@salesforce/core 8.11.4 → 8.12.1-dev.0

package/lib/config/configFile.js

@@ -247,7 +247,7 @@ class ConfigFile extends configStore_1.BaseConfigStore {
         const lockResponse = await (0, fileLocking_1.lockInit)(this.getPath());
         // lock the file.  Returns an unlock function to call when done.
         try {
-            const fileTimestamp = (await fs.promises.stat(this.getPath(), { bigint: true })).mtimeNs;
+            const fileTimestamp = await getNsTimeStamp(this.getPath());
             const fileContents = (0, kit_1.parseJsonMap)(await fs.promises.readFile(this.getPath(), 'utf8'), this.getPath());
             this.logAndMergeContents(fileTimestamp, fileContents);
         }
@@ -268,7 +268,7 @@ class ConfigFile extends configStore_1.BaseConfigStore {
         const lockResponse = (0, fileLocking_1.lockInitSync)(this.getPath());
         try {
             // get the file modstamp.  Do this after the lock acquisition in case the file is being written to.
-            const fileTimestamp = fs.statSync(this.getPath(), { bigint: true }).mtimeNs;
+            const fileTimestamp = getNsTimeStampSync(this.getPath());
             const fileContents = (0, kit_1.parseJsonMap)(fs.readFileSync(this.getPath(), 'utf8'), this.getPath());
             this.logAndMergeContents(fileTimestamp, fileContents);
         }
@@ -394,4 +394,8 @@ class ConfigFile extends configStore_1.BaseConfigStore {
     }
 }
 exports.ConfigFile = ConfigFile;
+const getNsTimeStamp = async (filePath) => getNsTimeStampFromStatus(await fs.promises.stat(filePath, { bigint: true }));
+const getNsTimeStampSync = (filePath) => getNsTimeStampFromStatus(fs.statSync(filePath, { bigint: true }));
+/** in browser environment, memfs is missing the bigInt ns timestamp, so we generate it from the ms */
+const getNsTimeStampFromStatus = (stats) => stats.mtimeNs ?? BigInt(stats.mtimeMs) * BigInt(1_000_000);
 //# sourceMappingURL=configFile.js.map

package/lib/crypto/keyChain.js

@@ -58,6 +58,10 @@ const retrieveKeychain = async (platform) => {
             }
         }
     }
+    else if (platform === 'browser') {
+        logger.debug(`platform: ${platform}. Using generic keychain.`);
+        return keyChainImpl_1.keyChainImpl.generic_unix;
+    }
     else {
         throw messages.createError('unsupportedOperatingSystemError', [platform]);
     }

package/lib/global.d.ts

@@ -32,6 +32,10 @@ export declare class Global {
      * The preferred global folder in which state is stored.
      */
     static readonly STATE_FOLDER = ".sfdx";
+    /**
+     * Whether the code is running in a web browser.
+     */
+    static get isWeb(): boolean;
     /**
      * The full system path to the global sfdx state folder.
      *

package/lib/global.js

@@ -70,6 +70,12 @@ class Global {
      * The preferred global folder in which state is stored.
      */
     static STATE_FOLDER = Global.SFDX_STATE_FOLDER;
+    /**
+     * Whether the code is running in a web browser.
+     */
+    static get isWeb() {
+        return 'window' in globalThis;
+    }
     /**
      * The full system path to the global sfdx state folder.
      *

package/lib/logger/logger.js

@@ -233,7 +233,7 @@ class Logger {
      * Gets the name of this logger.
      */
     getName() {
-        return this.pinoLogger.bindings().name ?? '';
+        return (this.pinoLogger?.bindings ? this.pinoLogger.bindings().name : '') ?? '';
     }
     /**
      * Gets the current level of this logger.
@@ -409,7 +409,7 @@ const getWriteStream = (level = 'warn') => {
         // write to a rotating file
         target: 'pino/file',
         options: {
-            destination: path.join(global_1.Global.SF_DIR, `sf-${rotator.get(logRotationPeriod) ?? rotator.get('1d')}.log`),
+            destination: path.join(global_1.Global.SF_DIR, `sf-${(0, ts_types_1.ensureString)(rotator.get(logRotationPeriod)) ?? rotator.get('1d')}.log`),
             mkdir: true,
             level,
         },

