@sap/cli-core 2024.22.0 → 2024.24.0

package/CHANGELOG.md

@@ -5,6 +5,77 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 2024.24.0
+
+### Added
+
+- Support for Node v22.
+
+- New command `<cli> config secrets check` has been added to the CLI. This command allows you to verify whether the secrets file used to run commands is consistent.
+
+  Examples for inconsistent secrets files:
+
+  ```bash
+  $ datasphere config secrets check
+  ✔ Please enter the path to the secrets file: … secrets.json
+  the provided secrets file is not consistent. the secrets file is missing either property access_token or properties refresh_token, client_id and client_secret
+  Failed to check secrets file consistency
+  ```
+
+  ```bash
+  $ datasphere config secrets check
+  ✔ Please enter the path to the secrets file: … secrets.json
+  the provided secrets file is not consistent. the secrets file is missing either property tenantUrl or properties authorization_url and token_url
+  Failed to check secrets file consistency
+  ```
+
+  Example for consistent secrets file:
+
+  ```bash
+  $ datasphere config secrets check
+  ✔ Please enter the path to the secrets file: … secrets.json
+  the secrets file is consistent
+  ```
+
+- Support for the authorization flow `client_credentials`. When logging in, users can now explicitly use the `client_credentials` flow. The help shows the available option to specify the authorization flow.
+
+  ```bash
+  % datasphere login --help
+  Usage: datasphere login [options]
+
+  log in to your account using interactive OAuth authentication
+
+  Options:
+    -H, --host <host>                              specifies the url where the tenant is hosted (optional)
+    -A, --authorization-url <url>                  authorization url for interactive oauth session authentication (optional)
+    -t, --token-url <url>                          token url for interactive oauth session authentication (optional)
+    -c, --client-id <id>                           client id for interactive oauth session authentication (optional)
+    -C, --client-secret <secret>                   client secret for interactive oauth session authentication (optional)
+    -a, --access-token <token>                     access token for interactive oauth session authentication (optional)
+    -b, --code <code>                              code for oauth token retrieval (optional)
+    -r, --refresh-token <token>                    refresh token for interactive oauth session authentication (optional)
+    -s, --secrets-file <file>                      path to secrets file (optional)
+    -B, --browser <browser>                        specifies the browser to open (optional) (choices: "chrome", "firefox", "edge", default: "chrome")
+    -d, --authorization-flow <authorization-flow>  specifies the authorization flow to use (optional) (choices: "authorization_code", "client_credentials", default: "authorization_code")
+    -h, --help                                     display help for command
+
+  Only command-specific options are listed here. To learn more about available generic options, visit https://tinyurl.com/yck8vv4w
+  ```
+
+  There's a new option `-d, --authorization-flow <authorization-flow>  specifies the authorization flow to use (optional) (choices: "authorization_code", "client_credentials", default: "authorization_code")`.
+
+  By default, the authorization flow `authorization_code` is used which was also the implicit default before. If users create a technical OAuth client, they must set the authorization flow to `client_credentials` explicitly.
+
+  `% datasphere login --authorization-flow client_credentials ...`
+
+- When using option `--secrets-file` and the file containing the secrets does not exist or is not in a valid JSON format, the CLI now shows an error to the user: `The secrets file at location /path/to/secrets.json could not be read and JSON.parse'd. Does the file exist and is it a valid JSON file?`
+
+## 2024.22.0
+
+### Fixed
+
+- Issues with option `--input` which would not set the request body correctly. As a workaround, option `--file-path` can be used.
+
 ## 2024.17.0
 
 ### Added

package/README.md

@@ -2,7 +2,7 @@
 
 Command-Line Interface (CLI) Core Module.
 
-[![Node Version](https://img.shields.io/badge/node-18.xx.x-brightgreen)](https://nodejs.org/dist/latest-v18.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-19.xx.x-brightgreen)](https://nodejs.org/dist/latest-v19.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-20.xx.x-brightgreen)](https://nodejs.org/dist/latest-v20.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-21.xx.x-brightgreen)](https://nodejs.org/dist/latest-v21.x/docs/api/#) [![npm version](https://badge.fury.io/js/@sap%2Fcli-core.svg)](https://badge.fury.io/js/@sap%2Fcli-core)
+[![Node Version](https://img.shields.io/badge/node-18.xx.x-brightgreen)](https://nodejs.org/dist/latest-v18.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-19.xx.x-brightgreen)](https://nodejs.org/dist/latest-v19.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-20.xx.x-brightgreen)](https://nodejs.org/dist/latest-v20.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-21.xx.x-brightgreen)](https://nodejs.org/dist/latest-v21.x/docs/api/#) [![Node Version](https://img.shields.io/badge/node-22.xx.x-brightgreen)](https://nodejs.org/dist/latest-v22.x/docs/api/#) [![npm version](https://badge.fury.io/js/@sap%2Fcli-core.svg)](https://badge.fury.io/js/@sap%2Fcli-core)
 
