npm - @nsshunt/stsauthclient - Versions diffs - 1.0.41 → 1.0.43 - Mend

@nsshunt/stsauthclient 1.0.41 → 1.0.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/stsauthclient.mjs +297 -317
package/dist/stsauthclient.mjs.map +1 -1
package/dist/stsauthclient.umd.js +299 -319
package/dist/stsauthclient.umd.js.map +1 -1
package/package.json +7 -7
package/types/authutilsnode.d.ts +3 -3
package/types/authutilsnode.d.ts.map +1 -1

package/dist/stsauthclient.mjs CHANGED Viewed

@@ -1,18 +1,6 @@
-var __defProp = Object.defineProperty;
-var __typeError = (msg) => {
-  throw TypeError(msg);
-};
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
-var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
-var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
-var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
-var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
-var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
-var _options, _options2, _cache, _cacheTimeout, _cookiejar, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn;
 import axios from "axios";
 import { STSAxiosConfig, GetErrorPayload } from "@nsshunt/stsutils";
-import tough from "tough-cookie";
+import { CookieJar, Cookie } from "tough-cookie";
 import jwt from "jsonwebtoken";
 import { jwtDecode } from "jwt-decode";
 import jwksClient from "jwks-rsa";
@@ -88,333 +76,165 @@ var StatusCodes;
   StatusCodes2[StatusCodes2["NETWORK_AUTHENTICATION_REQUIRED"] = 511] = "NETWORK_AUTHENTICATION_REQUIRED";
 })(StatusCodes || (StatusCodes = {}));
 class ResourceManager {
+  #options;
   constructor(options) {
-    __privateAdd(this, _options);
-    // eslint-disable-next-line  @typescript-eslint/no-explicit-any
-    __publicField(this, "GetErrorMessage", (status, error, detail) => {
-      return {
-        status,
-        error,
-        detail
-      };
-    });
-    __publicField(this, "GetHeaders", (access_token) => {
-      const headers = {
-        "Content-Type": "application/json"
-      };
-      if (access_token) {
-        headers["Authorization"] = `Bearer ${access_token}`;
-      }
-      return headers;
-    });
-    __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
-      const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
-      if (__privateGet(this, _options).agentManager) {
-        axiosConfig.withAgentManager(__privateGet(this, _options).agentManager);
-      }
-      if (requestData !== null) {
-        axiosConfig.withData(requestData);
-      }
-      const data = await axios(axiosConfig.config);
-      if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
-        const sessionDataRaw = data.data.detail;
-        if (sessionDataRaw) {
-          try {
-            const sessionData = JSON.parse(sessionDataRaw);
-            return sessionData;
-          } catch (error) {
-            errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): Could not parse session data.", error));
-            return null;
-          }
-        } else {
-          errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): No session data returned.", null));
-          return null;
-        }
-      } else {
-        const { status, error, detail } = data.data;
-        errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));
-        return null;
-      }
-    });
-    __privateSet(this, _options, options);
-    this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
+    this.#options = options;
+    this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);
   }
   get agentManager() {
-    if (__privateGet(this, _options).agentManager) {
-      return __privateGet(this, _options).agentManager;
+    if (this.#options.agentManager) {
+      return this.#options.agentManager;
     } else {
       return null;
     }
   }
   get options() {
-    return __privateGet(this, _options);
+    return this.#options;
   }
   // eslint-disable-next-line  @typescript-eslint/no-explicit-any
   LogDebugMessage(message) {
-    __privateGet(this, _options).logger.debug(message);
+    this.#options.logger.debug(message);
   }
   // eslint-disable-next-line  @typescript-eslint/no-explicit-any
   LogInfoMessage(message) {
-    __privateGet(this, _options).logger.info(message);
+    this.#options.logger.info(message);
   }
   // eslint-disable-next-line  @typescript-eslint/no-explicit-any
   LogErrorMessage(message) {
-    __privateGet(this, _options).logger.error(message);
+    this.#options.logger.error(message);
   }
+  // eslint-disable-next-line  @typescript-eslint/no-explicit-any
+  GetErrorMessage = (status, error, detail) => {
+    return {
+      status,
+      error,
+      detail
+    };
+  };
+  GetHeaders = (access_token) => {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (access_token) {
+      headers["Authorization"] = `Bearer ${access_token}`;
+    }
+    return headers;
+  };
