@optimizely-opal/opal-tool-ocp-sdk 0.0.0-devmg.13 → 1.0.0-beta.1

package/src/auth/AuthUtils.ts

@@ -0,0 +1,117 @@
+import { getAppContext, logger } from '@zaiusinc/app-sdk';
+import { getTokenVerifier } from './TokenVerifier';
+import { OptiIdAuthData } from '../types/Models';
+
+/**
+ * Validate the OptiID access token
+ *
+ * @param accessToken - The access token to validate
+ * @returns true if the token is valid
+ */
+async function validateAccessToken(accessToken: string | undefined): Promise<boolean> {
+  try {
+    if (!accessToken) {
+      return false;
+    }
+    const tokenVerifier = await getTokenVerifier();
+    return await tokenVerifier.verify(accessToken);
+  } catch (error) {
+    logger.error('OptiID token validation failed:', error);
+    return false;
+  }
+}
+
+/**
+ * Extract and validate basic OptiID authentication data from request
+ *
+ * @param request - The incoming request
+ * @returns object with authData and accessToken, or null if invalid
+ */
+export function extractAuthData(request: any): { authData: OptiIdAuthData; accessToken: string } | null {
+  const authData = request?.bodyJSON?.auth as OptiIdAuthData;
+  const accessToken = authData?.credentials?.access_token;
+  if (!accessToken || authData?.provider?.toLowerCase() !== 'optiid') {
+    return null;
+  }
+
+  return { authData, accessToken };
+}
+
+/**
+ * Validate organization ID matches the app context
+ *
+ * @param customerId - The customer ID from the auth data
+ * @returns true if the organization ID is valid
+ */
+function validateOrganizationId(customerId: string | undefined): boolean {
+  if (!customerId) {
+    logger.error('Organisation ID is required but not provided');
+    return false;
+  }
+
+  const appOrganisationId = getAppContext()?.account?.organizationId;
+  if (customerId !== appOrganisationId) {
+    logger.error(`Invalid organisation ID: expected ${appOrganisationId}, received ${customerId}`);
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Check if a request should skip authentication (discovery/ready endpoints)
+ *
+ * @param request - The incoming request
+ * @returns true if auth should be skipped
+ */
+function shouldSkipAuth(request: any): boolean {
+  return request.path === '/discovery' || request.path === '/ready';
+}
+
+/**
+ * Core authentication flow - extracts auth data and validates token
+ *
+ * @param request - The incoming request
+ * @param validateOrg - Whether to validate organization ID
+ * @returns true if authentication succeeds
+ */
+async function authenticateRequest(request: any, validateOrg: boolean): Promise<boolean> {
+  if (shouldSkipAuth(request)) {
+    return true;
+  }
+
+  const authInfo = extractAuthData(request);
+  if (!authInfo) {
+    logger.error('OptiID token is required but not provided');
+    return false;
+  }
+
+  const { authData, accessToken } = authInfo;
+
+  // Validate organization ID if required
+  if (validateOrg && !validateOrganizationId(authData.credentials?.customer_id)) {
+    return false;
+  }
+
+  return await validateAccessToken(accessToken);
+}
+
+/**
+ * Authenticate a request for regular functions (with organization validation)
+ *
+ * @param request - The incoming request
+ * @returns true if authentication and authorization succeed
+ */
+export async function authenticateRegularRequest(request: any): Promise<boolean> {
+  return await authenticateRequest(request, true);
+}
+
+/**
+ * Authenticate a request for global functions (without organization validation)
+ *
+ * @param request - The incoming request
+ * @returns true if authentication succeeds
+ */
+export async function authenticateGlobalRequest(request: any): Promise<boolean> {
+  return await authenticateRequest(request, false);
+}

package/src/auth/TokenVerifier.test.ts

@@ -1,3 +1,14 @@
+
+// Mock the app-sdk module
+jest.mock('@zaiusinc/app-sdk', () => ({
+  logger: {
+    info: jest.fn(),
+    error: jest.fn(),
+    warn: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
 import { TokenVerifier } from './TokenVerifier';
 
