@mondaydotcomorg/monday-authorization 3.8.0 → 3.9.2

package/README.md

@@ -31,7 +31,11 @@ await MondayAuthorization.init({
     serviceName: process.env.APP_NAME,
   },
   redisClient: redisClient,
-  grantedFeatureRedisExpirationInSeconds: 10 * 60
+  grantedFeatureRedisExpirationInSeconds: 10 * 60,
+  mondayFetchOptions: {
+    maxRetries: 5,
+    retryDelayMS: 100,
+  },
 });
 startServer(...)
 ```
@@ -534,14 +538,70 @@ interface MembershipDeleteResponse {
 }
 ```
 
+### Retry Configuration (v4.0.0+)
+
+Retry behavior is configurable via Ignite SDK. Configure the `authorization_retry_config` key in Ignite:
+
+```json
+{
+  "maxRetries": 3,
+  "baseDelayMs": 20,
+  "exponentBase": 2,
+  "jitterMinMs": 0,
+  "jitterMaxMs": 1000,
+  "retryOnStatusPatterns": ["429", "5**"]
+}
+```
+
+**Configuration Options:**
+- `maxRetries`: Maximum number of retry attempts (default: 3)
+- `baseDelayMs`: Base delay in milliseconds for exponential backoff (default: 20)
+- `exponentBase`: Base for exponential backoff calculation (default: 2)
+- `jitterMinMs`: Minimum jitter value in milliseconds (default: 0)
+- `jitterMaxMs`: Maximum jitter value in milliseconds (default: 1000)
+- `retryOnStatusPatterns`: Array of status code patterns to retry on
+  - Exact codes: `"429"` (retry on 429)
+  - Wildcards: `"5**"` (retry on all 5xx errors), `"5*9"` (retry on 509, 519, 529, etc.)
+
+**Retry Delay Formula:**
+```
+delay = baseDelayMs * (exponentBase ^ (attemptCount - 1)) + random(jitterMinMs, jitterMaxMs)
+```
+
+**Timeout Configuration:**
+- Configure timeout via `outgoing-request-timeout-ms` Ignite key (default: 2000ms in production, 60000ms in development)
+- Per-service overrides via `override-outgoing-request-timeout-ms` object keyed by `APP_NAME`
+
+**Programmatic Configuration:**
+You can also configure retry behavior programmatically via `mondayFetchOptions` in `init()`:
+
+```ts
+import { init, AuthorizationFetchOptions } from '@mondaydotcomorg/monday-authorization';
+
+const fetchOptions: AuthorizationFetchOptions = {
+  maxRetries: 5,
+  retryDelayMS: 100,
+  retryOn: (attempt, error, response, isTimeoutError) => {
+    // Custom retry logic
+    return isTimeoutError || (response?.status === 429);
+  },
+};
+
+await init({
+  mondayFetchOptions: fetchOptions,
+  // ... other options
+});
+```
+
 ## Development
 
 ### Local Development and Testing
 
 This package includes an `ignite-local-overrides.json` file for local development and testing only. It does **not** affect consumers of this package - they use their own Ignite configuration.
 
-The file enables feature flags for testing:
+The file enables feature flags and retry configuration for testing:
 
 - `navigate-can-action-in-scope-to-graph`: Graph API routing for `canActionInScope` methods
+- `authorization_retry_config`: Retry configuration for testing (see Retry Configuration section above)
 
 Modify this file for different local test scenarios, but remember changes only affect this package's development/testing.