package/lib/org/authInfo.d.ts

@@ -7,6 +7,15 @@ import { Org } from './org';
  * Fields for authorization, org, and local information.
  */
 export type AuthFields = {
+    apps?: {
+        [key: string]: {
+            clientId: string;
+            clientSecret?: string;
+            accessToken: string;
+            refreshToken: string;
+            oauthFlow: 'web';
+        };
+    };
     accessToken?: string;
     alias?: string;
     authCode?: string;
@@ -234,8 +243,10 @@ export declare class AuthInfo extends AsyncOptionalCreatable<AuthInfo.Options> {
     update(authData?: AuthFields): AuthInfo;
     /**
      * Get the auth fields (decrypted) needed to make a connection.
+     *
+     * @param app Name of the CA/ECA associated with the user.
      */
-    getConnectionOptions(): ConnectionOptions;
+    getConnectionOptions(app?: string): ConnectionOptions;
     getClientId(): string;
     getRedirectUri(): string;
     /**
@@ -343,6 +354,13 @@ export declare namespace AuthInfo {
          * OAuth options.
          */
         oauth2Options?: JwtOAuth2Config;
+        apps?: Array<{
+            name: string;
+            accessToken: string;
+            refreshToken: string;
+            clientId: string;
+            clientSecret?: string;
+        }>;
         /**
          * Options for the access token auth.
          */

package/lib/org/authInfo.js

@@ -445,38 +445,85 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
     }
     /**
      * Get the auth fields (decrypted) needed to make a connection.
+     *
+     * @param app Name of the CA/ECA associated with the user.
      */
-    getConnectionOptions() {
+    getConnectionOptions(app) {
         const decryptedCopy = this.getFields(true);
         const { accessToken, instanceUrl, loginUrl } = decryptedCopy;
-        if (this.isAccessTokenFlow()) {
-            this.logger.info('Returning fields for a connection using access token.');
-            // Just auth with the accessToken
-            return { accessToken, instanceUrl, loginUrl };
-        }
-        if (this.isJwt()) {
-            this.logger.info('Returning fields for a connection using JWT config.');
+        // return main app auth fields
+        if (!app) {
+            if (this.isAccessTokenFlow()) {
+                this.logger.info('Returning fields for a connection using access token.');
+                // Just auth with the accessToken
+                return { accessToken, instanceUrl, loginUrl };
+            }
+            if (this.isJwt()) {
+                this.logger.info('Returning fields for a connection using JWT config.');
+                return {
+                    accessToken,
+                    instanceUrl,
+                    refreshFn: this.refreshFn.bind(this),
+                };
+            }
+            // @TODO: figure out loginUrl and redirectUri (probably get from config class)
+            //
+            // redirectUri: org.config.getOauthCallbackUrl()
+            // loginUrl: this.fields.instanceUrl || this.config.getAppConfig().sfdcLoginUrl
+            this.logger.info('Returning fields for a connection using OAuth config.');
+            // Decrypt a user provided client secret or use the default.
             return {
+                oauth2: {
+                    loginUrl: instanceUrl ?? sfdcUrl_1.SfdcUrl.PRODUCTION,
+                    clientId: this.getClientId(),
+                    redirectUri: this.getRedirectUri(),
+                },
                 accessToken,
                 instanceUrl,
                 refreshFn: this.refreshFn.bind(this),
             };
         }
-        // @TODO: figure out loginUrl and redirectUri (probably get from config class)
-        //
-        // redirectUri: org.config.getOauthCallbackUrl()
-        // loginUrl: this.fields.instanceUrl || this.config.getAppConfig().sfdcLoginUrl
-        this.logger.info('Returning fields for a connection using OAuth config.');
-        // Decrypt a user provided client secret or use the default.
+        if (!decryptedCopy.apps) {
+            throw new sfError_1.SfError(`${this.username} does not have any apps linked yet.`);
+        }
+        if (!(app in decryptedCopy.apps)) {
+            throw new sfError_1.SfError(`${this.username} does not have a "${app}" app linked yet.`);
+        }
+        const decryptedApp = decryptedCopy.apps[app];
         return {
             oauth2: {
                 loginUrl: instanceUrl ?? sfdcUrl_1.SfdcUrl.PRODUCTION,
-                clientId: this.getClientId(),
+                clientId: decryptedApp.clientId,
                 redirectUri: this.getRedirectUri(),
             },
-            accessToken,
+            accessToken: decryptedApp.accessToken,
             instanceUrl,
-            refreshFn: this.refreshFn.bind(this),
+            // Specific refreshFn for AuthInfo's apps.
+            //
+            // Each app stores the oauth flow used for its initial auth, here we ensure each refresh returns
+            // a token, update the auth file with it and send it back to jsforce's through the callback.
+            refreshFn: async (_conn, callback) => {
+                // This only handles refresh for web flow.
+                // When more flows are supported for apps, check the `app.oauthFlow` field to set the appropiate refresh helper.
+                const authFields = await this.buildRefreshTokenConfig({
+                    clientId: decryptedApp.clientId,
+                    clientSecret: decryptedApp.clientSecret,
+                    refreshToken: decryptedApp.refreshToken,
+                    loginUrl: instanceUrl,
+                });
+                await this.save({
+                    apps: {
+                        [app]: {
+                            accessToken: (0, ts_types_1.ensureString)(authFields.accessToken),
+                            clientId: decryptedApp.clientId,
+                            clientSecret: decryptedApp.clientSecret,
+                            refreshToken: decryptedApp.refreshToken,
+                            oauthFlow: 'web',
+                        },
+                    },
+                });
+                await callback(null, authFields.accessToken);
+            },
         };
     }
     getClientId() {

