1D,OAAO,KAAK,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AACnE,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,cAAc,MAAM,yBAAyB,CAAA;AAC9D,OAAO,KAAK,KAAK,UAAU,MAAM,oBAAoB,CAAA;AACrD,OAAO,KAAK,KAAK,KAAK,MAAM,eAAe,CAAA;AAC3C,OAAO,KAAK,KAAK,KAAK,MAAM,cAAc,CAAA;AAC1C,OAAO,KAAK,KAAK,YAAY,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,KAAK,KAAK,MAAM,eAAe,CAAA;AAE3C,OAAO,EACL,QAAQ,EACR,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,aAAa,EACb,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,QAAQ,EACR,sBAAsB,EACtB,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,KAAK,EACL,KAAK,EACL,YAAY,EACZ,KAAK,EACL,eAAe,EACf,QAAQ,GACT,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,UAAU,EAAsB,MAAM,eAAe,CAAA;AAQ7E,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,iBAAiB,CAAA;AA8BpD,QAAA,MAAM,SAAS,oBAA2B,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4DxD,CAAA;AAED,oBAAY,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC,CAAA;AACpE,QAAA,MAAM,QAAQ,EAAE,CAAC,eAAe,EAAE,eAAe,KAAK,OAAO,CAAC,gBAAgB,CAAa,CAAA;AAE3F,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,YAAY,MAAM,uBAAuB,CAAA;AAC1D,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,aAAa,MAAM,sBAAsB,CAAA;AAC1D,OAAO,KAAK,KAAK,UAAU,MAAM,mBAAmB,CAAA;AACpD,OAAO,KAAK,KAAK,uBAAuB,MAAM,mCAAmC,CAAA;AACjF,OAAO,KAAK,KAAK,cAAc,MAAM,uBAAuB,CAAA;AAC5D,OAAO,KAAK,KAAK,WAAW,MAAM,qBAAqB,CAAA;AACvD,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,sBAAsB,MAAM,iCAAiC,CAAA;AAC9E,OAAO,KAAK,KAAK,IAAI,MAAM,eAAe,CAAA;AAC1C,OAAO,KAAK,KAAK,MAAM,MAAM,gBAAgB,CAAA;AAC7C,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,KAAK,mBAAmB,MAAM,8BAA8B,CAAA;AACxE,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,YAAY,MAAM,uBAAuB,CAAA;AAC1D,OAAO,KAAK,KAAK,gBAAgB,MAAM,4BAA4B,CAAA;AACnE,OAAO,KAAK,KAAK,aAAa,MAAM,wBAAwB,CAAA;AAC5D,OAAO,KAAK,KAAK,cAAc,MAAM,yBAAyB,CAAA;AAC9D,OAAO,KAAK,KAAK,UAAU,MAAM,oBAAoB,CAAA;AACrD,OAAO,KAAK,KAAK,KAAK,MAAM,eAAe,CAAA;AAC3C,OAAO,KAAK,KAAK,KAAK,MAAM,cAAc,CAAA;AAC1C,OAAO,KAAK,KAAK,YAAY,MAAM,sBAAsB,CAAA;AACzD,OAAO,KAAK,KAAK,KAAK,MAAM,eAAe,CAAA;AAE3C,OAAO,EACL,QAAQ,EACR,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,aAAa,EACb,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,QAAQ,EACR,sBAAsB,EACtB,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,KAAK,EACL,KAAK,EACL,YAAY,EACZ,KAAK,EACL,eAAe,EACf,QAAQ,GACT,CAAA"}

package/dist/index.js

@@ -33,43 +33,80 @@ const tokens_1 = __importDefault(require("./tokens"));
 const requests_1 = __importDefault(require("./requests"));
 const R = __importStar(require("ramda"));
 const request_1 = __importDefault(require("./request"));
+const discovery_1 = require("./discovery");
+const oidc_config_1 = require("./oidc-config");
 const DEFAULT_TIMEOUT = 60000;
-const _Moneyhub = async (apiClientConfig) => {
-    const config = R.evolve({
+const DEFAULT_OIDC_CACHE_TTL_MS = 3600000; // 1 hour
+function buildConfig(apiClientConfig) {
+    return R.evolve({
         identityServiceUrl: (val) => val.replace("/oidc", ""),
-    }, apiClientConfig);