package/dist/authorization-internal-service.d.ts

@@ -1,27 +1,31 @@
-import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { OnRetryCallback, RetryPolicy, RetryDelayCallback } from '@mondaydotcomorg/monday-fetch-api';
+import { OnRetryCallback, Response, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { BaseRequest } from './types/general';
+import type { AuthorizationFetchOptions } from './types/fetch-options';
 export declare const MAX_RETRIES = 3;
 export declare const RETRY_DELAY_MS = 20;
 export declare const logger: import("bunyan");
+export declare const IGNITE_RETRY_CONFIG_KEY = "authorization_retry_config";
 export declare const onRetryCallback: OnRetryCallback;
 /**
  * Exponential backoff retry delay callback
- * Calculates delay as: baseDelay * 2^(attemptCount - 1)
+ * Calculates delay as: baseDelay * (exponentBase)^(attemptCount - 1) + jitter(min..max)
  * Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
  */
-export declare const calcDelayDurationInMs: RetryDelayCallback;
+export declare const calcDelayDurationInMs: ({ attemptCount }: {
+    attemptCount: number;
+}) => number;
 export declare class AuthorizationInternalService {
-    static igniteClient?: IgniteClient;
+    static get igniteClient(): IgniteClient | undefined;
+    static set igniteClient(client: IgniteClient | undefined);
     static skipAuthorization(requset: BaseRequest): void;
     static markAuthorized(request: BaseRequest): void;
     static failIfNotCoveredByAuthorization(request: BaseRequest): void;
-    static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
+    static throwOnHttpErrorIfNeeded(response: Response, placement: string): void;
     static throwOnHttpError(status: number, placement: string): never;
     static generateInternalAuthToken(accountId: number, userId: number): string;
-    static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
-    static getRequestFetchOptions(): MondayFetchOptions;
+    static setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions): void;
+    static getRequestFetchOptions(): AuthorizationFetchOptions;
     static setIgniteClient(client: IgniteClient): void;
     static getRequestTimeout(): number;
     static getRetriesPolicy(): RetryPolicy;

package/dist/authorization-internal-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAEL,eAAe,EACf,WAAW,EACX,kBAAkB,EACnB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,eAAO,MAAM,WAAW,IAAI,CAAC;AAC7B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,kBAEnC,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAUvC"}
+{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,eAAe,EACf,QAAQ,EACR,WAAW,EAEZ,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,eAAO,MAAM,WAAW,IAAI,CAAC;AAC7B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAE/C,eAAO,MAAM,uBAAuB,+BAA+B,CAAC;AA4IpE,eAAO,MAAM,eAAe,EAAE,eAkB7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAI,kBAAkB;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,KAAG,MAOlF,CAAC;AAMF,qBAAa,4BAA4B;IACvC,MAAM,KAAK,YAAY,IAAI,YAAY,GAAG,SAAS,CAElD;IAED,MAAM,KAAK,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,SAAS,EAEvD;IACD,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAc5E,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,yBAAyB;IAWjF,MAAM,CAAC,sBAAsB,IAAI,yBAAyB;IAI1D,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAqBvC"}

