@rockcarver/frodo-lib 0.16.2-9 → 0.17.1

package/esm/ops/AuthenticateOps.mjs

@@ -2,37 +2,46 @@ import url from 'url';
 import { createHash, randomBytes } from 'crypto';
 import readlineSync from 'readline-sync';
 import { encodeBase64Url } from '../api/utils/Base64';
-import storage from '../storage/SessionStorage';
+import * as state from '../shared/State';
 import * as globalConfig from '../storage/StaticStorage';
-import { printMessage } from './utils/Console';
+import { debugMessage, printMessage, verboseMessage } from './utils/Console';
 import { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';
 import { step } from '../api/AuthenticateApi';
 import { accessToken, authorize } from '../api/OAuth2OIDCApi';
-import { getConnectionProfile, saveConnectionProfile } from './ConnectionProfileOps';
+import { getConnectionProfile } from './ConnectionProfileOps';
+import { v4 } from 'uuid';
+import { parseUrl } from '../api/utils/ApiUtils';
+import { createSignedJwtToken } from './JoseOps';
+import { getManagedObject } from '../api/ManagedObjectApi';
 const adminClientPassword = 'doesnotmatter';
 const redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';
-const idmAdminScope = 'fr:idm:* openid';
+const idmAdminScopes = 'fr:idm:* openid';
+const serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';
 let adminClientId = 'idmAdminClient';
+
 /**
  * Helper function to get cookie name
  * @returns {String} cookie name
  */
-
-async function getCookieName() {
+async function determineCookieName() {
   try {
-    return (await getServerInfo()).data.cookieName;
+    const {
+      data
+    } = await getServerInfo();
+    debugMessage(`AuthenticateOps.getCookieName: cookieName=${data.cookieName}`);
+    return data.cookieName;
   } catch (error) {
     printMessage(`Error getting cookie name: ${error}`, 'error');
+    debugMessage(error.stack);
     return null;
   }
 }
+
 /**
  * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey
  * @param {Object} payload response from the previous authentication journey step
  * @returns {Object} an object indicating if 2fa is required and the original payload
  */
-
-
 function checkAndHandle2FA(payload) {
   // let skippable = false;
   if ('callbacks' in payload) {
@@ -47,7 +56,6 @@ function checkAndHandle2FA(payload) {
           };
         }
       }
-
       if (element.type === 'NameCallback') {
         if (element.output[0].value.includes('code')) {
           // skippable = false;
@@ -60,89 +68,92 @@ function checkAndHandle2FA(payload) {
           };
         }
       }
-    } // console.info("NO2FA");
-
-
+    }
+    // console.info("NO2FA");
     return {
       need2fa: false,
       payload
     };
-  } // console.info("NO2FA");
-
-
+  }
+  // console.info("NO2FA");
   return {
     need2fa: false,
     payload
   };
 }
+
 /**
  * Helper function to set the default realm by deployment type
- * @param {String} deploymentType deployment type
+ * @param {string} deploymentType deployment type
  */
-
-
 function determineDefaultRealm(deploymentType) {
-  if (storage.session.getRealm() === globalConfig.DEFAULT_REALM_KEY) {
-    storage.session.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);
+  if (!state.getRealm() || state.getRealm() === globalConfig.DEFAULT_REALM_KEY) {
+    state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);
   }
 }
+
 /**
  * Helper function to determine the deployment type
- * @returns {String} deployment type
+ * @returns {Promise<string>} deployment type
  */
-
-
 async function determineDeploymentType() {
+  const cookieValue = state.getCookieValue();
+  // https://bugster.forgerock.org/jira/browse/FRAAS-13018
+  // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active
+  // if (!cookieValue && getUseBearerTokenForAmApis()) {
+  //   const token = await getTokenInfo();
+  //   cookieValue = token.sessionToken;
+  //   setCookieValue(cookieValue);
+  // }
+
+  // if we are using a service account, we know it's cloud
+  if (state.getUseBearerTokenForAmApis()) return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;
   const fidcClientId = 'idmAdminClient';
   const forgeopsClientId = 'idm-admin-ui';
   const verifier = encodeBase64Url(randomBytes(32));
   const challenge = encodeBase64Url(createHash('sha256').update(verifier).digest());
   const challengeMethod = 'S256';
-  const redirectURL = url.resolve(storage.session.getTenant(), redirectUrlTemplate);
+  const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);
   const config = {
-    maxRedirects: 0
+    maxRedirects: 0,
+    headers: {
+      [state.getCookieName()]: state.getCookieValue()
+    }
   };
-  let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScope}&response_type=code&client_id=${fidcClientId}&csrf=${storage.session.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
+  let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
   let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;
-
   try {
     await authorize(bodyFormData, config);
   } catch (e) {
     var _e$response, _e$response$headers, _e$response$headers$l;
-
+    // debugMessage(e.response);