-    const { identityServiceUrl, options = {}, client: { client_id, client_secret, id_token_signed_response_alg, request_object_signing_alg, redirect_uri, keys, token_endpoint_auth_method, mTLS, }, } = config;
-    const { timeout = DEFAULT_TIMEOUT, apiVersioning = true, agent, retry = {} } = options;
+        gatewayIdentityServiceUrl: (val) => val == null ? val : val.replace(/\/oidc\/?$/, ""),
+        caasResourceServerUrl: (val) => `${val.replace(/\/v\d+(\.\d+)?\b/, "")}/caas/v1`,
+    }, {
+        ...apiClientConfig,
+        caasResourceServerUrl: apiClientConfig.resourceServerUrl,
+    });
+}
+function effectiveUrls(config) {
+    var _a, _b, _c, _d, _e;
+    return {
+        identity: (_a = config.gatewayIdentityServiceUrl) !== null && _a !== void 0 ? _a : config.identityServiceUrl,
+        resource: (_b = config.gatewayResourceServerUrl) !== null && _b !== void 0 ? _b : config.resourceServerUrl,
+        caas: (_c = config.gatewayCaasResourceServerUrl) !== null && _c !== void 0 ? _c : config.caasResourceServerUrl,
+        osip: (_d = config.gatewayOsipResourceServerUrl) !== null && _d !== void 0 ? _d : config.osipResourceServerUrl,
+        accountConnect: (_e = config.gatewayAccountConnectUrl) !== null && _e !== void 0 ? _e : config.accountConnectUrl,
+    };
+}
+const _Moneyhub = async (apiClientConfig) => {
+    const config = buildConfig(apiClientConfig);
+    const urls = effectiveUrls(config);
+    const { options = {}, client: clientCreds } = config;
+    const { timeout = DEFAULT_TIMEOUT, apiVersioning = true, agent, openIdConfigCacheTtlMs = DEFAULT_OIDC_CACHE_TTL_MS, retry = {} } = options;
+    const { mTLS } = clientCreds;
     openid_client_1.custom.setHttpOptionsDefaults({
         timeout,
-        ...mTLS ? {
-            cert: mTLS.cert,
-            key: mTLS.key,
-        } : {},
+        ...mTLS ? { cert: mTLS.cert, key: mTLS.key } : {},
     });
-    const moneyhubIssuer = await openid_client_1.Issuer.discover(identityServiceUrl + "/oidc");
+    const discoveryOpts = { timeout, agent: options.agent, mTLS: mTLS !== null && mTLS !== void 0 ? mTLS : undefined };
+    const discoveryMetadata = config.gatewayIdentityServiceUrl
+        ? await (0, discovery_1.getDiscoveryWithGatewayUrl)(urls.identity, discoveryOpts)
+        : await (0, discovery_1.getDiscovery)(urls.identity, discoveryOpts);
+    const moneyhubIssuer = new openid_client_1.Issuer(discoveryMetadata);
     const client = new moneyhubIssuer.Client({
-        client_id,
-        client_secret,
-        id_token_signed_response_alg,
-        redirect_uri,
-        token_endpoint_auth_method,
-        request_object_signing_alg,
+        ...R.pick(["client_id", "client_secret", "id_token_signed_response_alg", "redirect_uri", "token_endpoint_auth_method", "request_object_signing_alg"], clientCreds),
         tls_client_certificate_bound_access_tokens: (mTLS === null || mTLS === void 0 ? void 0 : mTLS.tls_client_certificate_bound_access_tokens) || false,
-    }, { keys });
+    }, { keys: clientCreds.keys });
     client[openid_client_1.custom.clock_tolerance] = 10;