package/dist/authorization-internal-service.js

@@ -27,37 +27,137 @@ const INTERNAL_APP_NAME = 'internal_ms';
 const MAX_RETRIES = 3;
 const RETRY_DELAY_MS = 20;
 const logger = MondayLogger__namespace.getLogger();
-const defaultMondayFetchOptions = {
+const IGNITE_RETRY_CONFIG_KEY = 'authorization_retry_config';
+let igniteClient;
+const defaultRetryConfig = {
     retries: MAX_RETRIES,
-    callback: logOnFetchFail,
+    baseDelayMs: RETRY_DELAY_MS,
+    exponentBase: 2,
+    jitterMinMs: 0,
+    jitterMaxMs: 1000,
+    retryOnStatusPatterns: ['429', '5**'],
 };
-const onRetryCallback = (attempt, error) => {
-    if (attempt == MAX_RETRIES) {
-        logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
+/**
+ * Sanitizes retry configuration values to ensure they are within valid ranges
+ */
+function sanitizeRetryConfig(config) {
+    return {
+        ...config,
+        retries: Math.max(0, Math.min(5, config.retries)),
+        exponentBase: Math.max(1, Math.min(100, config.exponentBase)),
+        jitterMinMs: Math.max(0, config.jitterMinMs),
+    };
+}
+function getRetryConfig() {
+    if (!igniteClient) {
+        return defaultRetryConfig;
+    }
+    try {
+        const config = igniteClient.configuration.getObjectValue(IGNITE_RETRY_CONFIG_KEY, defaultRetryConfig);
+        return sanitizeRetryConfig(config);
+    }
+    catch (error) {
+        logger.error({ tag: 'authorization-service', error, key: IGNITE_RETRY_CONFIG_KEY, defaultValue: defaultRetryConfig }, 'Failed to get ignite retry config, using defaults');
+        return defaultRetryConfig;
+    }
+}
+function randomIntInclusive(min, max) {
+    if (max <= min) {
+        return min;
+    }
+    return Math.floor(min + Math.random() * (max - min + 1));
+}
+function buildHttpStatusMatchers(patterns) {
+    const matchers = [];
+    const addWildcardMatcher = (wildcard) => {
+        // Normalized 3-char pattern with digits or '*'
+        matchers.push((status) => {
+            const s = String(status);
+            if (s.length !== 3) {
+                return false;
+            }
+            for (let i = 0; i < 3; i++) {
+                const w = wildcard[i];
+                const c = s[i];
+                if (w === '*') {
+                    continue;
+                }
+                if (w !== c) {
+                    return false;
+                }
+            }
+            return true;
+        });
+    };
+    for (const raw of patterns ?? []) {
+        const p = String(raw).trim();
+        if (!p) {
+            continue;
+        }
+        // Exact numeric status (e.g. "429")
+        if (/^\d+$/.test(p)) {
+            const exact = Number(p);
+            if (Number.isFinite(exact)) {
+                matchers.push((status) => status === exact);
+            }
+            continue;
+        }
+        // Wildcards for 3-digit HTTP codes:
+        // - "5**" => 5xx
+        // - "5*9" => 5?9
+        if (/^[0-9*]+$/.test(p) && p.includes('*')) {
+            const normalized = p.length < 3 ? p.padEnd(3, '*') : p;
+            if (normalized.length !== 3) {
+                logger.warn({ tag: 'authorization-service', pattern: p }, 'Invalid retry status wildcard pattern (expected a 3-character pattern like "5**" or "5*9")');
+            }
+            else {
+                addWildcardMatcher(normalized);
+            }
+            continue;
+        }
+        logger.warn({ tag: 'authorization-service', pattern: p }, 'Invalid retry status pattern (supported: exact code like "429" or wildcard like "5**")');
+    }
+    return matchers;
+}
+function shouldRetryOnResponseStatus(responseOrStatus, statusMatchers) {
+    const status = responseOrStatus?.status;
+    if (typeof status !== 'number') {
+        return false;
+    }
+    return statusMatchers.some(matcher => matcher(status));
+}
+const onRetryCallback = (attempt, error, response, isTimeoutError) => {
+    const effectiveMaxRetries = getRetryConfig().retries;
+    if (attempt == effectiveMaxRetries) {
+        logger.error({ tag: 'authorization-service', attempt, error, response, isTimeoutError }, 'Authorization attempt failed');
     }
     else {