     if (((_e$response = e.response) === null || _e$response === void 0 ? void 0 : _e$response.status) === 302 && ((_e$response$headers = e.response.headers) === null || _e$response$headers === void 0 ? void 0 : (_e$response$headers$l = _e$response$headers.location) === null || _e$response$headers$l === void 0 ? void 0 : _e$response$headers$l.indexOf('code=')) > -1) {
-      printMessage('ForgeRock Identity Cloud ', 'info', false);
+      verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);
       deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;
     } else {
       try {
-        bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScope}&response_type=code&client_id=${forgeopsClientId}&csrf=${storage.session.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
+        bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
         await authorize(bodyFormData, config);
       } catch (ex) {
         var _ex$response, _ex$response$headers, _ex$response$headers$;
-
         if (((_ex$response = ex.response) === null || _ex$response === void 0 ? void 0 : _ex$response.status) === 302 && ((_ex$response$headers = ex.response.headers) === null || _ex$response$headers === void 0 ? void 0 : (_ex$response$headers$ = _ex$response$headers.location) === null || _ex$response$headers$ === void 0 ? void 0 : _ex$response$headers$.indexOf('code=')) > -1) {
           adminClientId = forgeopsClientId;
-          printMessage('ForgeOps deployment ', 'info', false);
+          verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);
           deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;
         } else {
-          printMessage('Classic deployment ', 'info', false);
+          verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);
         }
       }
     }
-
-    printMessage('detected.');
   }
-
-  determineDefaultRealm(deploymentType);
   return deploymentType;
 }
+
 /**
  * Helper function to extract the semantic version string from a version info object
  * @param {Object} versionInfo version info object
  * @returns {String} semantic version
  */
-
-
 async function getSemanticVersion(versionInfo) {
   if ('version' in versionInfo) {
     const versionString = versionInfo.version;
@@ -150,140 +161,95 @@ async function getSemanticVersion(versionInfo) {
     const version = versionString.match(rx);
     return version[0];
   }
-
   throw new Error('Cannot extract semantic version from version info object.');
 }
+
 /**
  * Helper function to authenticate and obtain and store session cookie
- * @returns {String} empty string or null
+ * @returns {string} Session token or null
  */
-
-
-async function authenticate() {
-  storage.session.setCookieName(await getCookieName());
-
-  try {
-    const config = {
-      headers: {
-        'X-OpenAM-Username': storage.session.getUsername(),
-        'X-OpenAM-Password': storage.session.getPassword()
-      }
-    };
-    const response1 = (await step({}, config)).data;
-    const skip2FA = checkAndHandle2FA(response1);
-    let response2 = {};
-
-    if (skip2FA.need2fa) {
-      response2 = (await step(skip2FA.payload)).data;
-    } else {
-      response2 = skip2FA.payload;
-    }
-
-    if ('tokenId' in response2) {
-      storage.session.setCookieValue(response2['tokenId']);
-
-      if (!storage.session.getDeploymentType()) {
-        storage.session.setDeploymentType(await determineDeploymentType());
-      } else {
-        determineDefaultRealm(storage.session.getDeploymentType());
-      }
-
-      const versionInfo = (await getServerVersionInfo()).data; // https://github.com/rockcarver/frodo-cli/issues/109
-      // printMessage(`Connected to ${versionInfo.fullVersion}`);
-      // https://github.com/rockcarver/frodo-cli/issues/102
-
-      printMessage(`Connected to [${storage.session.getTenant()}], [${!storage.session.getRealm() ? 'alpha' : storage.session.getRealm()}] realm, as [${storage.session.getUsername()}]`);
-      const version = await getSemanticVersion(versionInfo);
-      storage.session.setAmVersion(version);
-      return '';
-    }
-
-    printMessage(`error authenticating`, 'error');
-    printMessage('+++ likely cause, bad credentials!!! +++', 'error');
-    return null;
-  } catch (e) {
-    var _e$response2;
-
-    if (((_e$response2 = e.response) === null || _e$response2 === void 0 ? void 0 : _e$response2.status) === 401) {
-      printMessage(`error authenticating - ${e.message}`, 'error');
-      printMessage('+++ likely cause, bad credentials +++', 'error');
-    }
-
-    if (e.message === 'self signed certificate') {
-      printMessage(`error authenticating - ${e.message}`, 'error');
-      printMessage('+++ use -k, --insecure option to allow +++', 'error');
-    } else {
-      var _e$response3;
-
-      printMessage(`error authenticating - ${e.message}`, 'error');
-      printMessage((_e$response3 = e.response) === null || _e$response3 === void 0 ? void 0 : _e$response3.data, 'error');
+async function authenticate(username, password) {
+  const config = {
+    headers: {
+      'X-OpenAM-Username': username,