+  GetResult = async (accessToken, url, method, requestData, errorCb) => {
+    const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
+    if (this.#options.agentManager) {
+      axiosConfig.withAgentManager(this.#options.agentManager);
+    }
+    if (requestData !== null) {
+      axiosConfig.withData(requestData);
+    }
+    const data = await axios(axiosConfig.config);
+    if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
+      const sessionDataRaw = data.data.detail;
+      if (sessionDataRaw) {
+        try {
+          const sessionData = JSON.parse(sessionDataRaw);
+          return sessionData;
+        } catch (error) {
+          errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): Could not parse session data.", error));
+          return null;
+        }
+      } else {
+        errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): No session data returned.", null));
+        return null;
+      }
+    } else {
+      const { status, error, detail } = data.data;
+      errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));
+      return null;
+    }
+  };
 }
-_options = new WeakMap();
 class SessionManager extends ResourceManager {
   constructor(options) {
     super(options);
-    __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
-      try {
-        return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
-      } catch (error) {
-        errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
-        return null;
-      }
-    });
-    __publicField(this, "PatchSession", async (access_token, session, errorCb) => {
-      try {
-        if (!session.sessionId) {
-          errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
-          return null;
-        }
-        return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
-      } catch (error) {
-        errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
+  }
+  GetSession = async (access_token, sessionId, errorCb) => {
+    try {
+      return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
+    } catch (error) {
+      errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
+      return null;
+    }
+  };
+  PatchSession = async (access_token, session, errorCb) => {
+    try {
+      if (!session.sessionId) {
+        errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
         return null;
       }
-    });
-  }
+      return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
+    } catch (error) {
+      errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
+      return null;
+    }
+  };
 }
 class AuthUtilsNode {
+  #options;
+  #cache = {};
+  #cacheTimeout = 1e3;
+  #cookiejar;
+  // Regular expression to match the origin
+  #originRegex = /^(api:\/\/\w+)/;
   constructor(options) {
-    __privateAdd(this, _AuthUtilsNode_instances);
-    __privateAdd(this, _options2);
-    __privateAdd(this, _cache, {});
-    __privateAdd(this, _cacheTimeout, 1e3);
-    __privateAdd(this, _cookiejar);
-    // Regular expression to match the origin
-    __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
-    __publicField(this, "ResetAgent", () => {
-      if (__privateGet(this, _options2).agentManager) {
-        __privateGet(this, _options2).agentManager.ResetAgent();
-      }
-    });
-    __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
-      return async (req, res, next) => {
-        if (options.permissions) {
-          const permissionsKey = options.permissions.join("_");
-          const scopeKey = req.auth.scope.split(" ").join("_");
-          if (__privateGet(this, _cache)[permissionsKey] && __privateGet(this, _cache)[permissionsKey].scopes[scopeKey]) {
-            next();
-            return;
-          }
-          const scopes = req.auth.scope.split(" ");
-          const requiredPermissions = [];
-          for (let i = 0; i < options.permissions.length; i++) {
-            const permission = options.permissions[i];
-            if (!scopes.includes(permission)) {
-              requiredPermissions.push(permission);
-            }
-          }
-          if (requiredPermissions.length > 0) {
-            const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);
-            res.status(StatusCodes.UNAUTHORIZED).send({ status: StatusCodes.UNAUTHORIZED, error: errorPayload });
-            return;
-          }
-          if (!__privateGet(this, _cache)[permissionsKey]) {
-            __privateGet(this, _cache)[permissionsKey] = {
-              scopes: {}
-            };
-          }
-          __privateGet(this, _cache)[permissionsKey].scopes[scopeKey] = {
-            scope: scopeKey,
-            timeout: setTimeout(() => {
-              delete __privateGet(this, _cache)[permissionsKey].scopes[scopeKey];
-            }, __privateGet(this, _cacheTimeout)).unref()
-          };
-        }
-        next();
-      };
-    });