-        logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
+        logger.info({ tag: 'authorization-service', attempt, error, response, isTimeoutError }, 'Authorization attempt failed, trying again');
     }
 };
 /**
  * Exponential backoff retry delay callback
- * Calculates delay as: baseDelay * 2^(attemptCount - 1)
+ * Calculates delay as: baseDelay * (exponentBase)^(attemptCount - 1) + jitter(min..max)
  * Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
  */
 const calcDelayDurationInMs = ({ attemptCount }) => {
-    return RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
+    const { baseDelayMs, exponentBase, jitterMinMs, jitterMaxMs } = getRetryConfig();
+    const jitterMin = Math.min(jitterMinMs, jitterMaxMs);
+    const jitterMax = Math.max(jitterMinMs, jitterMaxMs);
+    const expDelay = baseDelayMs * Math.pow(exponentBase, attemptCount - 1);
+    const jitter = randomIntInclusive(jitterMin, jitterMax);
+    return expDelay + jitter;
+};
+let mondayFetchOptions = {
+    retries: defaultRetryConfig.retries,
 };
-function logOnFetchFail(retriesLeft, error) {
-    if (retriesLeft == 0) {
-        logger.error({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}`);
+class AuthorizationInternalService {
+    static get igniteClient() {
+        return igniteClient;
     }
-    else {
-        logger.info({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}, trying again`);
+    static set igniteClient(client) {
+        igniteClient = client;
     }
-}
-let mondayFetchOptions = defaultMondayFetchOptions;
-class AuthorizationInternalService {
-    static igniteClient;
     static skipAuthorization(requset) {
         requset.authorizationSkipPerformed = true;
     }
@@ -85,16 +185,20 @@ class AuthorizationInternalService {
         return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
     }
     static setRequestFetchOptions(customMondayFetchOptions) {
+        const sanitizedOptions = { ...customMondayFetchOptions };
+        if (sanitizedOptions.retries !== undefined) {
+            sanitizedOptions.retries = Math.max(0, Math.min(5, sanitizedOptions.retries));
+        }
         mondayFetchOptions = {
-            ...defaultMondayFetchOptions,
-            ...customMondayFetchOptions,
+            ...defaultRetryConfig,
+            ...sanitizedOptions,
         };
     }
     static getRequestFetchOptions() {
         return mondayFetchOptions;
     }
     static setIgniteClient(client) {
-        this.igniteClient = client;
+        igniteClient = client;
     }
     static getRequestTimeout() {
         const isDevEnv = process.env.NODE_ENV === 'development';
@@ -118,17 +222,27 @@ class AuthorizationInternalService {
     }
     static getRetriesPolicy() {
         const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
-        const retryDelayMS = calcDelayDurationInMs;
+        const retryConfig = getRetryConfig();
+        const statusMatchers = buildHttpStatusMatchers(retryConfig.retryOnStatusPatterns);
+        const defaultRetryOn = (_attempt, _error, response, isTimeoutError) => isTimeoutError ? true : shouldRetryOnResponseStatus(response ?? undefined, statusMatchers);
+        // Sanitize retries from fetchOptions: clamp between 0 and 5
+        const rawMaxRetries = fetchOptions?.retries ?? retryConfig.retries;
+        const effectiveMaxRetries = Math.max(0, Math.min(5, rawMaxRetries));
+        const defaultGetTimeout = timeoutsCount => calcDelayDurationInMs({ attemptCount: timeoutsCount });
         return {
-            useRetries: !!fetchOptions.retries,
-            maxRetries: fetchOptions.retries ?? 0,
-            onRetry: onRetryCallback,
-            retryDelayMS,
+            useRetries: fetchOptions?.useRetries ?? true,
+            maxRetries: effectiveMaxRetries,
+            retryDelayMS: fetchOptions?.retryDelayMS ?? calcDelayDurationInMs,
+            onRetry: fetchOptions?.callback ?? onRetryCallback,
+            retryOn: fetchOptions?.retryOn ?? defaultRetryOn,
+            timeoutRetries: fetchOptions?.timeoutRetries ?? effectiveMaxRetries,
+            getTimeout: fetchOptions?.getTimeout ?? defaultGetTimeout,
         };
     }
 }
 