+      'X-OpenAM-Password': password
     }
-
-    return null;
+  };
+  const response1 = await step({}, config);
+  const skip2FA = checkAndHandle2FA(response1);
+  let response2 = {};
+  if (skip2FA.need2fa) {
+    response2 = await step(skip2FA.payload);
+  } else {
+    response2 = skip2FA.payload;
+  }
+  if ('tokenId' in response2) {
+    return response2['tokenId'];
   }
+  return null;
 }
+
 /**
  * Helper function to obtain an oauth2 authorization code
- * @param {String} redirectURL oauth2 redirect uri
- * @param {String} codeChallenge PKCE code challenge
- * @param {String} codeChallengeMethod PKCE code challenge method
- * @returns {String} oauth2 authorization code or null
+ * @param {string} redirectURL oauth2 redirect uri
+ * @param {string} codeChallenge PKCE code challenge
+ * @param {string} codeChallengeMethod PKCE code challenge method
+ * @returns {string} oauth2 authorization code or null
  */
-
-
 async function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {
   try {
-    const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScope}&response_type=code&client_id=${adminClientId}&csrf=${storage.session.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
+    var _response$headers;
+    const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
     const config = {
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded'
-      }
+      },
+      maxRedirects: 0
     };
-    const response = await authorize(bodyFormData, config);
-
+    let response = undefined;
+    try {
+      response = await authorize(bodyFormData, config);
+    } catch (error) {
+      response = error.response;
+    }
     if (response.status < 200 || response.status > 399) {
       printMessage('error getting auth code', 'error');
       printMessage('likely cause: mismatched parameters with OAuth client config', 'error');
       return null;
     }
-
-    const redirectLocationURL = response.request.res.responseUrl;
+    const redirectLocationURL = (_response$headers = response.headers) === null || _response$headers === void 0 ? void 0 : _response$headers.location;
     const queryObject = url.parse(redirectLocationURL, true).query;
-
     if ('code' in queryObject) {
       return queryObject.code;
     }
-
     printMessage('auth code not found', 'error');
     return null;
   } catch (error) {
+    var _error$response;
     printMessage(`error getting auth code - ${error.message}`, 'error');
-    printMessage(error.response.data, 'error');
+    printMessage((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.data, 'error');
+    debugMessage(error.stack);
     return null;
   }
 }
+
 /**
  * Helper function to obtain oauth2 access token
- * @returns {String} empty string or null
+ * @returns {Promise<string | null>} access token or null
  */
-
-
-async function getAccessToken() {
+async function getAccessTokenForUser() {
   try {
     const verifier = encodeBase64Url(randomBytes(32));
     const challenge = encodeBase64Url(createHash('sha256').update(verifier).digest());
     const challengeMethod = 'S256';
-    const redirectURL = url.resolve(storage.session.getTenant(), redirectUrlTemplate);
+    const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);
     const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);
-
     if (authCode == null) {
       printMessage('error getting auth code', 'error');
       return null;
     }
-
     let response = null;
-
-    if (storage.session.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {
+    if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {
       const config = {
         auth: {
           username: adminClientId,
@@ -296,65 +262,166 @@ async function getAccessToken() {
       const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;
       response = await accessToken(bodyFormData);
     }
-
-    if (response.status < 200 || response.status > 399) {
-      printMessage(`access token call returned ${response.status}`, 'error');
-      return null;
-    }
-
     if ('access_token' in response.data) {
-      storage.session.setBearerToken(response.data.access_token);
-      return '';
+      return response.data.access_token;
     }
-
-    printMessage("can't get access token", 'error');
-    return null;
-  } catch (e) {
-    printMessage('error getting access token - ', 'error');
-    return null;
+    printMessage('No access token in response.', 'error');
+  } catch (error) {
+    var _error$response2;
+    debugMessage(`Error getting access token for user: ${error}`);
+    debugMessage((_error$response2 = error.response) === null || _error$response2 === void 0 ? void 0 : _error$response2.data);
   }
+  return null;
 }
+function createPayload(serviceAccountId) {
+  const u = parseUrl(state.getHost());
+  const aud = `${u.origin}:${u.port ? u.port : u.protocol === 'https' ? '443' : '80'}${u.pathname}/oauth2/access_token`;
+
+  // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH
+  const exp = Math.floor(new Date().getTime() / 1000 + 180);
+
+  // A unique ID for the JWT which is required when requesting the openid scope
+  const jti = v4();