 ## Content
 

package/cache/secrets/SecretsStorageImpl.js

@@ -1,15 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SecretsStorageImpl = void 0;
-const config_1 = require("../../config");
 const constants_1 = require("../../constants");
 const logger_1 = require("../../logger");
 const utils_1 = require("../../logger/utils");
 const types_1 = require("../../types");
-const http_1 = require("../../utils/http");
-const utils_2 = require("../../utils/utils");
 const cache_1 = require("../cache");
-const utils_3 = require("./utils");
+const utils_2 = require("./utils");
 class SecretsStorageImpl {
     secrets = [];
     logger;
@@ -24,7 +21,7 @@ class SecretsStorageImpl {
         for (let i = 0; i < this.secrets.length; i++) {
             this.secrets[i].id = i;
             if (this.secrets[i].client_id) {
-                this.secrets[i].customClient = (0, utils_3.isCustomClient)(this.secrets[i].client_id);
+                this.secrets[i].customClient = (0, utils_2.isCustomClient)(this.secrets[i].client_id);
                 // eslint-disable-next-line no-await-in-loop
                 await this.updateUrls(i);
             }
@@ -52,7 +49,7 @@ class SecretsStorageImpl {
         return this.getSecretById(await this.getDefaultSecretId());
     }
     async getDefaultSecretId() {
-        const tenantUrl = (0, utils_3.getTenantUrl)();
+        const tenantUrl = (0, utils_2.getTenantUrl)();
         const { host } = new URL(tenantUrl);
         const secret = this.secrets.find((s) => new URL(s.tenantUrl).host === host);
         if (!secret) {
@@ -76,7 +73,7 @@ class SecretsStorageImpl {
         this.secrets.splice(id, 1);
     }
     updateSecret(secret) {
-        const tenantUrl = (0, utils_3.getTenantUrl)();
+        const tenantUrl = (0, utils_2.getTenantUrl)();
         let prevSecretIx = this.secrets.findIndex((s) => s.tenantUrl === tenantUrl);
         let newSecret;
         if (prevSecretIx > -1) {
@@ -96,42 +93,7 @@ class SecretsStorageImpl {
         return prevSecretIx;
     }
     async updateUrls(secretIndex) {
-        const secret = this.secrets[secretIndex];
-        if (secret.client_id) {
-            const config = (0, config_1.get)();
-            let oauth = {};
-            if (!secret.customClient &&
-                (!secret.authorization_url || !secret.token_url)) {
-                oauth = (await (0, http_1.fetch)({
-                    method: "GET",
-                    url: `${config.tenantUrl}/oauth`,
-                })).data;
-            }
-            let authorizationUrl = secret.authorization_url;
-            if (!authorizationUrl) {
-                if (!secret.customClient) {
-                    authorizationUrl = oauth.authorizationUrl;
-                }
-                else {
-                    authorizationUrl = config.authorizationUrl;
-                }
-            }
-            let tokenUrl = secret.token_url;
-            if (!tokenUrl) {
-                if (!secret.customClient) {
-                    tokenUrl = oauth.tokenUrl;
-                }
-                else {
-                    tokenUrl = config.tokenUrl;
-                }
-            }
-            if (!tokenUrl || !authorizationUrl) {
-                throw new Error("invalid token url or authorization url");
-            }
-            this.secrets[secretIndex].authorization_url =
-                (0, utils_2.removeQueryParametersFromUrl)(authorizationUrl);
-            this.secrets[secretIndex].token_url = (0, utils_2.removeQueryParametersFromUrl)(tokenUrl);
-        }
+        this.secrets[secretIndex] = await (0, utils_2.updateUrls)(this.secrets[secretIndex]);
     }
     async storeSecret(secret) {
         this.updateSecret(secret);
@@ -143,8 +105,9 @@ class SecretsStorageImpl {
     }
     removeInconsistentSecrets() {
         this.secrets = this.secrets.filter((secret) => {
-            if (!(0, utils_3.isSecretConsistent)(secret)) {
-                this.logger.warn(`secret ${JSON.stringify(secret)} is not consistent and removed from cache`);
+            const consistent = (0, utils_2.isSecretConsistent)(secret);
+            if (!consistent.consistent) {
+                this.logger.warn(`secret ${JSON.stringify(secret)} is not consistent and removed from cache. ${consistent.errors.join(". ")}`);
                 return false;
             }
             return true;