 exports.AuthorizationInternalService = AuthorizationInternalService;
+exports.IGNITE_RETRY_CONFIG_KEY = IGNITE_RETRY_CONFIG_KEY;
 exports.MAX_RETRIES = MAX_RETRIES;
 exports.RETRY_DELAY_MS = RETRY_DELAY_MS;
 exports.calcDelayDurationInMs = calcDelayDurationInMs;

package/dist/authorization-service.d.ts

@@ -1,13 +1,13 @@
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { Action, AuthorizationObject, AuthorizationParams, AuthorizationResource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
+import type { AuthorizationFetchOptions } from './types/fetch-options';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
     unauthorizedIds?: number[];
     unauthorizedObjects?: AuthorizationObject[];
 }
-export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
+export declare function setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions): void;
 export declare class AuthorizationService {
     private static get graphApi();
     private static _graphApi?;

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAG1G,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAY1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,qBAAqB,EAAE,EAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAiBjH"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAG1G,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAM1C,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAOvE,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,yBAAyB,QAEzF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,qBAAqB,EAAE,EAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAiBjH"}

package/dist/esm/authorization-internal-service.d.ts

@@ -1,27 +1,31 @@
-import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { OnRetryCallback, RetryPolicy, RetryDelayCallback } from '@mondaydotcomorg/monday-fetch-api';
+import { OnRetryCallback, Response, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { BaseRequest } from './types/general';
+import type { AuthorizationFetchOptions } from './types/fetch-options';
 export declare const MAX_RETRIES = 3;
 export declare const RETRY_DELAY_MS = 20;
 export declare const logger: import("bunyan");
+export declare const IGNITE_RETRY_CONFIG_KEY = "authorization_retry_config";
 export declare const onRetryCallback: OnRetryCallback;
 /**
  * Exponential backoff retry delay callback
- * Calculates delay as: baseDelay * 2^(attemptCount - 1)
+ * Calculates delay as: baseDelay * (exponentBase)^(attemptCount - 1) + jitter(min..max)
  * Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
  */
-export declare const calcDelayDurationInMs: RetryDelayCallback;
+export declare const calcDelayDurationInMs: ({ attemptCount }: {
+    attemptCount: number;
+}) => number;
 export declare class AuthorizationInternalService {
-    static igniteClient?: IgniteClient;
+    static get igniteClient(): IgniteClient | undefined;
+    static set igniteClient(client: IgniteClient | undefined);
     static skipAuthorization(requset: BaseRequest): void;
     static markAuthorized(request: BaseRequest): void;
     static failIfNotCoveredByAuthorization(request: BaseRequest): void;
-    static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
+    static throwOnHttpErrorIfNeeded(response: Response, placement: string): void;
     static throwOnHttpError(status: number, placement: string): never;
     static generateInternalAuthToken(accountId: number, userId: number): string;
-    static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
-    static getRequestFetchOptions(): MondayFetchOptions;
+    static setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions): void;
+    static getRequestFetchOptions(): AuthorizationFetchOptions;
     static setIgniteClient(client: IgniteClient): void;
     static getRequestTimeout(): number;
     static getRetriesPolicy(): RetryPolicy;

package/dist/esm/authorization-internal-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAEL,eAAe,EACf,WAAW,EACX,kBAAkB,EACnB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,eAAO,MAAM,WAAW,IAAI,CAAC;AAC7B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,kBAEnC,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAUvC"}
+{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,eAAe,EACf,QAAQ,EACR,WAAW,EAEZ,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,eAAO,MAAM,WAAW,IAAI,CAAC;AAC7B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAE/C,eAAO,MAAM,uBAAuB,+BAA+B,CAAC;AA4IpE,eAAO,MAAM,eAAe,EAAE,eAkB7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAI,kBAAkB;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,KAAG,MAOlF,CAAC;AAMF,qBAAa,4BAA4B;IACvC,MAAM,KAAK,YAAY,IAAI,YAAY,GAAG,SAAS,CAElD;IAED,MAAM,KAAK,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,SAAS,EAEvD;IACD,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAc5E,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,yBAAyB;IAWjF,MAAM,CAAC,sBAAsB,IAAI,yBAAyB;IAI1D,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAqBvC"}