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    __publicField(this, "SetCookiesToJar", async (headers, endpoint) => {
-      if (headers["set-cookie"]) {
-        headers["set-cookie"].map((headerCookie) => {
-          const cookie = tough.Cookie.parse(headerCookie);
-          __privateGet(this, _cookiejar).setCookieSync(cookie, endpoint);
-        });
-      } else {
-        const cookie = tough.Cookie.parse(headers["set-cookie"]);
-        __privateGet(this, _cookiejar).setCookieSync(cookie, endpoint);
-      }
-      return __privateGet(this, _cookiejar).getCookies(endpoint);
-    });
-    __publicField(this, "GetCookiesFromJar", async (endpoint) => {
-      return __privateGet(this, _cookiejar).getCookies(endpoint);
-    });
-    __publicField(this, "ValidateJWT", async (token, audience, endpoint) => {
-      const jwksClientUri = endpoint ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`;
-      const jwksClientOptions = {
-        cache: true,
-        //@@ all config items
-        cacheMaxEntries: 5,
-        // Default value
-        cacheMaxAge: 6e5,
-        // Defaults to 10m
-        rateLimit: true,
-        jwksRequestsPerMinute: 10,
-        // Default value
-        jwksUri: jwksClientUri,
-        timeout: 3e4
-        //@@ config
-      };
-      if (__privateGet(this, _options2).agentManager) {
-        jwksClientOptions.requestAgent = __privateGet(this, _options2).agentManager.GetAgent(jwksClientUri);
-      }
-      const jwks = jwksClient(jwksClientOptions);
-      const decodedRefreshToken = jwtDecode(token, { header: true });
-      const kid = decodedRefreshToken.kid;
-      const key = await jwks.getSigningKey(kid);
-      const signingKey = key.getPublicKey();
-      const verifyOptions = {
-        issuer: iss,
-        //subject:  s,
-        audience,
-        //expiresIn:  600, // 10 minutes
-        algorithm: ["RS256"]
-        // RSASSA [ "RS256", "RS384", "RS512" ]
-      };
-      return jwt.verify(token, signingKey, verifyOptions);
-    });
-    // Function to extract the origin from a URI
-    __publicField(this, "ExtractOrigin", (uri) => {
-      const match = uri.match(__privateGet(this, _originRegex));
-      return match ? match[1] : null;
-    });
-    __publicField(this, "GetAPITokenFromAuthServerUsingScope", async (options, errorCb) => {
-      const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;
-      let stage = "1";
-      const invokeErrorCb = (error) => {
-        __privateMethod(this, _AuthUtilsNode_instances, LogDebugMessage_fn).call(this, error);
-        if (instrumentController) {
-          instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, {
-            // auth error
-            Inc: 1
-          });
-        }
-        errorCb(error);
-      };
-      try {
-        stage = "2";
-        const scopes = scope.split(" ");
-        let origin = null;
-        let error = null;
-        stage = "3";
-        for (let i = 0; i < scopes.length; i++) {
-          const s = scopes[i];
-          if (!origin) {
-            origin = this.ExtractOrigin(s);
-            if (!origin) {
-              error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
-              break;
-            }
-          } else {
-            const nextOrigin = this.ExtractOrigin(s);
-            if (!nextOrigin) {
-              error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
-              break;
-            } else {
-              if (origin.localeCompare(nextOrigin) !== 0) {
-                error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);
-                break;
-              }
-            }
-          }
-        }
-        stage = "4";
-        if (error) {
-          invokeErrorCb(error);
-          return "";
-        }
-        stage = "5";
-        const payload = {
-          //@@ make a type
-          client_id: clientId,
-          // The service calling this method
-          client_secret: authClientSecret,
-          // Auth service client secret
-          //client_secret: goptions.brokerclientsecret, // Broker service client secret
-          scope,
-          // required API
-          //@@ remove audience
-          //@@ need scope to be the API identifier
-          grant_type: "client_credentials"
-        };
-        stage = "6";
-        const url = endPoint ? `${endPoint}${goptions.asoauthapiroot}/token` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`;
-        stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
-        const axiosConfig = new STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
-        if (__privateGet(this, _options2).agentManager) {
-          axiosConfig.withAgentManager(__privateGet(this, _options2).agentManager);
-        }
-        const retVal = await axios(axiosConfig.config);
-        stage = "7";
-        if (retVal.status) {
-          if (retVal.status !== 200) {
