@salesforce/core 8.7.0 → 8.8.1

package/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2024, Salesforce.com, Inc.
+Copyright (c) 2025, Salesforce.com, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

package/lib/org/authInfo.js

@@ -239,7 +239,7 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
      * @param sfdxAuthUrl
      */
     static parseSfdxAuthUrl(sfdxAuthUrl) {
-        const match = sfdxAuthUrl.match(/^force:\/\/([a-zA-Z0-9._-]+={0,2}):([a-zA-Z0-9._-]*={0,2}):([a-zA-Z0-9._-]+={0,2})@([a-zA-Z0-9._-]+)/);
+        const match = sfdxAuthUrl.match(/^force:\/\/([a-zA-Z0-9._-]+={0,2}):([a-zA-Z0-9._-]*={0,2}):([a-zA-Z0-9._-]+={0,2})@([a-zA-Z0-9:._-]+)/);
         if (!match) {
             throw new sfError_1.SfError(messages.getMessage('invalidSfdxAuthUrlError'), 'INVALID_SFDX_AUTH_URL');
         }
@@ -516,14 +516,12 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
      * **See** [SFDX Authorization](https://developer.salesforce.com/docs/atlas.en-us.sfdx_cli_reference.meta/sfdx_cli_reference/cli_reference_force_auth.htm#cli_reference_force_auth)
      */
     getSfdxAuthUrl() {
-        const decryptedFields = this.getFields(true);
-        const instanceUrl = (0, ts_types_1.ensure)(decryptedFields.instanceUrl, 'undefined instanceUrl').replace(/^https?:\/\//, '');
-        let sfdxAuthUrl = 'force://';
-        if (decryptedFields.clientId) {
-            sfdxAuthUrl += `${decryptedFields.clientId}:${decryptedFields.clientSecret ?? ''}:`;
-        }
-        sfdxAuthUrl += `${(0, ts_types_1.ensure)(decryptedFields.refreshToken, 'undefined refreshToken')}@${instanceUrl}`;
-        return sfdxAuthUrl;
+        const { clientId, clientSecret, refreshToken, instanceUrl } = this.getFields(true);
+        // host includes an optional port on the instanceUrl
+        const url = new URL((0, ts_types_1.ensure)(instanceUrl, 'undefined instanceUrl')).host;
+        const clientIdAndSecret = clientId ? `${clientId}:${clientSecret ?? ''}` : '';
+        const token = (0, ts_types_1.ensure)(refreshToken, 'undefined refreshToken');
+        return `force://${clientIdAndSecret}:${token}@${url}`;
     }
     /**
      * Convenience function to handle typical side effects encountered when dealing with an AuthInfo.
@@ -732,13 +730,18 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
     }
     // A callback function for a connection to refresh an access token.  This is used
     // both for a JWT connection and an OAuth connection.
-    async refreshFn(conn, callback) {
+    async refreshFn(_conn, callback) {
         this.logger.info('Access token has expired. Updating...');
         try {
             const fields = this.getFields(true);
+            // This method will request the new access token and save to the current AuthInfo instance (but don't persist them!).
             await this.initAuthOptions(fields);
+            // Persist fields with refreshed access token to auth file.
             await this.save();
-            return await callback(null, fields.accessToken);
+            // Pass new access token to the jsforce's session-refresh callback for proper propagation:
+            // https://jsforce.github.io/jsforce/types/session_refresh_delegate.SessionRefreshFunc.html
+            const { accessToken } = this.getFields(true);
+            return await callback(null, accessToken);
         }
         catch (err) {
             const error = err;

package/lib/org/connection.d.ts

@@ -148,8 +148,12 @@ export declare class Connection<S extends Schema = Schema> extends JSForceConnec
      */
     singleRecordQuery<T extends Record>(soql: string, options?: SingleRecordQueryOptions): Promise<T>;
     /**
-     * Executes a get request on the baseUrl to force an auth refresh
-     * Useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes
+     * Executes a HEAD request on the baseUrl to force an auth refresh.
+     * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
+     *
+     * This method issues a request using the current access token to check if it is still valid.
+     * If the request returns 200, no refresh happens, and we keep the token.
+     * If it returns 401, jsforce will request a new token and set it in the connection instance.
      */
     refreshAuth(): Promise<void>;
     private getCachedApiVersion;

package/lib/org/connection.js

@@ -334,14 +334,18 @@ class Connection extends jsforce_node_1.Connection {
         return result.records[0];
     }
     /**
-     * Executes a get request on the baseUrl to force an auth refresh
-     * Useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes
+     * Executes a HEAD request on the baseUrl to force an auth refresh.
+     * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
+     *
+     * This method issues a request using the current access token to check if it is still valid.
+     * If the request returns 200, no refresh happens, and we keep the token.
+     * If it returns 401, jsforce will request a new token and set it in the connection instance.
      */
     async refreshAuth() {
         this.logger.debug('Refreshing auth for org.');
         const requestInfo = {
             url: this.baseUrl(),
-            method: 'GET',
+            method: 'HEAD',
         };
         await this.request(requestInfo);
     }

package/lib/org/org.d.ts

@@ -319,7 +319,12 @@ export declare class Org extends AsyncOptionalCreatable<Org.Options> {
      */
     updateLocalInformation(): Promise<Pick<AuthFields, Org.Fields.NAME | Org.Fields.INSTANCE_NAME | Org.Fields.NAMESPACE_PREFIX | Org.Fields.IS_SANDBOX | Org.Fields.IS_SCRATCH | Org.Fields.TRIAL_EXPIRATION_DATE> | undefined>;
     /**
-     * Refreshes the auth for this org's instance by calling HTTP GET on the baseUrl of the connection object.
+     * Executes a HEAD request on the baseUrl to force an auth refresh.
+     * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
+     *
+     * This method issues a request using the current access token to check if it is still valid.
+     * If the request returns 200, no refresh happens, and we keep the token.
+     * If it returns 401, jsforce will request a new token and set it in the connection instance.
      */
     refreshAuth(): Promise<void>;
     /**

package/lib/org/org.js

@@ -622,13 +622,18 @@ class Org extends kit_1.AsyncOptionalCreatable {
         }
     }
     /**
-     * Refreshes the auth for this org's instance by calling HTTP GET on the baseUrl of the connection object.
+     * Executes a HEAD request on the baseUrl to force an auth refresh.
+     * This is useful for the raw methods (request, requestRaw) that use the accessToken directly and don't handle refreshes.
+     *
+     * This method issues a request using the current access token to check if it is still valid.
+     * If the request returns 200, no refresh happens, and we keep the token.
+     * If it returns 401, jsforce will request a new token and set it in the connection instance.
      */
     async refreshAuth() {
         this.logger.debug('Refreshing auth for org.');
         const requestInfo = {
             url: this.getConnection().baseUrl(),
-            method: 'GET',
+            method: 'HEAD',
         };
         await this.getConnection().request(requestInfo);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/core",
-  "version": "8.7.0",
+  "version": "8.8.1",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
   "main": "lib/index",
   "types": "lib/index.d.ts",