 // Test constants

package/src/auth/TokenVerifier.ts

@@ -92,7 +92,6 @@ export class TokenVerifier {
         cooldownDuration: DEFAULT_JWKS_EXPIRES_IN
       });
       this.initialized = true;
-      logger.info('TokenVerifier environment ' + environment);
       logger.info(`TokenVerifier initialized with issuer: ${this.issuer} (environment: ${environment})`);
     } catch (error) {
       logger.error('Failed to initialize TokenVerifier', error);

package/src/function/GlobalToolFunction.test.ts

@@ -0,0 +1,505 @@
+import { GlobalToolFunction } from './GlobalToolFunction';
+import { toolsService } from '../service/Service';
+import { Response, getAppContext } from '@zaiusinc/app-sdk';
+import { getTokenVerifier } from '../auth/TokenVerifier';
+
+// Mock the dependencies
+jest.mock('../service/Service', () => ({
+  toolsService: {
+    processRequest: jest.fn(),
+  },
+}));
+
+jest.mock('../auth/TokenVerifier', () => ({
+  getTokenVerifier: jest.fn(),
+}));
+
+jest.mock('@zaiusinc/app-sdk', () => ({
+  GlobalFunction: class {
+    protected request: any;
+    public constructor(_name?: string) {
+      this.request = {};
+    }
+  },
+  Request: jest.fn().mockImplementation(() => ({})),
+  Response: jest.fn().mockImplementation((status, data) => ({
+    status,
+    data,
+    bodyJSON: data,
+    bodyAsU8Array: new Uint8Array()
+  })),
+  amendLogContext: jest.fn(),
+  getAppContext: jest.fn(),
+  logger: {
+    info: jest.fn(),
+    error: jest.fn(),
+    warn: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
+// Create a concrete implementation for testing
+class TestGlobalToolFunction extends GlobalToolFunction {
+  private mockReady: jest.MockedFunction<() => Promise<boolean>>;
+
+  public constructor(request?: any) {
+    super(request || {});
+    (this as any).request = request;
+    this.mockReady = jest.fn().mockResolvedValue(true);
+  }
+
+  // Override the ready method with mock implementation for testing
+  protected ready(): Promise<boolean> {
+    return this.mockReady();
+  }
+
+  public getRequest() {
+    return (this as any).request;
+  }
+
+  public getMockReady() {
+    return this.mockReady;
+  }
+}
+
+describe('GlobalToolFunction', () => {
+  let mockRequest: any;
+  let mockResponse: Response;
+  let globalToolFunction: TestGlobalToolFunction;
+  let mockProcessRequest: jest.MockedFunction<typeof toolsService.processRequest>;
+  let mockGetTokenVerifier: jest.MockedFunction<typeof getTokenVerifier>;
+  let mockGetAppContext: jest.MockedFunction<typeof getAppContext>;
+  let mockTokenVerifier: jest.Mocked<{
+    verify: (token: string) => Promise<any>;
+  }>;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    // Create mock token verifier
+    mockTokenVerifier = {
+      verify: jest.fn(),
+    };
+
+    // Setup the mocks
+    mockProcessRequest = jest.mocked(toolsService.processRequest);
+    mockGetTokenVerifier = jest.mocked(getTokenVerifier);
+    mockGetAppContext = jest.mocked(getAppContext);
+
+    mockGetTokenVerifier.mockResolvedValue(mockTokenVerifier as any);
+    mockGetAppContext.mockReturnValue({
+      account: {
+        organizationId: 'app-org-123'
+      }
+    } as any);
+
+    // Create mock request with bodyJSON structure
+    // Note: Global functions don't validate customer_id, so it can be different or missing
+    mockRequest = {
+      headers: new Map(),
+      method: 'POST',
+      path: '/test',
+      bodyJSON: {
+        parameters: {
+          task_id: 'task-123',
+          content_id: 'content-456'
+        },
+        auth: {
+          provider: 'OptiID',
+          credentials: {
+            token_type: 'Bearer',
+            access_token: 'valid-access-token',
+            org_sso_id: 'org-sso-123',
+            user_id: 'user-456',
+            instance_id: 'instance-789',
+            customer_id: 'any-org-123', // Can be different from app org for global functions
+            product_sku: 'OPAL'
+          }
+        },
+        environment: {
+          execution_mode: 'headless'
+        }
+      }
+    };
+
+    mockResponse = {} as Response;
+    globalToolFunction = new TestGlobalToolFunction(mockRequest);
+  });
+
+  // Helper function to create a ready request with valid auth
+  const createReadyRequestWithAuth = () => ({
+    headers: new Map(),
+    method: 'GET',
+    path: '/ready',
+    bodyJSON: {
+      auth: {
+        provider: 'OptiID',
+        credentials: {
+          access_token: 'valid-token',
+          customer_id: 'any-org-123' // Can be any org for global functions
+        }
+      }
+    }
+  });
+
+  // Helper function to create a discovery request
+  const createDiscoveryRequest = () => ({
+    headers: new Map(),
+    method: 'GET',
+    path: '/discovery'
+  });
+
+  // Helper function to setup authorization mocks to pass
+  const setupAuthMocks = () => {
+    mockTokenVerifier.verify.mockResolvedValue(true);
+  };
+
+  describe('/discovery endpoint', () => {
+    it('should allow discovery endpoint without authentication', async () => {
+      // Arrange
+      const discoveryRequest = createDiscoveryRequest();
+      globalToolFunction = new TestGlobalToolFunction(discoveryRequest);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      // Act
+      const result = await globalToolFunction.perform();
+
+      // Assert
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).not.toHaveBeenCalled(); // Should not verify token for discovery
+      expect(mockProcessRequest).toHaveBeenCalledWith(discoveryRequest, globalToolFunction);
+    });
+  });
+
+  describe('/ready endpoint', () => {
+    beforeEach(() => {
+      setupAuthMocks();