-            __privateMethod(this, _AuthUtilsNode_instances, LogDebugMessage_fn).call(this, chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));
-          }
-        } else {
-          invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));
-          return "";
+    this.#options = options;
+    this.#cookiejar = new CookieJar();
+  }
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  #LogDebugMessage(message) {
+    this.#options.logger.debug(message);
+  }
+  get agentManager() {
+    return this.#options.agentManager;
+  }
+  ResetAgent = () => {
+    if (this.#options.agentManager) {
+      this.#options.agentManager.ResetAgent();
+    }
+  };
+  VerifyRequestMiddlewareFactory = (options) => {
+    return async (req, res, next) => {
+      if (options.permissions) {
+        const permissionsKey = options.permissions.join("_");
+        const scopeKey = req.auth.scope.split(" ").join("_");
+        if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {
+          next();
+          return;
         }
-        stage = "8";
-        if (retVal.data) {
-          stage = "9";
-          if (retVal.data.access_token) {
-            stage = "10";
-            if (instrumentController) {
-              stage = "11";
-              instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {
-                Inc: 1
-              });
-            }
-            stage = "12";
-            return retVal.data.access_token;
-          } else {
-            stage = "13";
-            invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));
-            return "";
+        const scopes = req.auth.scope.split(" ");
+        const requiredPermissions = [];
+        for (let i = 0; i < options.permissions.length; i++) {
+          const permission = options.permissions[i];
+          if (!scopes.includes(permission)) {
+            requiredPermissions.push(permission);
           }
-        } else {
-          stage = "14";
-          invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));
-          return "";
         }
-      } catch (error) {
-        if (outputErrorsToConsole === true) {
-          console.error(error);
+        if (requiredPermissions.length > 0) {
+          const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);
+          res.status(StatusCodes.UNAUTHORIZED).send({ status: StatusCodes.UNAUTHORIZED, error: errorPayload });
+          return;
         }
-        let details = "None available.";
-        if (error.response && error.response.data) {
-          try {
-            details = JSON.stringify(error.response.data);
-          } catch (error2) {
-            details = `Could not JSON.stringify(error.response.data)`;
-          }
+        if (!this.#cache[permissionsKey]) {
+          this.#cache[permissionsKey] = {
+            scopes: {}
+          };
         }
-        invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));
-        return "";
+        this.#cache[permissionsKey].scopes[scopeKey] = {
+          scope: scopeKey,
+          timeout: setTimeout(() => {
+            delete this.#cache[permissionsKey].scopes[scopeKey];
+          }, this.#cacheTimeout).unref()
+        };
       }
-    });
-    __privateSet(this, _options2, options);
-    __privateSet(this, _cookiejar, new tough.CookieJar());
-  }
-  get agentManager() {
-    return __privateGet(this, _options2).agentManager;
-  }
+      next();
+    };
+  };
   /*
   let cookies = await this.GetCookiesFromJar();
   const valid = this.#ValidateCookies(cookies);
@@ -435,17 +255,177 @@ class AuthUtilsNode {
   async verifyRequestMiddleware(req, res, next) {
     next();
   }
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  SetCookiesToJar = async (headers, endpoint) => {
+    if (headers["set-cookie"]) {
+      headers["set-cookie"].map((headerCookie) => {
+        const cookie = Cookie.parse(headerCookie);
+        this.#cookiejar.setCookieSync(cookie, endpoint);
+      });
+    } else {
+      const cookie = Cookie.parse(headers["set-cookie"]);
+      this.#cookiejar.setCookieSync(cookie, endpoint);
+    }
+    return this.#cookiejar.getCookies(endpoint);
+  };
+  GetCookiesFromJar = async (endpoint) => {
+    return this.#cookiejar.getCookies(endpoint);
+  };
+  ValidateJWT = async (token, audience, endpoint) => {
+    const jwksClientUri = endpoint ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`;
+    const jwksClientOptions = {
+      cache: true,
+      //@@ all config items
+      cacheMaxEntries: 5,
+      // Default value
+      cacheMaxAge: 6e5,
+      // Defaults to 10m
+      rateLimit: true,
+      jwksRequestsPerMinute: 10,
+      // Default value
+      jwksUri: jwksClientUri,
+      timeout: 3e4
+      //@@ config
+    };
+    if (this.#options.agentManager) {
+      jwksClientOptions.requestAgent = this.#options.agentManager.GetAgent(jwksClientUri);