package/cache/secrets/utils.d.ts

@@ -1,4 +1,10 @@
 import { Secret } from "../../types";
 export declare const isCustomClient: (clientId?: string) => boolean;
 export declare const getTenantUrl: () => string;
-export declare function isSecretConsistent(secret: Secret): boolean;
+export declare function updateUrls(secret: Secret): Promise<Secret>;
+export declare function isSecretConsistent(secret: Secret): {
+    consistent: true;
+} | {
+    consistent: false;
+    errors: Array<string>;
+};

package/cache/secrets/utils.js

@@ -1,9 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getTenantUrl = exports.isCustomClient = void 0;
+exports.updateUrls = updateUrls;
 exports.isSecretConsistent = isSecretConsistent;
 const config_1 = require("../../config");
 const constants_1 = require("../../constants");
+const types_1 = require("../../types");
+const http_1 = require("../../utils/http");
+const utils_1 = require("../../utils/utils");
 // Pre-delivered OAuth Client ID: 5a638330-5899-366e-ac00-ab62cc32dcda
 // Custom OAuth Client ID: sb-00bb7bc2-cc32-423c-921c-2abdee11a29d!b49931|client!b3650
 const isCustomClient = (clientId) => clientId ? clientId.startsWith("sb-") : true;
@@ -17,10 +21,64 @@ const getTenantUrl = () => {
     return tenantUrl;
 };
 exports.getTenantUrl = getTenantUrl;
+async function updateUrls(secret) {
+    if (secret.client_id) {
+        const config = (0, config_1.get)();
+        let oauth = {};
+        if (!secret.customClient &&
+            (!secret.authorization_url || !secret.token_url)) {
+            oauth = (await (0, http_1.fetch)({
+                method: "GET",
+                url: `${config.tenantUrl}/oauth`,
+            })).data;
+        }
+        let authorizationUrl = secret.authorization_url;
+        if (!authorizationUrl) {
+            if (!secret.customClient) {
+                authorizationUrl = oauth.authorizationUrl;
+            }
+            else {
+                authorizationUrl = config.authorizationUrl;
+            }
+        }
+        let tokenUrl = secret.token_url;
+        if (!tokenUrl) {
+            if (!secret.customClient) {
+                tokenUrl = oauth.tokenUrl;
+            }
+            else {
+                tokenUrl = config.tokenUrl;
+            }
+        }
+        if (!tokenUrl || !authorizationUrl) {
+            throw new Error("invalid token url or authorization url");
+        }
+        // eslint-disable-next-line no-param-reassign
+        secret.authorization_url = (0, utils_1.removeQueryParametersFromUrl)(authorizationUrl);
+        // eslint-disable-next-line no-param-reassign
+        secret.token_url = (0, utils_1.removeQueryParametersFromUrl)(tokenUrl);
+    }
+    return secret;
+}
 function isSecretConsistent(secret) {
-    // all these properties must exist
-    return ((!!secret.tenantUrl ||
-        (!!secret.authorization_url && !!secret.token_url)) &&
-        (!!secret.access_token ||
-            (!!secret.refresh_token && !!secret.client_id && !!secret.client_secret)));
+    const errors = [];
+    if (!((0, utils_1.isValidURL)(secret.tenantUrl) ||
+        ((secret.authorization_flow !== types_1.GrantType.authorization_code ||
+            (0, utils_1.isValidURL)(secret.authorization_url)) &&
+            (0, utils_1.isValidURL)(secret.token_url)))) {
+        errors.push("the secrets file is missing either property tenantUrl or properties authorization_url and token_url" +
+            " or the URLs are not valid");
+    }
+    if (!(secret.access_token ||
+        ((secret.authorization_flow !== types_1.GrantType.authorization_code ||
+            secret.refresh_token) &&
+            secret.client_id &&
+            secret.client_secret))) {
+        errors.push("the secrets file is missing either property access_token or properties refresh_token, " +
+            "client_id and client_secret");
+    }
+    if (errors.length > 0) {
+        return { consistent: false, errors };
+    }
+    return { consistent: true };
 }