package/dist/esm/authorization-internal-service.mjs

@@ -5,37 +5,137 @@ const INTERNAL_APP_NAME = 'internal_ms';
 const MAX_RETRIES = 3;
 const RETRY_DELAY_MS = 20;
 const logger = MondayLogger.getLogger();
-const defaultMondayFetchOptions = {
+const IGNITE_RETRY_CONFIG_KEY = 'authorization_retry_config';
+let igniteClient;
+const defaultRetryConfig = {
     retries: MAX_RETRIES,
-    callback: logOnFetchFail,
+    baseDelayMs: RETRY_DELAY_MS,
+    exponentBase: 2,
+    jitterMinMs: 0,
+    jitterMaxMs: 1000,
+    retryOnStatusPatterns: ['429', '5**'],
 };
-const onRetryCallback = (attempt, error) => {
-    if (attempt == MAX_RETRIES) {
-        logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
+/**
+ * Sanitizes retry configuration values to ensure they are within valid ranges
+ */
+function sanitizeRetryConfig(config) {
+    return {
+        ...config,
+        retries: Math.max(0, Math.min(5, config.retries)),
+        exponentBase: Math.max(1, Math.min(100, config.exponentBase)),
+        jitterMinMs: Math.max(0, config.jitterMinMs),
+    };
+}
+function getRetryConfig() {
+    if (!igniteClient) {
+        return defaultRetryConfig;
+    }
+    try {
+        const config = igniteClient.configuration.getObjectValue(IGNITE_RETRY_CONFIG_KEY, defaultRetryConfig);
+        return sanitizeRetryConfig(config);
+    }
+    catch (error) {
+        logger.error({ tag: 'authorization-service', error, key: IGNITE_RETRY_CONFIG_KEY, defaultValue: defaultRetryConfig }, 'Failed to get ignite retry config, using defaults');
+        return defaultRetryConfig;
+    }
+}
+function randomIntInclusive(min, max) {
+    if (max <= min) {
+        return min;
+    }
+    return Math.floor(min + Math.random() * (max - min + 1));
+}
+function buildHttpStatusMatchers(patterns) {
+    const matchers = [];
+    const addWildcardMatcher = (wildcard) => {
+        // Normalized 3-char pattern with digits or '*'
+        matchers.push((status) => {
+            const s = String(status);
+            if (s.length !== 3) {
+                return false;
+            }
+            for (let i = 0; i < 3; i++) {
+                const w = wildcard[i];
+                const c = s[i];
+                if (w === '*') {
+                    continue;
+                }
+                if (w !== c) {
+                    return false;
+                }
+            }
+            return true;
+        });
+    };
+    for (const raw of patterns ?? []) {
+        const p = String(raw).trim();
+        if (!p) {
+            continue;
+        }
+        // Exact numeric status (e.g. "429")
+        if (/^\d+$/.test(p)) {
+            const exact = Number(p);
+            if (Number.isFinite(exact)) {
+                matchers.push((status) => status === exact);
+            }
+            continue;
+        }
+        // Wildcards for 3-digit HTTP codes:
+        // - "5**" => 5xx
+        // - "5*9" => 5?9
+        if (/^[0-9*]+$/.test(p) && p.includes('*')) {
+            const normalized = p.length < 3 ? p.padEnd(3, '*') : p;
+            if (normalized.length !== 3) {
+                logger.warn({ tag: 'authorization-service', pattern: p }, 'Invalid retry status wildcard pattern (expected a 3-character pattern like "5**" or "5*9")');
+            }
+            else {
+                addWildcardMatcher(normalized);
+            }
+            continue;
+        }
+        logger.warn({ tag: 'authorization-service', pattern: p }, 'Invalid retry status pattern (supported: exact code like "429" or wildcard like "5**")');
+    }
+    return matchers;
+}
+function shouldRetryOnResponseStatus(responseOrStatus, statusMatchers) {
+    const status = responseOrStatus?.status;
+    if (typeof status !== 'number') {
+        return false;
+    }
+    return statusMatchers.some(matcher => matcher(status));
+}
+const onRetryCallback = (attempt, error, response, isTimeoutError) => {
+    const effectiveMaxRetries = getRetryConfig().retries;
+    if (attempt == effectiveMaxRetries) {
+        logger.error({ tag: 'authorization-service', attempt, error, response, isTimeoutError }, 'Authorization attempt failed');
     }
     else {
-        logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
+        logger.info({ tag: 'authorization-service', attempt, error, response, isTimeoutError }, 'Authorization attempt failed, trying again');
     }
 };
 /**
  * Exponential backoff retry delay callback
- * Calculates delay as: baseDelay * 2^(attemptCount - 1)
+ * Calculates delay as: baseDelay * (exponentBase)^(attemptCount - 1) + jitter(min..max)
  * Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
  */