+    });
+
+    it('should return ready: true when ready method returns true', async () => {
+      // Arrange
+      const readyRequest = createReadyRequestWithAuth();
+      globalToolFunction = new TestGlobalToolFunction(readyRequest);
+      globalToolFunction.getMockReady().mockResolvedValue(true);
+
+      // Act
+      const result = await globalToolFunction.perform();
+
+      // Assert
+      expect(globalToolFunction.getMockReady()).toHaveBeenCalledTimes(1);
+      expect(result).toEqual(new Response(200, { ready: true }));
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
+    it('should return ready: false when ready method returns false', async () => {
+      // Arrange
+      const readyRequest = createReadyRequestWithAuth();
+      globalToolFunction = new TestGlobalToolFunction(readyRequest);
+      globalToolFunction.getMockReady().mockResolvedValue(false);
+
+      // Act
+      const result = await globalToolFunction.perform();
+
+      // Assert
+      expect(globalToolFunction.getMockReady()).toHaveBeenCalledTimes(1);
+      expect(result).toEqual(new Response(200, { ready: false }));
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
+    it('should handle ready method throwing an error', async () => {
+      // Arrange
+      const readyRequest = createReadyRequestWithAuth();
+      globalToolFunction = new TestGlobalToolFunction(readyRequest);
+      globalToolFunction.getMockReady().mockRejectedValue(new Error('Ready check failed'));
+
+      // Act & Assert
+      await expect(globalToolFunction.perform()).rejects.toThrow('Ready check failed');
+      expect(globalToolFunction.getMockReady()).toHaveBeenCalledTimes(1);
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
+    it('should use default ready implementation when not overridden', async () => {
+      // Create a class that doesn't override ready method
+      class DefaultReadyGlobalToolFunction extends GlobalToolFunction {
+        public constructor(request?: any) {
+          super(request || {});
+          (this as any).request = request;
+        }
+
+        public getRequest() {
+          return (this as any).request;
+        }
+      }
+
+      // Arrange
+      const readyRequest = createReadyRequestWithAuth();
+      const defaultGlobalToolFunction = new DefaultReadyGlobalToolFunction(readyRequest);
+
+      // Act
+      const result = await defaultGlobalToolFunction.perform();
+
+      // Assert - Default implementation should return true
+      expect(result).toEqual(new Response(200, { ready: true }));
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
+    it('should allow ready endpoint without authentication', async () => {
+      // Arrange
+      const readyRequestWithoutAuth = {
+        headers: new Map(),
+        method: 'GET',
+        path: '/ready'
+      };
+      globalToolFunction = new TestGlobalToolFunction(readyRequestWithoutAuth);
+      globalToolFunction.getMockReady().mockResolvedValue(true);
+
+      // Act
+      const result = await globalToolFunction.perform();
+
+      // Assert
+      expect(result).toEqual(new Response(200, { ready: true }));
+      expect(mockGetTokenVerifier).not.toHaveBeenCalled(); // Should not verify token for ready
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+  });
+
+  describe('perform', () => {
+    it('should execute successfully with valid token (no organization validation)', async () => {
+      // Setup mock token verifier to return true for valid token
+      mockTokenVerifier.verify.mockResolvedValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      const result = await globalToolFunction.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      // Note: getAppContext should NOT be called for global functions
+      expect(mockGetAppContext).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, globalToolFunction);
+    });
+
+    it('should execute successfully even with different organization ID', async () => {
+      // Update mock request with different customer_id (should still work for global functions)
+      const requestWithDifferentOrgId = {
+        ...mockRequest,
+        bodyJSON: {
+          ...mockRequest.bodyJSON,
+          auth: {
+            ...mockRequest.bodyJSON.auth,
+            credentials: {
+              ...mockRequest.bodyJSON.auth.credentials,
+              customer_id: 'completely-different-org-456'
+            }
+          }
+        }
+      };
+
+      const globalToolFunctionWithDifferentOrgId = new TestGlobalToolFunction(requestWithDifferentOrgId);
+      mockTokenVerifier.verify.mockResolvedValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      const result = await globalToolFunctionWithDifferentOrgId.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      // Note: Should NOT validate organization ID for global functions
+      expect(mockGetAppContext).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(requestWithDifferentOrgId, globalToolFunctionWithDifferentOrgId);
+    });
+
+    it('should execute successfully even without customer_id', async () => {
+      // Create request without customer_id (should still work for global functions)
+      const requestWithoutCustomerId = {
+        ...mockRequest,
+        bodyJSON: {
+          ...mockRequest.bodyJSON,
+          auth: {
+            ...mockRequest.bodyJSON.auth,
+            credentials: {
+              ...mockRequest.bodyJSON.auth.credentials,
+              customer_id: undefined
+            }
+          }
+        }
+      };
+
+      const globalToolFunctionWithoutCustomerId = new TestGlobalToolFunction(requestWithoutCustomerId);