package/commands/config.command/secrets.command/check.command.d.ts

@@ -0,0 +1,4 @@
+import { Command, Handler } from "../../../types";
+export declare const create: () => Handler;
+declare const refreshCommand: Command;
+export default refreshCommand;

package/commands/config.command/secrets.command/check.command.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.create = void 0;
+const constants_1 = require("../../../constants");
+const handler_1 = require("../../handler");
+const file_1 = require("../../handler/authentication/oauth/secretsProvider/file");
+const logger_1 = require("../../../logger");
+/* jscpd:ignore-end */
+const create = () => async () => async () => {
+    const { output } = (0, logger_1.get)("commands.secrets.check");
+    await (0, file_1.readSecretsFile)();
+    output("the secrets file is consistent");
+};
+exports.create = create;
+const refreshCommand = {
+    type: "command",
+    command: "check",
+    description: "check secrets file consistency",
+    handler: (0, handler_1.createNextHandler)("commands.config.secrets.check", (0, handler_1.createParseArgumentsHandler)(), (0, handler_1.createOptionsHandler)([
+        { ...constants_1.OPTION_SECRETS_FILE, required: true, hidden: false },
+    ]), (0, exports.create)()),
+};
+exports.default = refreshCommand;

package/commands/config.command/secrets.command/index.js

@@ -6,10 +6,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const refresh_command_1 = __importDefault(require("./refresh.command"));
 const reset_command_1 = __importDefault(require("./reset.command"));
 const show_command_1 = __importDefault(require("./show.command"));
+const check_command_1 = __importDefault(require("./check.command"));
 const secretsCommand = {
     type: "topCommand",
     command: "secrets",
     description: "work with the locally stored secrets",
-    subCommands: [show_command_1.default, refresh_command_1.default, reset_command_1.default],
+    subCommands: [show_command_1.default, refresh_command_1.default, reset_command_1.default, check_command_1.default],
 };
 exports.default = secretsCommand;

package/commands/handler/authentication/index.js

@@ -16,6 +16,6 @@ const core_1 = require("../../../config/core");
 const succeed_1 = require("../succeed");
 exports.create = process.env.SUPPORT === "true"
     ? technicalJWT_1.create
-    : () => (0, next_1.create)("commands.handler.authentication", (0, resilient_1.create)((0, next_1.create)("commands.handler.authentication$oauth", (0, cache_1.create)(), (0, refreshToken_1.create)())), (0, options_1.create)(constants_1.OPTION_CLIENT_ID), (0, options_1.create)(constants_1.OPTION_CLIENT_SECRET), (0, options_1.create)(constants_1.OPTION_ACCESS_TOKEN), (0, options_1.create)(constants_1.OPTION_REFRESH_TOKEN), (0, options_1.create)(constants_1.OPTION_CODE), (0, options_1.create)(constants_1.OPTION_TOKEN_URL), (0, options_1.create)(constants_1.OPTION_AUTHORIZATION_URL), (0, core_1.getAuthenticationMethods)().includes(constants_1.AuthenticationMethod.passcode)
+    : () => (0, next_1.create)("commands.handler.authentication", (0, resilient_1.create)((0, next_1.create)("commands.handler.authentication$oauth", (0, cache_1.create)(), (0, refreshToken_1.create)())), (0, options_1.create)(constants_1.OPTION_CLIENT_ID), (0, options_1.create)(constants_1.OPTION_CLIENT_SECRET), (0, options_1.create)(constants_1.OPTION_ACCESS_TOKEN), (0, options_1.create)(constants_1.OPTION_REFRESH_TOKEN), (0, options_1.create)(constants_1.OPTION_CODE), (0, options_1.create)(constants_1.OPTION_TOKEN_URL), (0, options_1.create)(constants_1.OPTION_AUTHORIZATION_URL), (0, options_1.create)(constants_1.OPTION_AUTHORIZATION_FLOW), (0, core_1.getAuthenticationMethods)().includes(constants_1.AuthenticationMethod.passcode)
         ? (0, options_1.create)(constants_1.OPTION_PASSCODE)
         : (0, succeed_1.create)(), (0, options_1.create)(constants_1.OPTION_SECRETS_FILE), (0, or_1.create)("commands.handler.authentication$handler", (0, setAuthorization_1.create)(), (0, passcode_1.create)(), (0, oauth_1.create)()));