-    const request = (0, request_1.default)({
+    const requestFn = (0, request_1.default)({
         client,
         options: { timeout, apiVersioning, agent, mTLS, retry },
+        identityServiceUrl: urls.identity,
+        gatewayResourceServerUrl: config.gatewayResourceServerUrl,
+        gatewayCaasResourceServerUrl: config.gatewayCaasResourceServerUrl,
+        gatewayOsipResourceServerUrl: config.gatewayOsipResourceServerUrl,
+    });
+    const getOpenIdConfig = (0, oidc_config_1.createGetOpenIdConfig)({
+        identityServiceUrl: urls.identity,
+        gatewayIdentityServiceUrl: config.gatewayIdentityServiceUrl,
+        openIdConfigCacheTtlMs,
+        request: requestFn,
     });
-    const moneyhub = {
-        ...(0, get_auth_urls_1.default)({ client, config }),
-        ...(0, tokens_1.default)({ client, config }),
-        ...(0, requests_1.default)({ config, request }),
-        keys: () => (keys && keys.length ? { keys } : null),
+    const configWithGetOpenIdConfig = {
+        ...config,
+        resourceServerUrl: urls.resource,
+        identityServiceUrl: urls.identity,
+        caasResourceServerUrl: urls.caas,
+        osipResourceServerUrl: urls.osip,
+        accountConnectUrl: urls.accountConnect,
+        getOpenIdConfig,
+    };
+    return {
+        ...(0, get_auth_urls_1.default)({ client, config: configWithGetOpenIdConfig }),
+        ...(0, tokens_1.default)({ client, config: configWithGetOpenIdConfig }),
+        ...(0, requests_1.default)({ config: configWithGetOpenIdConfig, request: requestFn }),
+        keys: () => { var _a; return (((_a = clientCreds.keys) === null || _a === void 0 ? void 0 : _a.length) ? { keys: clientCreds.keys } : null); },
         generators: openid_client_1.generators,
     };
-    return moneyhub;
 };
 const Moneyhub = _Moneyhub;
 exports.Moneyhub = Moneyhub;

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAwD;AACxD,oEAAgD;AAChD,sDAAuC;AACvC,0DAAwC;AACxC,yCAA0B;AAC1B,wDAA2B;AAE3B,MAAM,eAAe,GAAG,KAAK,CAAA;AAE7B,MAAM,SAAS,GAAG,KAAK,EAAE,eAAgC,EAAE,EAAE;IAC3D,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CACrB;QACE,kBAAkB,EAAE,CAAC,GAA0C,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;KAC7F,EACD,eAAe,CAChB,CAAA;IAED,MAAM,EACJ,kBAAkB,EAClB,OAAO,GAAG,EAAE,EACZ,MAAM,EAAE,EACN,SAAS,EACT,aAAa,EACb,4BAA4B,EAC5B,0BAA0B,EAC1B,YAAY,EACZ,IAAI,EACJ,0BAA0B,EAC1B,IAAI,GACL,GACF,GAAG,MAAM,CAAA;IAEV,MAAM,EAAC,OAAO,GAAG,eAAe,EAAE,aAAa,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,GAAG,EAAE,EAAC,GAAG,OAAO,CAAA;IAEpF,sBAAM,CAAC,sBAAsB,CAAC;QAC5B,OAAO;QACP,GAAG,IAAI,CAAC,CAAC,CAAC;YACR,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAC,CAAC,EAAE;KACP,CAAC,CAAA;IAEF,MAAM,cAAc,GAAG,MAAM,sBAAM,CAAC,QAAQ,CAAC,kBAAkB,GAAG,OAAO,CAAC,CAAA;IAE1E,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CACtC;QACE,SAAS;QACT,aAAa;QACb,4BAA4B;QAC5B,YAAY;QACZ,0BAA0B;QAC1B,0BAA0B;QAC1B,0CAA0C,EAAE,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,0CAA0C,KAAI,KAAK;KACtG,EACD,EAAC,IAAI,EAAC,CACP,CAAA;IAED,MAAM,CAAC,sBAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAA;IAEnC,MAAM,OAAO,GAAG,IAAA,iBAAG,EAAC;QAClB,MAAM;QACN,OAAO,EAAE,EAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAC;KACtD,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAG;QACf,GAAG,IAAA,uBAAkB,EAAC,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC;QACvC,GAAG,IAAA,gBAAgB,EAAC,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC;QACrC,GAAG,IAAA,kBAAe,EAAC,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;QACrC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAC,IAAI,EAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,UAAU,EAAV,0BAAU;KACX,CAAA;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AAGD,MAAM,QAAQ,GAAoE,SAAS,CAAA;AAyDzF,4BAAQ"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAA6E;AAC7E,oEAAgD;AAChD,sDAAuC;AACvC,0DAAwC;AACxC,yCAA0B;AAC1B,wDAA2B;AAC3B,2CAAoE;AACpE,+CAAmD;AAEnD,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,yBAAyB,GAAG,OAAO,CAAA,CAAC,SAAS;AAEnD,SAAS,WAAW,CAAC,eAAgC;IACnD,OAAO,CAAC,CAAC,MAAM,CACb;QACE,kBAAkB,EAAE,CAAC,GAA0C,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5F,yBAAyB,EAAE,CAAC,GAAiD,EAAE,EAAE,CAC/E,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACnD,qBAAqB,EAAE,CAAC,GAAyC,EAAE,EAAE,CACnE,GAAG,GAAG,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,UAAU;KACnD,EACD;QACE,GAAG,eAAe;QAClB,qBAAqB,EAAE,eAAe,CAAC,iBAAiB;KACzD,CACF,CAAA;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAsC;;IAC3D,OAAO;QACL,QAAQ,EAAE,MAAA,MAAM,CAAC,yBAAyB,mCAAI,MAAM,CAAC,kBAAkB;QACvE,QAAQ,EAAE,MAAA,MAAM,CAAC,wBAAwB,mCAAI,MAAM,CAAC,iBAAiB;QACrE,IAAI,EAAE,MAAA,MAAM,CAAC,4BAA4B,mCAAI,MAAM,CAAC,qBAAqB;QACzE,IAAI,EAAE,MAAA,MAAM,CAAC,4BAA4B,mCAAI,MAAM,CAAC,qBAAqB;QACzE,cAAc,EAAE,MAAA,MAAM,CAAC,wBAAwB,mCAAI,MAAM,CAAC,iBAAiB;KAC5E,CAAA;AACH,CAAC;AAED,MAAM,SAAS,GAAG,KAAK,EAAE,eAAgC,EAAE,EAAE;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,eAAe,CAAC,CAAA;IAC3C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,CAAA;IAClC,MAAM,EAAC,OAAO,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,EAAC,GAAG,MAAM,CAAA;IAClD,MAAM,EAAC,OAAO,GAAG,eAAe,EAAE,aAAa,GAAG,IAAI,EAAE,KAAK,EAAE,sBAAsB,GAAG,yBAAyB,EAAE,KAAK,GAAG,EAAE,EAAC,GAAG,OAAO,CAAA;IACxI,MAAM,EAAC,IAAI,EAAC,GAAG,WAAW,CAAA;IAE1B,sBAAM,CAAC,sBAAsB,CAAC;QAC5B,OAAO;QACP,GAAG,IAAI,CAAC,CAAC,CAAC,EAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAC,CAAC,CAAC,CAAC,EAAE;KAChD,CAAC,CAAA;IAEF,MAAM,aAAa,GAAG,EAAC,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,SAAS,EAAC,CAAA;IAC9E,MAAM,iBAAiB,GAAG,MAAM,CAAC,yBAAyB;QACxD,CAAC,CAAC,MAAM,IAAA,sCAA0B,EAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;QAChE,CAAC,CAAC,MAAM,IAAA,wBAAY,EAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAA;IAEpD,MAAM,cAAc,GAAG,IAAI,sBAAM,CAAC,iBAAmC,CAAC,CAAA;IACtE,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CACtC;QACE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,eAAe,EAAE,8BAA8B,EAAE,cAAc,EAAE,4BAA4B,EAAE,4BAA4B,CAAC,EAAE,WAAW,CAAC;QAClK,0CAA0C,EAAE,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,0CAA0C,KAAI,KAAK;KACtG,EACD,EAAC,IAAI,EAAE,WAAW,CAAC,IAAI,EAAC,CACzB,CAAA;IACD,MAAM,CAAC,sBAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAA;IAEnC,MAAM,SAAS,GAAG,IAAA,iBAAG,EAAC;QACpB,MAAM;QACN,OAAO,EAAE,EAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAC;QACrD,kBAAkB,EAAE,IAAI,CAAC,QAAQ;QACjC,wBAAwB,EAAE,MAAM,CAAC,wBAAwB;QACzD,4BAA4B,EAAE,MAAM,CAAC,4BAA4B;QACjE,4BAA4B,EAAE,MAAM,CAAC,4BAA4B;KAClE,CAAC,CAAA;IAEF,MAAM,eAAe,GAAG,IAAA,mCAAqB,EAAC;QAC5C,kBAAkB,EAAE,IAAI,CAAC,QAAQ;QACjC,yBAAyB,EAAE,MAAM,CAAC,yBAAyB;QAC3D,sBAAsB;QACtB,OAAO,EAAE,SAAS;KACnB,CAAC,CAAA;IAEF,MAAM,yBAAyB,GAAG;QAChC,GAAG,MAAM;QACT,iBAAiB,EAAE,IAAI,CAAC,QAAQ;QAChC,kBAAkB,EAAE,IAAI,CAAC,QAAQ;QACjC,qBAAqB,EAAE,IAAI,CAAC,IAAI;QAChC,qBAAqB,EAAE,IAAI,CAAC,IAAI;QAChC,iBAAiB,EAAE,IAAI,CAAC,cAAc;QACtC,eAAe;KAChB,CAAA;IAED,OAAO;QACL,GAAG,IAAA,uBAAkB,EAAC,EAAC,MAAM,EAAE,MAAM,EAAE,yBAAyB,EAAC,CAAC;QAClE,GAAG,IAAA,gBAAgB,EAAC,EAAC,MAAM,EAAE,MAAM,EAAE,yBAAyB,EAAC,CAAC;QAChE,GAAG,IAAA,kBAAe,EAAC,EAAC,MAAM,EAAE,yBAAyB,EAAE,OAAO,EAAE,SAAS,EAAC,CAAC;QAC3E,IAAI,EAAE,GAAG,EAAE,WAAC,OAAA,CAAC,CAAA,MAAA,WAAW,CAAC,IAAI,0CAAE,MAAM,EAAC,CAAC,CAAC,EAAC,IAAI,EAAE,WAAW,CAAC,IAAI,EAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA,EAAA;QACxE,UAAU,EAAV,0BAAU;KACX,CAAA;AACH,CAAC,CAAA;AAGD,MAAM,QAAQ,GAAoE,SAAS,CAAA;AAyDzF,4BAAQ"}

package/dist/oidc-config.d.ts

@@ -0,0 +1,17 @@
+import type { Request } from "./request";
+export interface GetOpenIdConfigParams {
+    identityServiceUrl: string;
+    /** When set, discovery endpoint URLs are rewritten to this base. */
+    gatewayIdentityServiceUrl?: string;
+    openIdConfigCacheTtlMs: number;
+    request: Request;
+}
+/**
+ * Creates a getOpenIdConfig function that fetches the OIDC discovery document with optional
+ * URL rewriting for gateway use. Uses @isaacs/ttlcache for TTL-based caching when openIdConfigCacheTtlMs > 0.
+ *
+ * @param {GetOpenIdConfigParams} params - Configuration: identityServiceUrl, optional gatewayIdentityServiceUrl, openIdConfigCacheTtlMs, and the request function used to fetch the discovery document
+ * @returns {function(): Promise<Record<string, unknown>>} A function that returns a promise of the discovery document (with endpoint URLs rewritten to gatewayIdentityServiceUrl only when that option is set)
+ */
+export declare function createGetOpenIdConfig(params: GetOpenIdConfigParams): () => Promise<Record<string, unknown>>;
+//# sourceMappingURL=oidc-config.d.ts.map

package/dist/oidc-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-config.d.ts","sourceRoot":"","sources":["../src/oidc-config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,WAAW,CAAA;AAYtC,MAAM,WAAW,qBAAqB;IACpC,kBAAkB,EAAE,MAAM,CAAA;IAE1B,oEAAoE;IACpE,yBAAyB,CAAC,EAAE,MAAM,CAAA;IAClC,sBAAsB,EAAE,MAAM,CAAA;IAC9B,OAAO,EAAE,OAAO,CAAA;CACjB;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyB3G"}

package/dist/oidc-config.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createGetOpenIdConfig = void 0;
+const ttlcache_1 = require("@isaacs/ttlcache");
+const discovery_1 = require("./discovery");
+const OIDC_CACHE_KEY = "oidc";
+/**
+ * Builds the discovery document URL for the given identity service URL.