+  const iss = serviceAccountId;
+  const sub = serviceAccountId;
+
+  // Create the payload for our bearer token
+  const payload = {
+    iss,
+    sub,
+    aud,
+    exp,
+    jti
+  };
+  return payload;
+}
+
 /**
- * Get tokens
- * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise
- * @returns {boolean} true if tokens were successfully obtained, false otherwise
+ * Get access token for service account
+ * @param {string} serviceAccountId UUID of service account
+ * @param {JwkRsa} jwk Java Wek Key
+ * @returns {string | null} Access token or null
  */
-
-
-export async function getTokens(save = false) {
-  let credsFromParameters = true; // if username/password on cli are empty, try to read from connections.json
-
-  if (storage.session.getUsername() == null && storage.session.getPassword() == null) {
-    credsFromParameters = false;
-    const conn = await getConnectionProfile();
-
-    if (conn) {
-      storage.session.setTenant(conn.tenant);
-      storage.session.setUsername(conn.username);
-      storage.session.setPassword(conn.password);
-      storage.session.setAuthenticationService(conn.authenticationService);
-      storage.session.setAuthenticationHeaderOverrides(conn.authenticationHeaderOverrides);
-    } else {
-      return false;
-    }
+export async function getAccessTokenForServiceAccount(serviceAccountId, jwk) {
+  debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);
+  const payload = createPayload(serviceAccountId);
+  debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);
+  debugMessage(payload);
+  const jwt = await createSignedJwtToken(payload, jwk);
+  debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);
+  debugMessage(jwt);
+  const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;
+  const response = await accessToken(bodyFormData);
+  if ('access_token' in response.data) {
+    debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);
+    debugMessage(response.data.access_token);
+    debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);
+    return response.data.access_token;
   }
-
-  await authenticate();
-
-  if (storage.session.getCookieValue() && !storage.session.getBearerToken() && (storage.session.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY || storage.session.getDeploymentType() === globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)) {
-    await getAccessToken();
+  debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`);
+  debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);
+  return null;
+}
+async function determineDeploymentTypeAndDefaultRealmAndVersion() {
+  debugMessage(`AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`);
+  if (!state.getDeploymentType()) {
+    state.setDeploymentType(await determineDeploymentType());
   }
-
-  if (save && storage.session.getCookieValue() && credsFromParameters) {
-    // valid cookie, which means valid username/password combo. Save it in connections.json
-    saveConnectionProfile();
-    return true;
+  determineDefaultRealm(state.getDeploymentType());
+  debugMessage(`AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`);
+  const versionInfo = (await getServerVersionInfo()).data;
+
+  // https://github.com/rockcarver/frodo-cli/issues/109
+  debugMessage(`Full version: ${versionInfo.fullVersion}`);
+  const version = await getSemanticVersion(versionInfo);
+  state.setAmVersion(version);
+  debugMessage(`AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`);
+}
+async function getLoggedInSubject() {
+  let subjectString = `user ${state.getUsername()}`;
+  if (state.getUseBearerTokenForAmApis()) {
+    const name = (await getManagedObject('svcacct', state.getServiceAccountId(), ['name'])).data.name;
+    subjectString = `service account ${name} [${state.getServiceAccountId()}]`;
   }
+  return subjectString;
+}
 
-  if (!storage.session.getCookieValue()) {
+/**
+ * Get tokens
+ * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise
+ * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise
+ */
+export async function getTokens() {
+  if (!state.getHost()) {
+    printMessage(`No host specified and FRODO_HOST env variable not set!`, 'error');
     return false;
   }
+  try {
+    // if username/password on cli are empty, try to read from connections.json
+    if (state.getUsername() == null && state.getPassword() == null && !state.getServiceAccountId() && !state.getServiceAccountJwk()) {
+      const conn = await getConnectionProfile();
+      if (conn) {
+        state.setHost(conn.tenant);
+        state.setUsername(conn.username);
+        state.setPassword(conn.password);
+        state.setAuthenticationService(conn.authenticationService);
+        state.setAuthenticationHeaderOverrides(conn.authenticationHeaderOverrides);
+        state.setServiceAccountId(conn.svcacctId);
+        state.setServiceAccountJwk(conn.svcacctJwk);
+      } else {
+        return false;
+      }
+    }
+    // now that we have the full tenant URL we can lookup the cookie name
+    state.setCookieName(await determineCookieName());
 
-  return true;
+    // use service account to login?