package/commands/handler/authentication/oauth/secretsProvider/file.d.ts

@@ -1,2 +1,3 @@
-import { Handler } from "../../../../../types";
+import { Handler, Secret } from "../../../../../types";
+export declare function readSecretsFile(): Promise<Secret>;
 export declare const create: () => Handler;

package/commands/handler/authentication/oauth/secretsProvider/file.js

@@ -1,25 +1,45 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.create = void 0;
+exports.readSecretsFile = readSecretsFile;
 const fs_extra_1 = require("fs-extra");
 const next_1 = require("../../../next");
 const constants_1 = require("../../../../../constants");
 const logger_1 = require("../../../../../logger");
+const config_1 = require("../../../../../config");
 const options_1 = require("../../../../../utils/options");
 const options_2 = require("../../../options");
 const SecretsStorageSingleton_1 = require("../../../../../cache/secrets/SecretsStorageSingleton");
-const handler = async () => async () => {
-    const { error, debug, info } = (0, logger_1.get)("commands.handler.authentication.oauth.secretsProvider.file");
-    info("reading secrets from file");
+const utils_1 = require("../../../../../cache/secrets/utils");
+async function readSecretsFile() {
+    const { output, error, debug } = (0, logger_1.get)("commands.handler.authentication.oauth.secretsProvider.file.readSecretsFile");
+    const secretsFile = (0, options_1.getOptionValueFromConfig)(constants_1.OPTION_SECRETS_FILE);
+    const config = (0, config_1.get)();
     try {
-        const secretsFile = (0, options_1.getOptionValueFromConfig)(constants_1.OPTION_SECRETS_FILE);
-        await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.storeSecret(JSON.parse(await (0, fs_extra_1.readFile)(secretsFile, "utf8")));
+        let content = JSON.parse(await (0, fs_extra_1.readFile)(secretsFile, "utf8"));
+        content.tenantUrl = config.tenantUrl ?? content.tenantUrl;
+        content.customClient = (0, utils_1.isCustomClient)(content.client_id);
+        content = await (0, utils_1.updateUrls)(content);
         debug("secrets found from file");
+        const consistent = (0, utils_1.isSecretConsistent)(content);
+        if (!consistent.consistent) {
+            output(`the provided secrets file is not consistent. ${consistent.errors.join(". ")}`);
+            throw new Error("inconsistent secrets file");
+        }
+        return content;
     }
     catch (err) {
         error("failed to read secrets from file", err);
+        output(`The secrets file at location ${secretsFile} could not be read and JSON.parse'd.` +
+            `Does the file exist and is it a valid JSON file?`);
         throw err;
     }
+}
+const handler = async () => async () => {
+    const { info } = (0, logger_1.get)("commands.handler.authentication.oauth.secretsProvider.file");
+    info("reading secrets from file");
+    const content = await readSecretsFile();
+    await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.storeSecret(content);
 };
 const create = () => (0, next_1.create)("commands.handler.authentication.oauth.secretsProvider.file", (0, options_2.create)([constants_1.OPTION_SECRETS_FILE]), handler);
 exports.create = create;

package/commands/handler/authentication/oauth/secretsProvider/options.js

@@ -20,6 +20,7 @@ const setOAuthFromOptions = async () => async () => {
         token_url: (0, options_2.getOptionValueFromConfigGracefully)(constants_1.OPTION_TOKEN_URL),
         access_token: (0, options_2.getOptionValueFromConfigGracefully)(constants_1.OPTION_ACCESS_TOKEN),
         refresh_token: (0, options_2.getOptionValueFromConfigGracefully)(constants_1.OPTION_REFRESH_TOKEN),
+        authorization_flow: (0, options_2.getOptionValueFromConfigGracefully)(constants_1.OPTION_AUTHORIZATION_FLOW),
         expires_in: expiresIn ? parseInt(expiresIn, 10) : undefined,
     });
 };
@@ -32,5 +33,6 @@ const create = () => (0, next_1.create)("handler.authentication.oauth.secretsPro
     constants_1.OPTION_TOKEN_URL,
     constants_1.OPTION_REFRESH_TOKEN,
     constants_1.OPTION_EXPIRES_IN,
+    constants_1.OPTION_AUTHORIZATION_FLOW,
 ]))), setOAuthFromOptions);
 exports.create = create;