+ * @param {string} identityServiceUrl - Identity service URL
+ * @returns {string} Full URL to the OIDC discovery document
+ */
+const discoveryUrl = (identityServiceUrl) => identityServiceUrl.replace(/\/oidc\/?$/, "") + "/oidc/.well-known/openid-configuration";
+/**
+ * Creates a getOpenIdConfig function that fetches the OIDC discovery document with optional
+ * URL rewriting for gateway use. Uses @isaacs/ttlcache for TTL-based caching when openIdConfigCacheTtlMs > 0.
+ *
+ * @param {GetOpenIdConfigParams} params - Configuration: identityServiceUrl, optional gatewayIdentityServiceUrl, openIdConfigCacheTtlMs, and the request function used to fetch the discovery document
+ * @returns {function(): Promise<Record<string, unknown>>} A function that returns a promise of the discovery document (with endpoint URLs rewritten to gatewayIdentityServiceUrl only when that option is set)
+ */
+function createGetOpenIdConfig(params) {
+    const { identityServiceUrl, gatewayIdentityServiceUrl, openIdConfigCacheTtlMs, request } = params;
+    const useCache = openIdConfigCacheTtlMs > 0;
+    const cache = useCache
+        ? new ttlcache_1.TTLCache({ max: 1, ttl: openIdConfigCacheTtlMs })
+        : undefined;
+    return async function getOpenIdConfig() {
+        if (useCache && cache) {
+            const cached = cache.get(OIDC_CACHE_KEY);
+            if (cached)
+                return cached;
+        }
+        const raw = (await request(discoveryUrl(identityServiceUrl)));
+        const rewriteTarget = gatewayIdentityServiceUrl !== null && gatewayIdentityServiceUrl !== void 0 ? gatewayIdentityServiceUrl : identityServiceUrl;
+        const value = gatewayIdentityServiceUrl && (raw === null || raw === void 0 ? void 0 : raw.issuer) && typeof raw.issuer === "string"
+            ? (0, discovery_1.rewriteDiscoveryDocForIdentityUrl)(rewriteTarget, raw)
+            : raw;
+        if (useCache && cache) {
+            cache.set(OIDC_CACHE_KEY, value);
+        }
+        return value;
+    };
+}
+exports.createGetOpenIdConfig = createGetOpenIdConfig;
+//# sourceMappingURL=oidc-config.js.map

package/dist/oidc-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-config.js","sourceRoot":"","sources":["../src/oidc-config.ts"],"names":[],"mappings":";;;AAAA,+CAAyC;AACzC,2CAA6D;AAG7D,MAAM,cAAc,GAAG,MAAM,CAAA;AAE7B;;;;GAIG;AACH,MAAM,YAAY,GAAG,CAAC,kBAA0B,EAAU,EAAE,CAC1D,kBAAkB,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,GAAG,wCAAwC,CAAA;AAWzF;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,MAA6B;IACjE,MAAM,EAAC,kBAAkB,EAAE,yBAAyB,EAAE,sBAAsB,EAAE,OAAO,EAAC,GAAG,MAAM,CAAA;IAC/F,MAAM,QAAQ,GAAG,sBAAsB,GAAG,CAAC,CAAA;IAC3C,MAAM,KAAK,GAAG,QAAQ;QACpB,CAAC,CAAC,IAAI,mBAAQ,CAAkC,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,sBAAsB,EAAC,CAAC;QACtF,CAAC,CAAC,SAAS,CAAA;IAEb,OAAO,KAAK,UAAU,eAAe;QACnC,IAAI,QAAQ,IAAI,KAAK,EAAE;YACrB,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;YACxC,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;SAC1B;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAA4B,CAAA;QACxF,MAAM,aAAa,GAAG,yBAAyB,aAAzB,yBAAyB,cAAzB,yBAAyB,GAAI,kBAAkB,CAAA;QACrE,MAAM,KAAK,GACT,yBAAyB,KAAI,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,CAAA,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;YACxE,CAAC,CAAC,IAAA,6CAAiC,EAAC,aAAa,EAAE,GAAG,CAAC;YACvD,CAAC,CAAC,GAAG,CAAA;QAET,IAAI,QAAQ,IAAI,KAAK,EAAE;YACrB,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAA;SACjC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAzBD,sDAyBC"}