+    }
+    const jwks = jwksClient(jwksClientOptions);
+    const decodedRefreshToken = jwtDecode(token, { header: true });
+    const kid = decodedRefreshToken.kid;
+    const key = await jwks.getSigningKey(kid);
+    const signingKey = key.getPublicKey();
+    const verifyOptions = {
+      issuer: iss,
+      //subject:  s,
+      audience,
+      //expiresIn:  600, // 10 minutes
+      algorithm: ["RS256"]
+      // RSASSA [ "RS256", "RS384", "RS512" ]
+    };
+    return jwt.verify(token, signingKey, verifyOptions);
+  };
+  // Function to extract the origin from a URI
+  ExtractOrigin = (uri) => {
+    const match = uri.match(this.#originRegex);
+    return match ? match[1] : null;
+  };
+  GetAPITokenFromAuthServerUsingScope = async (options, errorCb) => {
+    const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;
+    let stage = "1";
+    const invokeErrorCb = (error) => {
+      this.#LogDebugMessage(error);
+      if (instrumentController) {
+        instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, {
+          // auth error
+          Inc: 1
+        });
+      }
+      errorCb(error);
+    };
+    try {
+      stage = "2";
+      const scopes = scope.split(" ");
+      let origin = null;
+      let error = null;
+      stage = "3";
+      for (let i = 0; i < scopes.length; i++) {
+        const s = scopes[i];
+        if (!origin) {
+          origin = this.ExtractOrigin(s);
+          if (!origin) {
+            error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
+            break;
+          }
+        } else {
+          const nextOrigin = this.ExtractOrigin(s);
+          if (!nextOrigin) {
+            error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
+            break;
+          } else {
+            if (origin.localeCompare(nextOrigin) !== 0) {
+              error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);
+              break;
+            }
+          }
+        }
+      }
+      stage = "4";
+      if (error) {
+        invokeErrorCb(error);
+        return "";
+      }
+      stage = "5";
+      const payload = {
+        //@@ make a type
+        client_id: clientId,
+        // The service calling this method
+        client_secret: authClientSecret,
+        // Auth service client secret
+        //client_secret: goptions.brokerclientsecret, // Broker service client secret
+        scope,
+        // required API
+        //@@ remove audience
+        //@@ need scope to be the API identifier
+        grant_type: "client_credentials"
+      };
+      stage = "6";
+      const url = endPoint ? `${endPoint}${goptions.asoauthapiroot}/token` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`;
+      stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
+      const axiosConfig = new STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
+      if (this.#options.agentManager) {
+        axiosConfig.withAgentManager(this.#options.agentManager);
+      }
+      const retVal = await axios(axiosConfig.config);
+      stage = "7";
+      if (retVal.status) {
+        if (retVal.status !== 200) {
+          this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));
+        }
+      } else {
+        invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));
+        return "";
+      }
+      stage = "8";
+      if (retVal.data) {
+        stage = "9";
+        if (retVal.data.access_token) {
+          stage = "10";
+          if (instrumentController) {
+            stage = "11";
+            instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {
+              Inc: 1
+            });
+          }
+          stage = "12";
+          return retVal.data.access_token;
+        } else {
+          stage = "13";
+          invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));
+          return "";
+        }
+      } else {
+        stage = "14";
+        invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));
+        return "";
+      }
+    } catch (error) {
+      if (outputErrorsToConsole === true) {
+        console.error(error);
+      }
+      let details = "None available.";
+      if (error.response && error.response.data) {
+        try {
+          details = JSON.stringify(error.response.data);
+        } catch (error2) {
+          details = `Could not JSON.stringify(error.response.data)`;
+        }
+      }
+      invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));
+      return "";
+    }
+  };
 }
-_options2 = new WeakMap();
-_cache = new WeakMap();
-_cacheTimeout = new WeakMap();
-_cookiejar = new WeakMap();
-_originRegex = new WeakMap();
-_AuthUtilsNode_instances = new WeakSet();
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-LogDebugMessage_fn = function(message) {
-  __privateGet(this, _options2).logger.debug(message);
-};
 export {
   AuthUtilsNode,
   STSAuthClientErrorCode,