package/commands/handler/authentication/oauth/tokenProvider/getToken.js

@@ -5,6 +5,7 @@ const next_1 = require("../../../next");
 const options_1 = require("../../../options");
 const constants_1 = require("../../../../../constants");
 const logger_1 = require("../../../../../logger");
+const types_1 = require("../../../../../types");
 const utils_1 = require("../utils");
 const utils_2 = require("./utils");
 const SecretsStorageSingleton_1 = require("../../../../../cache/secrets/SecretsStorageSingleton");
@@ -15,12 +16,17 @@ const handler = async () => async () => {
     const secrets = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
     if (!secrets.access_token && !secrets.refresh_token) {
         debug("access token not available, retrieving token from server");
-        const code = await (0, utils_2.getCode)(secrets.authorization_url, secrets.client_id);
-        debug("code received, reading token");
-        await (0, utils_1.readToken)({
-            code,
-            grant_type: "authorization_code",
-        });
+        if (secrets.authorization_flow === types_1.GrantType.authorization_code) {
+            const code = await (0, utils_2.getCode)(secrets.authorization_url, secrets.client_id);
+            debug("code received, reading token");
+            await (0, utils_1.readToken)({ code, grant_type: secrets.authorization_flow });
+        }
+        else if (secrets.authorization_flow === types_1.GrantType.client_credentials) {
+            await (0, utils_1.readToken)({ grant_type: secrets.authorization_flow });
+        }
+        else {
+            throw new Error(`invalid grant type ${secrets.authorization_flow}`);
+        }
     }
     else if (secrets.access_token) {
         debug("token available");

package/commands/handler/authentication/oauth/tokenProvider/utils.js

@@ -11,21 +11,29 @@ const options_1 = require("../../../../../utils/options");
 const SecretsStorageSingleton_1 = require("../../../../../cache/secrets/SecretsStorageSingleton");
 const openUtils_1 = require("../../../../../utils/openUtils");
 const utils_2 = require("../../../../../logger/utils");
+const types_1 = require("../../../../../types");
 const getLogger = () => (0, logger_1.get)("commands.handler.authentication.oauth.tokenProvider.utils.refreshToken");
 const refreshToken = async (forceRefresh = false) => {
     const logger = getLogger();
     const secrets = await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.getDefaultSecret();
-    if ((!forceRefresh && !secrets.expires_after) || !secrets.refresh_token) {
+    if ((!forceRefresh && !secrets.expires_after) ||
+        (secrets.authorization_flow === types_1.GrantType.authorization_code &&
+            !secrets.refresh_token)) {
         (0, utils_2.logVerbose)(logger, "Access token cannot be refreshed. Is the refresh token available?");
         throw new Error("invalid secrets information");
     }
     logger.info("checking token expiry date");
     if (forceRefresh || (0, utils_1.isExpired)(secrets.expires_after)) {
         logger.debug("access token is expired, refreshing token");
-        await (0, utils_1.readToken)({
-            refresh_token: secrets.refresh_token,
-            grant_type: "refresh_token",
-        });
+        if (secrets.authorization_flow === types_1.GrantType.client_credentials) {
+            await (0, utils_1.readToken)({ grant_type: secrets.authorization_flow });
+        }
+        else {
+            await (0, utils_1.readToken)({
+                refresh_token: secrets.refresh_token,
+                grant_type: types_1.GrantType.refresh_token,
+            });
+        }
         await (0, setAuthorization_1.updateAuthorization)();
     }
     else {

package/commands/handler/authentication/oauth/utils.d.ts

@@ -1,9 +1,12 @@
+import { GrantType } from "../../../../types";
 type Data = {
-    grant_type: "refresh_token";
+    grant_type: GrantType.refresh_token;
     refresh_token: string;
 } | {
-    grant_type: "authorization_code";
+    grant_type: GrantType.authorization_code;
     code: string;
+} | {
+    grant_type: GrantType.client_credentials;
 };
 export declare const calculateExpiresAfter: (expires_in: number) => number;
 export declare const isExpired: (expires_after: number) => boolean;

package/commands/handler/authentication/oauth/utils.js

@@ -45,6 +45,7 @@ const readToken = async (data) => {
     })).data;
     logger.debug(`token received: ${JSON.stringify(info, null, 2)}`);
     await SecretsStorageSingleton_1.SecretsStorageSingleton.SINGLETON.storeSecret({
+        ...secrets,
         ...info,
         expires_after: (0, exports.calculateExpiresAfter)(info.expires_in),
     });