package/lib/org/connection.d.ts

@@ -184,5 +184,9 @@ export declare namespace Connection {
          * Additional connection parameters.
          */
         connectionOptions?: ConnectionConfig<S>;
+        /**
+         * App to use for auth info credentials.
+         */
+        app?: string;
     };
 }

package/lib/org/connection.js

@@ -86,7 +86,7 @@ class Connection extends jsforce_node_1.Connection {
             callOptions: {
                 client: clientId,
             },
-            ...options.authInfo.getConnectionOptions(),
+            ...options.authInfo.getConnectionOptions(options.app),
             // this assertion is questionable, but has existed before core7
         };
         const conn = new this({ ...options, connectionOptions });

package/lib/stateAggregator/accessors/aliasAccessor.d.ts

@@ -88,6 +88,5 @@ export declare class AliasAccessor extends AsyncOptionalCreatable {
      * if the file doesn't exist, create it empty
      */
     private readFileToAliasStore;
-    private saveAliasStoreToFile;
 }
 export declare const getFileLocation: () => string;

package/lib/stateAggregator/accessors/aliasAccessor.js

@@ -10,11 +10,10 @@ exports.getFileLocation = exports.AliasAccessor = exports.FILENAME = exports.DEF
 const node_path_1 = require("node:path");
 const node_os_1 = require("node:os");
 const promises_1 = require("node:fs/promises");
-const proper_lockfile_1 = require("proper-lockfile");
 const kit_1 = require("@salesforce/kit");
 const global_1 = require("../../global");
 const sfError_1 = require("../../sfError");
-const lockRetryOptions_1 = require("../../util/lockRetryOptions");
+const fileLocking_1 = require("../../util/fileLocking");
 exports.DEFAULT_GROUP = 'orgs';
 exports.FILENAME = 'alias.json';
 class AliasAccessor extends kit_1.AsyncOptionalCreatable {
@@ -94,18 +93,20 @@ class AliasAccessor extends kit_1.AsyncOptionalCreatable {
      */
     async setAndSave(alias, entity) {
         // get a very fresh copy to merge with to avoid conflicts, then lock
-        await this.readFileToAliasStore(true);
+        const lockResponse = await (0, fileLocking_1.lockInit)(this.fileLocation);
+        await this.readFileToAliasStore();
         this.aliasStore.set(alias, getNameOf(entity));
-        return this.saveAliasStoreToFile();
+        return lockResponse.writeAndUnlock(aliasStoreToRawFileContents(this.aliasStore));
     }
     /**
      * Unset the given alias(es).  Writes to the file
      *
      */
     async unsetAndSave(alias) {
-        await this.readFileToAliasStore(true);
+        const lockResponse = await (0, fileLocking_1.lockInit)(this.fileLocation);
+        await this.readFileToAliasStore();
         this.aliasStore.delete(alias);
-        return this.saveAliasStoreToFile();
+        return lockResponse.writeAndUnlock(aliasStoreToRawFileContents(this.aliasStore));
     }
     /**
      * Unset all the aliases for the given array of entity.
@@ -113,11 +114,12 @@ class AliasAccessor extends kit_1.AsyncOptionalCreatable {
      * @param entity the aliasable entity for which you want to unset all aliases
      */
     async unsetValuesAndSave(aliasees) {
-        await this.readFileToAliasStore(true);
+        const lockResponse = await (0, fileLocking_1.lockInit)(this.fileLocation);
+        await this.readFileToAliasStore();
         (0, kit_1.ensureArray)(aliasees)
             .flatMap((a) => this.getAll(a))
             .map((a) => this.aliasStore.delete(a));