+      mockTokenVerifier.verify.mockResolvedValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      const result = await globalToolFunctionWithoutCustomerId.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      expect(mockGetAppContext).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(requestWithoutCustomerId, globalToolFunctionWithoutCustomerId);
+    });
+
+    it('should return 403 response with invalid token', async () => {
+      // Setup mock token verifier to return false
+      mockTokenVerifier.verify.mockResolvedValue(false);
+
+      const result = await globalToolFunction.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 response when access token is missing', async () => {
+      // Create request without access token
+      const requestWithoutToken = {
+        ...mockRequest,
+        bodyJSON: {
+          ...mockRequest.bodyJSON,
+          auth: {
+            ...mockRequest.bodyJSON.auth,
+            credentials: {
+              ...mockRequest.bodyJSON.auth.credentials,
+              access_token: undefined
+            }
+          }
+        }
+      };
+
+      const globalToolFunctionWithoutToken = new TestGlobalToolFunction(requestWithoutToken);
+
+      const result = await globalToolFunctionWithoutToken.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 response when provider is not OptiID', async () => {
+      // Create request with different provider
+      const requestWithDifferentProvider = {
+        ...mockRequest,
+        bodyJSON: {
+          ...mockRequest.bodyJSON,
+          auth: {
+            ...mockRequest.bodyJSON.auth,
+            provider: 'SomeOtherProvider'
+          }
+        }
+      };
+
+      const globalToolFunctionWithDifferentProvider = new TestGlobalToolFunction(requestWithDifferentProvider);
+
+      const result = await globalToolFunctionWithDifferentProvider.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 response when auth structure is missing', async () => {
+      // Create request without auth structure
+      const requestWithoutAuth = {
+        ...mockRequest,
+        bodyJSON: {
+          parameters: mockRequest.bodyJSON.parameters,
+          environment: mockRequest.bodyJSON.environment
+        }
+      };
+
+      const globalToolFunctionWithoutAuth = new TestGlobalToolFunction(requestWithoutAuth);
+
+      const result = await globalToolFunctionWithoutAuth.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 response when token verifier initialization fails', async () => {
+      // Setup mock to fail during token verifier initialization
+      mockGetTokenVerifier.mockRejectedValue(new Error('Failed to initialize token verifier'));
+
+      const result = await globalToolFunction.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+
+    it('should return 403 response when token validation throws an error', async () => {
+      // Setup mock token verifier to throw an error
+      mockTokenVerifier.verify.mockRejectedValue(new Error('Token validation failed'));
+
+      const result = await globalToolFunction.perform();
+
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      expect(mockProcessRequest).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('inheritance', () => {
+    it('should be an instance of GlobalFunction', () => {
+      // Assert
+      expect(globalToolFunction).toBeInstanceOf(GlobalToolFunction);
+    });
+
+    it('should have access to the request property', () => {
+      // Assert
+      expect(globalToolFunction.getRequest()).toBe(mockRequest);
+    });
+  });
+
+  describe('authentication differences from ToolFunction', () => {
+    it('should NOT validate organization ID (unlike ToolFunction)', async () => {
+      // This test demonstrates the key difference between GlobalToolFunction and ToolFunction
+      // GlobalToolFunction should work with any customer_id, while ToolFunction requires matching org ID
+
+      const requestWithRandomOrgId = {
+        ...mockRequest,
+        bodyJSON: {
+          ...mockRequest.bodyJSON,
+          auth: {
+            ...mockRequest.bodyJSON.auth,
+            credentials: {
+              ...mockRequest.bodyJSON.auth.credentials,
+              customer_id: 'random-org-999' // This would fail in ToolFunction but should work here
+            }
+          }
+        }
+      };
+
+      const globalToolFunctionWithRandomOrgId = new TestGlobalToolFunction(requestWithRandomOrgId);
+      mockTokenVerifier.verify.mockResolvedValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      const result = await globalToolFunctionWithRandomOrgId.perform();
+
+      // Should succeed even with different org ID
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      // Crucially: getAppContext should NOT be called (no org validation)
+      expect(mockGetAppContext).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(requestWithRandomOrgId, globalToolFunctionWithRandomOrgId);
+    });
+
+    it('should only require valid OptiID token (no organization constraints)', async () => {
+      // Test that only token validation is performed, no org validation
+      mockTokenVerifier.verify.mockResolvedValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      const result = await globalToolFunction.perform();
+
+      expect(result).toBe(mockResponse);
+      expect(mockGetTokenVerifier).toHaveBeenCalled();
+      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+
+      // Key assertion: getAppContext should never be called for global functions
+      expect(mockGetAppContext).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, globalToolFunction);
+    });
+  });
+});