package/commands/handler/authentication/technicalJWT/utils.js

@@ -11,6 +11,7 @@ const config_1 = require("../../../../config");
 const logger_1 = require("../../../../logger");
 const http_1 = require("../../../../utils/http");
 const types_1 = require("./types");
+const types_2 = require("../../../../types");
 const getLogger = () => (0, logger_1.get)("commands.handler.authentication.technicalJWT.utils");
 // eslint-disable-next-line @typescript-eslint/no-var-requires, import/extensions
 const cf = require("./cf.js");
@@ -56,7 +57,7 @@ const getTechnicalJwt = async () => {
         url: `${secret.uaaUrl}/oauth/token`,
         headers: { "Content-Type": "application/x-www-form-urlencoded" },
         data: new url_1.URLSearchParams({
-            grant_type: "client_credentials",
+            grant_type: types_2.GrantType.client_credentials,
             response_type: "token",
             client_id: secret.clientid,
             client_secret: secret.clientsecret,

package/commands/handler/fetch/fetch.js

@@ -18,7 +18,7 @@ const REDIRECT_WITHOUT_CHANGE = [307, 308];
 const fetchData = async (method, path, parameterMappings, responsePostProcessor) => {
     const config = (0, config_1.get)();
     (0, utils_1.checkConfiguration)(config);
-    const conf = (0, utils_1.buildHttpConfig)(method, path, parameterMappings);
+    const conf = await (0, utils_1.buildHttpConfig)(method, path, parameterMappings);
     const response = await (0, http_1.fetch)(conf);
     removeCsrfTokenFromConfig();
     await (0, utils_1.handleResponse)(response.data, response.headers);

package/commands/handler/fetch/utils.d.ts

@@ -23,4 +23,4 @@ export declare const handleResponseData: (data: any, outputPath?: string) => Pro
 export declare function handleResponseHeaders(headers: RawAxiosResponseHeaders | AxiosResponseHeaders): void;
 export declare const handleResponse: (data: any, headers?: RawAxiosResponseHeaders | AxiosResponseHeaders) => Promise<void>;
 export declare const configRequiresBody: (method: HTTPMethod) => boolean;
-export declare const buildHttpConfig: (method: HTTPMethod, path: string, parameterMappings?: ParameterMappings) => HTTPConfig;
+export declare const buildHttpConfig: (method: HTTPMethod, path: string, parameterMappings?: ParameterMappings) => Promise<HTTPConfig>;

package/commands/handler/fetch/utils.js

@@ -211,7 +211,7 @@ const handleResponse = async (data, headers) => {
 exports.handleResponse = handleResponse;
 const configRequiresBody = (method) => ["POST", "PUT", "PATCH"].includes(method.toUpperCase());
 exports.configRequiresBody = configRequiresBody;
-const buildHttpConfig = (method, path, parameterMappings) => {
+const buildHttpConfig = async (method, path, parameterMappings) => {
     const config = (0, config_1.get)();
     const { url, body, headers } = (0, exports.buildParameters)(path, parameterMappings);
     const httpConfig = {

package/commands/handler/input/input.js

@@ -31,7 +31,12 @@ const create = () => async (command) => {
         }
         logger.debug("reading request body from data");
         try {
-            (0, config_1.set)({ data: JSON.parse(input) });
+            (0, config_1.set)({
+                data: {
+                    type: "json",
+                    content: JSON.parse(input),
+                },
+            });
         }
         catch (err) {
             (0, utils_1.logVerbose)(logger, "Failed to parse input data. Is it a valid escaped JSON string?");

package/commands/login.command.js

@@ -58,6 +58,7 @@ const loginCommand = {
             choices: utils_4.getBrowserChoices,
             default: openUtils_1.getDefaultBrowser,
         },
+        { ...constants_1.OPTION_AUTHORIZATION_FLOW, hidden: false },
     ]), (0, handler_1.createMandatoryOptionsHandler)(), exports.verifyHost, (0, handler_1.createOauthHandler)(), initializeCache),
 };
 exports.default = loginCommand;

package/constants.d.ts

@@ -59,3 +59,4 @@ export declare const OPTION_OPTIONS_FILE: Option;
 export declare const OPTION_FILE_PATH: Option;
 export declare const OPTION_INPUT: Option;
 export declare const OPTION_BROWSER: Option;
+export declare const OPTION_AUTHORIZATION_FLOW: Option;