-        return this.saveAliasStoreToFile();
+        return lockResponse.writeAndUnlock(aliasStoreToRawFileContents(this.aliasStore));
     }
     /**
      * Returns true if the provided alias exists
@@ -135,29 +137,19 @@ class AliasAccessor extends kit_1.AsyncOptionalCreatable {
      * go to the fileSystem and read the file, storing a copy in the class's store
      * if the file doesn't exist, create it empty
      */
-    async readFileToAliasStore(useLock = false) {
-        if (useLock) {
-            await (0, proper_lockfile_1.lock)(this.fileLocation, lockRetryOptions_1.lockRetryOptions);
-        }
+    async readFileToAliasStore() {
         try {
             this.aliasStore = fileContentsRawToAliasStore(await (0, promises_1.readFile)(this.fileLocation, 'utf-8'));
         }
         catch (e) {
             if (e instanceof Error && 'code' in e && typeof e.code === 'string' && ['ENOENT', 'ENOTDIR'].includes(e.code)) {
-                this.aliasStore = new Map();
                 await (0, promises_1.mkdir)((0, node_path_1.dirname)(this.fileLocation), { recursive: true });
-                await this.saveAliasStoreToFile();
-                return;
+                this.aliasStore = new Map();
+                return (0, promises_1.writeFile)(this.fileLocation, aliasStoreToRawFileContents(this.aliasStore));
             }
-            if (useLock)
-                return unlockIfLocked(this.fileLocation);
             throw e;
         }
     }
-    async saveAliasStoreToFile() {
-        await (0, promises_1.writeFile)(this.fileLocation, aliasStoreToRawFileContents(this.aliasStore));
-        return unlockIfLocked(this.fileLocation);
-    }
 }
 exports.AliasAccessor = AliasAccessor;
 /**
@@ -166,11 +158,11 @@ exports.AliasAccessor = AliasAccessor;
 const getNameOf = (entity) => {
     if (typeof entity === 'string')
         return entity;
-    const aliaseeName = entity.username;
-    if (!aliaseeName) {
+    const { username } = entity;
+    if (!username) {
         throw new sfError_1.SfError(`Invalid aliasee, it must contain a user or username property: ${JSON.stringify(entity)}`);
     }
-    return aliaseeName;
+    return username;
 };
 const fileContentsRawToAliasStore = (contents) => {
     const fileContents = JSON.parse(contents);
@@ -181,16 +173,4 @@ const aliasStoreToRawFileContents = (aliasStore) => JSON.stringify({ [exports.DE
 // exported for testSetup mocking
 const getFileLocation = () => (0, node_path_1.join)((0, node_os_1.homedir)(), global_1.Global.SFDX_STATE_FOLDER, exports.FILENAME);
 exports.getFileLocation = getFileLocation;
-const unlockIfLocked = async (fileLocation) => {
-    try {
-        await (0, proper_lockfile_1.unlock)(fileLocation);
-    }
-    catch (e) {
-        // ignore the error.  If it wasn't locked, that's what we wanted
-        if (errorIsNotAcquired(e))
-            return;
-        throw e;
-    }
-};
-const errorIsNotAcquired = (e) => e instanceof Error && 'code' in e && e.code === 'ENOTACQUIRED';
 //# sourceMappingURL=aliasAccessor.js.map

package/lib/status/myDomainResolver.d.ts

@@ -38,6 +38,7 @@ export declare class MyDomainResolver extends AsyncOptionalCreatable<MyDomainRes
      * executing the dns loookup.
      */
     resolve(): Promise<string>;
+    /** @deprecated there is nothing using this in forcedotcom, salesforcecli, or public github search */
     getCnames(): Promise<string[]>;
     /**
      * Used to initialize asynchronous components.