package/src/function/GlobalToolFunction.ts

@@ -0,0 +1,56 @@
+import { GlobalFunction, Response, amendLogContext } from '@zaiusinc/app-sdk';
+import { authenticateGlobalRequest, extractAuthData } from '../auth/AuthUtils';
+import { toolsService } from '../service/Service';
+
+/**
+ * Abstract base class for global tool-based function execution
+ * Provides a standard interface for processing requests through registered tools
+ */
+export abstract class GlobalToolFunction extends GlobalFunction {
+
+  /**
+   * Override this method to implement any required credentials and/or other configuration
+   * exist and are valid. Reasonable caching should be utilized to prevent excessive requests to external resources.
+   * @async
+   * @returns true if the opal function is ready to use
+   */
+  protected ready(): Promise<boolean> {
+    return Promise.resolve(true);
+  }
+
+  /**
+   * Process the incoming request using the tools service
+   *
+   * @returns Response as the HTTP response
+   */
+  public async perform(): Promise<Response> {
+    // Extract customer_id from auth data for global context attribution
+    const authInfo = extractAuthData(this.request);
+    const customerId = authInfo?.authData?.credentials?.customer_id;
+
+    amendLogContext({
+      opalThreadId: this.request.headers.get('x-opal-thread-id') || '',
+      customerId: customerId || ''
+    });
+
+    if (!(await this.authorizeRequest())) {
+      return new Response(403, { error: 'Forbidden' });
+    }
+
+    if (this.request.path === '/ready') {
+      const isReady = await this.ready();
+      return new Response(200, { ready: isReady });
+    }
+
+    return toolsService.processRequest(this.request, this);
+  }
+
+  /**
+   * Authenticate the incoming request by validating only the OptiID token
+   *
+   * @returns true if authentication succeeds
+   */
+  private async authorizeRequest(): Promise<boolean> {
+    return await authenticateGlobalRequest(this.request);
+  }
+}