+    if (state.getServiceAccountId() && state.getServiceAccountJwk()) {
+      debugMessage(`AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`);
+      try {
+        const token = await getAccessTokenForServiceAccount(state.getServiceAccountId(), state.getServiceAccountJwk());
+        state.setBearerToken(token);
+        state.setUseBearerTokenForAmApis(true);
+        await determineDeploymentTypeAndDefaultRealmAndVersion();
+      } catch (saErr) {
+        var _saErr$response, _saErr$response$data, _saErr$response2, _saErr$response2$data;
+        throw new Error(`Service account login error: ${((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : (_saErr$response$data = _saErr$response.data) === null || _saErr$response$data === void 0 ? void 0 : _saErr$response$data.error_description) || ((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.message)}`);
+      }
+    }
+    // use user account to login
+    else if (state.getUsername() && state.getPassword()) {
+      debugMessage(`AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`);
+      const token = await authenticate(state.getUsername(), state.getPassword());
+      if (token) state.setCookieValue(token);
+      await determineDeploymentTypeAndDefaultRealmAndVersion();
+      if (state.getCookieValue() && !state.getBearerToken() && (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY || state.getDeploymentType() === globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)) {
+        const accessToken = await getAccessTokenForUser();
+        if (accessToken) state.setBearerToken(accessToken);
+      }
+    }
+    // incomplete or no credentials
+    else {
+      printMessage(`Incomplete or no credentials!`, 'error');
+      return false;
+    }
+    if (state.getCookieValue() || state.getUseBearerTokenForAmApis() && state.getBearerToken()) {
+      // https://github.com/rockcarver/frodo-cli/issues/102
+      printMessage(`Connected to ${state.getHost()} [${state.getRealm() ? state.getRealm() : 'root'}] as ${await getLoggedInSubject()}`, 'info');
+      return true;
+    }
+  } catch (error) {
+    var _error$response3, _error$response3$data, _error$response4, _error$response4$data, _error$response5;
+    // regular error
+    printMessage(error.message, 'error');
+    // axios error am api
+    printMessage((_error$response3 = error.response) === null || _error$response3 === void 0 ? void 0 : (_error$response3$data = _error$response3.data) === null || _error$response3$data === void 0 ? void 0 : _error$response3$data.message, 'error');
+    // axios error am oauth2 api
+    printMessage((_error$response4 = error.response) === null || _error$response4 === void 0 ? void 0 : (_error$response4$data = _error$response4.data) === null || _error$response4$data === void 0 ? void 0 : _error$response4$data.error_description, 'error');
+    // axios error data
+    debugMessage((_error$response5 = error.response) === null || _error$response5 === void 0 ? void 0 : _error$response5.data);
+    // stack trace
+    debugMessage(error.stack || new Error().stack);
+  }
+  return false;
 }
 //# sourceMappingURL=AuthenticateOps.js.map

package/esm/ops/AuthenticateOps.test.mjs

@@ -1,18 +1,16 @@
 import { Authenticate, state } from '../index';
 describe('AuthenticationOps', () => {
   test('getTokens() 1: ', async () => {
-    state.default.session.setTenant(process.env.FRODO_HOST || 'frodo-dev');
-    state.default.session.setRealm('alpha');
-
+    state.setHost(process.env.FRODO_HOST || 'frodo-dev');
+    state.setRealm('alpha');
     if (process.env.FRODO_HOST && process.env.FRODO_USER && process.env.FRODO_PASSWORD) {
-      state.default.session.setUsername(process.env.FRODO_USER);
-      state.default.session.setPassword(process.env.FRODO_PASSWORD);
+      state.setUsername(process.env.FRODO_USER);
+      state.setPassword(process.env.FRODO_PASSWORD);
     }
-
     await Authenticate.getTokens();
-    expect(state.default.session.getCookieName()).toBeTruthy();
-    expect(state.default.session.getCookieValue()).toBeTruthy();
-    expect(state.default.session.getBearerToken()).toBeTruthy();
+    expect(state.getCookieName()).toBeTruthy();
+    expect(state.getCookieValue()).toBeTruthy();
+    expect(state.getBearerToken()).toBeTruthy();
   });
 });
 //# sourceMappingURL=AuthenticateOps.test.js.map