@pymthouse/builder-sdk 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/{client-GP-mTEI7.d.cts → client-CEBVgCD7.d.cts} +19 -1
  2. package/dist/{client-BhNz0ZAA.d.ts → client-D-p6v8ju.d.ts} +19 -1
  3. package/dist/env.cjs +24 -6
  4. package/dist/env.cjs.map +1 -1
  5. package/dist/env.d.cts +1 -1
  6. package/dist/env.d.ts +1 -1
  7. package/dist/env.js +24 -6
  8. package/dist/env.js.map +1 -1
  9. package/dist/index.cjs +24 -6
  10. package/dist/index.cjs.map +1 -1
  11. package/dist/index.d.cts +1 -1
  12. package/dist/index.d.ts +1 -1
  13. package/dist/index.js +24 -6
  14. package/dist/index.js.map +1 -1
  15. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1469,8 +1469,13 @@ var PmtHouseClient = class {
1469
1469
  params.set("subject_token", input.userJwt);
1470
1470
  params.set("subject_token_type", SUBJECT_ACCESS_TOKEN_TYPE2);
1471
1471
  params.set("requested_token_type", REQUESTED_ACCESS_TOKEN_TYPE);
1472
- const resourceCandidate = typeof input.resource === "string" && input.resource.trim() !== "" ? input.resource.trim() : this.issuerUrl;
1473
- params.set("resource", stripTrailingSlashes(resourceCandidate));
1472
+ if (typeof input.scope === "string" && input.scope.trim() !== "") {
1473
+ params.set("scope", input.scope.trim());
1474
+ }
1475
+ if (!input.omitResource) {
1476
+ const resourceCandidate = typeof input.resource === "string" && input.resource.trim() !== "" ? input.resource.trim() : this.issuerUrl;
1477
+ params.set("resource", stripTrailingSlashes(resourceCandidate));
1478
+ }
1474
1479
  try {
1475
1480
  const response = await oauth4webapi.genericTokenEndpointRequest(
1476
1481
  as,
@@ -1756,18 +1761,31 @@ var PmtHouseClient = class {
1756
1761
  };
1757
1762
  }
1758
1763
  /**
1759
- * Upsert an external user, mint a short-lived JWT, and exchange for an opaque signer session.
1764
+ * Upsert an external user, mint a short-lived JWT, and exchange it for a
1765
+ * long-lived opaque (`pmth_*`) signer session.
1766
+ *
1767
+ * Performs the *documented* remote-signer-session exchange (see
1768
+ * `builder-api.md` → "Remote signer session exchange"): the RFC 8693 token
1769
+ * exchange is sent with `scope=sign:job` and **no `resource` indicator**,
1770
+ * which selects the PymtHouse gateway/opaque path. A prior implementation set
1771
+ * `resource = issuer`, which routed to the signer-JWT path and returned a JWT
1772
+ * that {@link parseSignerSessionExchange} then rejected as non-opaque.
1760
1773
  */
1761
1774
  async mintSignerSessionForExternalUser(input) {
1775
+ const scope = input.scope ?? SIGN_JOB_SCOPE;
1762
1776
  await this.upsertAppUser({
1763
1777
  externalUserId: input.externalUserId,
1764
1778
  email: input.email,
1765
1779
  status: "active"
1766
1780
  });
1767
- const exchange = await this.mintUserSignerSessionToken({
1781
+ const userToken = await this.mintUserAccessToken({
1768
1782
  externalUserId: input.externalUserId,
1769
- scope: input.scope ?? SIGN_JOB_SCOPE,
1770
- resource: this.issuerUrl
1783
+ scope
1784
+ });
1785
+ const exchange = await this.exchangeForSignerSession({
1786
+ userJwt: userToken.access_token,
1787
+ omitResource: true,
1788
+ scope
1771
1789
  });
1772
1790
  return parseSignerSessionExchange(exchange);
1773
1791
  }