package/lib/status/myDomainResolver.js

@@ -14,6 +14,7 @@ const ts_types_1 = require("@salesforce/ts-types");
 const kit_1 = require("@salesforce/kit");
 const logger_1 = require("../logger/logger");
 const sfdcUrl_1 = require("../util/sfdcUrl");
+const global_1 = require("../global");
 const pollingClient_1 = require("./pollingClient");
 // Timeout for DNS lookup polling defaults to 3 seconds and should always be at least 3 seconds
 const DNS_TIMEOUT = Math.max(3, new kit_1.Env().getNumber('SFDX_DNS_TIMEOUT', 3));
@@ -69,6 +70,10 @@ class MyDomainResolver extends kit_1.AsyncOptionalCreatable {
             this.logger.debug('SF_DISABLE_DNS_CHECK set to true. Skipping DNS check...');
             return this.options.url.host;
         }
+        if (global_1.Global.isWeb) {
+            this.logger.debug('Web browser detected. Skipping DNS check...');
+            return this.options.url.host;
+        }
         // eslint-disable-next-line @typescript-eslint/no-this-alias
         const self = this;
         const pollingOptions = {
@@ -106,6 +111,7 @@ class MyDomainResolver extends kit_1.AsyncOptionalCreatable {
         const client = await pollingClient_1.PollingClient.create(pollingOptions);
         return (0, ts_types_1.ensureString)(await client.subscribe());
     }
+    /** @deprecated there is nothing using this in forcedotcom, salesforcecli, or public github search */
     async getCnames() {
         try {
             await this.resolve();

package/lib/util/fileLocking.js

@@ -55,11 +55,10 @@ const lockInit = async (filePath) => {
     catch (err) {
         throw sfError_1.SfError.wrap(err);
     }
-    const unlock = await (0, proper_lockfile_1.lock)(filePath, { ...lockRetryOptions_1.lockRetryOptions, realpath: false });
+    const unlock = await (0, proper_lockfile_1.lock)(filePath, { ...lockRetryOptions_1.lockRetryOptions, realpath: false, fs });
     return {
         writeAndUnlock: async (data) => {
-            const logger = await logger_1.Logger.child('fileLocking.writeAndUnlock');
-            logger.debug(`Writing to file: ${filePath}`);
+            (await logger_1.Logger.child('fileLocking.writeAndUnlock')).debug(`Writing to file: ${filePath}`);
             try {
                 await fs.promises.writeFile(filePath, data);
             }
@@ -83,7 +82,7 @@ const lockInitSync = (filePath) => {
     catch (err) {
         throw sfError_1.SfError.wrap(err);
     }
-    const unlock = (0, proper_lockfile_1.lockSync)(filePath, { ...lockRetryOptions_1.lockOptions, realpath: false });
+    const unlock = (0, proper_lockfile_1.lockSync)(filePath, { ...lockRetryOptions_1.lockOptions, realpath: false, fs });
     return {
         writeAndUnlock: (data) => {
             const logger = logger_1.Logger.childFromRoot('fileLocking.writeAndUnlock');

package/lib/util/lockRetryOptions.d.ts

@@ -1,3 +1,4 @@
+import fs from 'node:fs';
 export declare const lockOptions: {
     stale: number;
 };
@@ -7,5 +8,6 @@ export declare const lockRetryOptions: {
         maxTimeout: number;
         factor: number;
     };
+    fs: typeof fs;
     stale: number;
 };

package/lib/util/lockRetryOptions.js

@@ -5,12 +5,17 @@
  * Licensed under the BSD 3-Clause license.
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.lockRetryOptions = exports.lockOptions = void 0;
 // docs: https://github.com/moxystudio/node-proper-lockfile
+const node_fs_1 = __importDefault(require("node:fs"));
 exports.lockOptions = { stale: 10_000 };
 exports.lockRetryOptions = {
     ...exports.lockOptions,
     retries: { retries: 10, maxTimeout: 1000, factor: 2 },
+    fs: node_fs_1.default, // lockfile supports injectable fs, which is needed for browser use
 };
 //# sourceMappingURL=lockRetryOptions.js.map

package/lib/util/time.d.ts

@@ -1 +1,2 @@
+/** using globalThis.performance instead importing from node:perf_hooks so it works in browser */
 export declare const nowBigInt: () => bigint;

package/lib/util/time.js

@@ -7,7 +7,7 @@ exports.nowBigInt = void 0;
  * Licensed under the BSD 3-Clause license.
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
-const node_perf_hooks_1 = require("node:perf_hooks");
-const nowBigInt = () => BigInt((node_perf_hooks_1.performance.now() + node_perf_hooks_1.performance.timeOrigin) * 1_000_000);
+/** using globalThis.performance instead importing from node:perf_hooks so it works in browser */
+const nowBigInt = () => BigInt((globalThis.performance.now() + globalThis.performance.timeOrigin) * 1_000_000);
 exports.nowBigInt = nowBigInt;
 //# sourceMappingURL=time.js.map