 const calcDelayDurationInMs = ({ attemptCount }) => {
-    return RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
+    const { baseDelayMs, exponentBase, jitterMinMs, jitterMaxMs } = getRetryConfig();
+    const jitterMin = Math.min(jitterMinMs, jitterMaxMs);
+    const jitterMax = Math.max(jitterMinMs, jitterMaxMs);
+    const expDelay = baseDelayMs * Math.pow(exponentBase, attemptCount - 1);
+    const jitter = randomIntInclusive(jitterMin, jitterMax);
+    return expDelay + jitter;
+};
+let mondayFetchOptions = {
+    retries: defaultRetryConfig.retries,
 };
-function logOnFetchFail(retriesLeft, error) {
-    if (retriesLeft == 0) {
-        logger.error({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}`);
+class AuthorizationInternalService {
+    static get igniteClient() {
+        return igniteClient;
     }
-    else {
-        logger.info({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}, trying again`);
+    static set igniteClient(client) {
+        igniteClient = client;
     }
-}
-let mondayFetchOptions = defaultMondayFetchOptions;
-class AuthorizationInternalService {
-    static igniteClient;
     static skipAuthorization(requset) {
         requset.authorizationSkipPerformed = true;
     }
@@ -63,16 +163,20 @@ class AuthorizationInternalService {
         return signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
     }
     static setRequestFetchOptions(customMondayFetchOptions) {
+        const sanitizedOptions = { ...customMondayFetchOptions };
+        if (sanitizedOptions.retries !== undefined) {
+            sanitizedOptions.retries = Math.max(0, Math.min(5, sanitizedOptions.retries));
+        }
         mondayFetchOptions = {
-            ...defaultMondayFetchOptions,
-            ...customMondayFetchOptions,
+            ...defaultRetryConfig,
+            ...sanitizedOptions,
         };
     }
     static getRequestFetchOptions() {
         return mondayFetchOptions;
     }
     static setIgniteClient(client) {
-        this.igniteClient = client;
+        igniteClient = client;
     }
     static getRequestTimeout() {
         const isDevEnv = process.env.NODE_ENV === 'development';
@@ -96,14 +200,23 @@ class AuthorizationInternalService {
     }
     static getRetriesPolicy() {
         const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
-        const retryDelayMS = calcDelayDurationInMs;
+        const retryConfig = getRetryConfig();
+        const statusMatchers = buildHttpStatusMatchers(retryConfig.retryOnStatusPatterns);
+        const defaultRetryOn = (_attempt, _error, response, isTimeoutError) => isTimeoutError ? true : shouldRetryOnResponseStatus(response ?? undefined, statusMatchers);
+        // Sanitize retries from fetchOptions: clamp between 0 and 5
+        const rawMaxRetries = fetchOptions?.retries ?? retryConfig.retries;
+        const effectiveMaxRetries = Math.max(0, Math.min(5, rawMaxRetries));
+        const defaultGetTimeout = timeoutsCount => calcDelayDurationInMs({ attemptCount: timeoutsCount });
         return {
-            useRetries: !!fetchOptions.retries,
-            maxRetries: fetchOptions.retries ?? 0,
-            onRetry: onRetryCallback,
-            retryDelayMS,
+            useRetries: fetchOptions?.useRetries ?? true,
+            maxRetries: effectiveMaxRetries,
+            retryDelayMS: fetchOptions?.retryDelayMS ?? calcDelayDurationInMs,
+            onRetry: fetchOptions?.callback ?? onRetryCallback,
+            retryOn: fetchOptions?.retryOn ?? defaultRetryOn,
+            timeoutRetries: fetchOptions?.timeoutRetries ?? effectiveMaxRetries,
+            getTimeout: fetchOptions?.getTimeout ?? defaultGetTimeout,
         };
     }
 }
 
-export { AuthorizationInternalService, MAX_RETRIES, RETRY_DELAY_MS, calcDelayDurationInMs, logger, onRetryCallback };
+export { AuthorizationInternalService, IGNITE_RETRY_CONFIG_KEY, MAX_RETRIES, RETRY_DELAY_MS, calcDelayDurationInMs, logger, onRetryCallback };

package/dist/esm/authorization-service.d.ts

@@ -1,13 +1,13 @@
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { Action, AuthorizationObject, AuthorizationParams, AuthorizationResource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
+import type { AuthorizationFetchOptions } from './types/fetch-options';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
     unauthorizedIds?: number[];
     unauthorizedObjects?: AuthorizationObject[];
 }
-export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
+export declare function setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions): void;
 export declare class AuthorizationService {
     private static get graphApi();
     private static _graphApi?;