package/lib/webOAuthServer.d.ts

@@ -26,6 +26,8 @@ export declare class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Option
     private oauth2;
     private oauthConfig;
     private oauthError;
+    private app?;
+    private username?;
     constructor(options: WebOAuthServer.Options);
     /**
      * Returns the configured oauthLocalPort or the WebOAuthServer.DEFAULT_PORT
@@ -80,7 +82,31 @@ export declare class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Option
 }
 export declare namespace WebOAuthServer {
     type Options = {
-        oauthConfig: JwtOAuth2Config;
+        oauthConfig: JwtOAuth2Config & {
+            /**
+             * OAuth scopes to be requested for the access token.
+             *
+             * This should be a string with each scope separated by spaces:
+             * "refresh_token sfap_api chatbot_api web api"
+             *
+             * If not specified, all scopes assigned to the connected app are requested.
+             */
+            scope?: string;
+        };
+    } | {
+        oauthConfig: JwtOAuth2Config & {
+            /**
+             * OAuth scopes to be requested for the access token.
+             *
+             * This should be a string with each scope separated by spaces:
+             * "refresh_token sfap_api chatbot_api web api"
+             *
+             * If not specified, all scopes assigned to the connected app are requested.
+             */
+            scope?: string;
+        };
+        app: string;
+        username: string;
     };
     type Request = http.IncomingMessage & {
         query: {

package/lib/webOAuthServer.js

@@ -73,9 +73,15 @@ class WebOAuthServer extends kit_1.AsyncCreatable {
     oauth2;
     oauthConfig;
     oauthError = new Error('Oauth Error');
+    app;
+    username;
     constructor(options) {
         super(options);
         this.oauthConfig = options.oauthConfig;
+        if ('app' in options) {
+            this.app = options.app;
+            this.username = options.username;
+        }
     }
     /**
      * Returns the configured oauthLocalPort or the WebOAuthServer.DEFAULT_PORT
@@ -113,14 +119,43 @@ class WebOAuthServer extends kit_1.AsyncCreatable {
                 this.executeOauthRequest()
                     .then(async (response) => {
                     try {
-                        const authInfo = await authInfo_1.AuthInfo.create({
-                            oauth2Options: this.oauthConfig,
-                            oauth2: this.oauth2,
-                        });
-                        await authInfo.save();
-                        await this.webServer.handleSuccess(response);
-                        response.end();
-                        resolve(authInfo);
+                        // Link app to an existing auth file.
+                        if (this.app) {
+                            const authInfo = await authInfo_1.AuthInfo.create({
+                                oauth2Options: this.oauthConfig,
+                                oauth2: this.oauth2,
+                            });
+                            const authFields = authInfo.getFields(true);
+                            // get user authInfo and save app creds in `apps`
+                            const userAuthInfo = await authInfo_1.AuthInfo.create({
+                                username: this.username,
+                            });
+                            await userAuthInfo.save({
+                                apps: {
+                                    [this.app]: {
+                                        clientId: (0, ts_types_1.ensureString)(authFields.clientId),
+                                        clientSecret: authFields.clientSecret,
+                                        accessToken: (0, ts_types_1.ensureString)(authFields.accessToken),
+                                        refreshToken: (0, ts_types_1.ensureString)(authFields.refreshToken),
+                                        oauthFlow: 'web',
+                                    },
+                                },
+                            });
+                            await this.webServer.handleSuccess(response);
+                            response.end();
+                            resolve(authInfo);
+                        }
+                        else {
+                            // new auth, create new file.
+                            const authInfo = await authInfo_1.AuthInfo.create({
+                                oauth2Options: this.oauthConfig,
+                                oauth2: this.oauth2,
+                            });
+                            await authInfo.save();
+                            await this.webServer.handleSuccess(response);
+                            response.end();
+                            resolve(authInfo);
+                        }
                     }
                     catch (err) {
                         this.oauthError = err;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/core",
-  "version": "8.11.4",
+  "version": "8.12.1-dev.0",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
   "main": "lib/index",
   "types": "lib/index.d.ts",
@@ -77,7 +77,7 @@
     "@salesforce/ts-sinon": "^1.4.30",
     "@types/benchmark": "^2.1.5",
     "@types/fast-levenshtein": "^0.0.4",
-    "@types/jsonwebtoken": "9.0.7",
+    "@types/jsonwebtoken": "9.0.9",
     "@types/proper-lockfile": "^4.1.4",
     "@types/semver": "^7.5.8",
     "benchmark": "^2.1.4",