package/constants.js

@@ -3,8 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OPTION_BROWSER = exports.OPTION_INPUT = exports.OPTION_FILE_PATH = exports.OPTION_OPTIONS_FILE = exports.CONFIG_PASSCODE_FUNCTION = exports.OPTION_PASSCODE = exports.OPTION_CODE = exports.OPTION_SECRETS_FILE = exports.OPTION_EXPIRES_IN = exports.OPTION_REFRESH_TOKEN = exports.OPTION_ACCESS_TOKEN = exports.OPTION_TOKEN_URL = exports.OPTION_AUTHORIZATION_URL = exports.OPTION_CLIENT_SECRET = exports.OPTION_CLIENT_ID = exports.OPTION_FORCE = exports.OPTION_VERBOSE = exports.OPTION_NO_PRETTY = exports.OPTION_OUTPUT = exports.OPTION_LOGIN_ID = exports.OPTION_HOST = exports.OPTION_HELP = exports.OPTION_VERSION = exports.CACHE_SECRETS_FILE = exports.PATH_TO_ERROR_HTML = exports.PATH_TO_SUCCESS_HTML = exports.X_OUTPUT_FILE_NAME = exports.X_DSP_API_DEPRECATED_PROPERTIES = exports.X_CSRF_TOKEN = exports.DISCOVERY_METADATA_PATH = exports.SEGMENTS_TO_REMOVE_FOR_PASSCODE_AUTH = exports.CLI_GENERIC_OPTIONS_HELP = exports.CLI_SUPPORTED_AUTHENTICATION_METHODS = exports.CLI_DEPRECATION_MESSAGE = exports.CLI_DEPRECATED = exports.CLI_VERSION = exports.CLI_SAP_HELP = exports.CLI_DISCOVERY_PATHS = exports.CLI_DESCRIPTION = exports.CLI_PACKAGE_NAME = exports.CLI_NAME = exports.ROOT_COMMAND = exports.AuthenticationMethod = exports.DISCOVERY_DOCUMENT_PREFIX = exports.VERSION = void 0;
+exports.OPTION_AUTHORIZATION_FLOW = exports.OPTION_BROWSER = exports.OPTION_INPUT = exports.OPTION_FILE_PATH = exports.OPTION_OPTIONS_FILE = exports.CONFIG_PASSCODE_FUNCTION = exports.OPTION_PASSCODE = exports.OPTION_CODE = exports.OPTION_SECRETS_FILE = exports.OPTION_EXPIRES_IN = exports.OPTION_REFRESH_TOKEN = exports.OPTION_ACCESS_TOKEN = exports.OPTION_TOKEN_URL = exports.OPTION_AUTHORIZATION_URL = exports.OPTION_CLIENT_SECRET = exports.OPTION_CLIENT_ID = exports.OPTION_FORCE = exports.OPTION_VERBOSE = exports.OPTION_NO_PRETTY = exports.OPTION_OUTPUT = exports.OPTION_LOGIN_ID = exports.OPTION_HOST = exports.OPTION_HELP = exports.OPTION_VERSION = exports.CACHE_SECRETS_FILE = exports.PATH_TO_ERROR_HTML = exports.PATH_TO_SUCCESS_HTML = exports.X_OUTPUT_FILE_NAME = exports.X_DSP_API_DEPRECATED_PROPERTIES = exports.X_CSRF_TOKEN = exports.DISCOVERY_METADATA_PATH = exports.SEGMENTS_TO_REMOVE_FOR_PASSCODE_AUTH = exports.CLI_GENERIC_OPTIONS_HELP = exports.CLI_SUPPORTED_AUTHENTICATION_METHODS = exports.CLI_DEPRECATION_MESSAGE = exports.CLI_DEPRECATED = exports.CLI_VERSION = exports.CLI_SAP_HELP = exports.CLI_DISCOVERY_PATHS = exports.CLI_DESCRIPTION = exports.CLI_PACKAGE_NAME = exports.CLI_NAME = exports.ROOT_COMMAND = exports.AuthenticationMethod = exports.DISCOVERY_DOCUMENT_PREFIX = exports.VERSION = void 0;
 const path_1 = __importDefault(require("path"));
+const types_1 = require("./types");
 const utils_1 = require("./utils/utils");
 exports.VERSION = (0, utils_1.getVersion)();
 exports.DISCOVERY_DOCUMENT_PREFIX = "discovery-";
@@ -214,3 +215,15 @@ exports.OPTION_BROWSER = {
         type: "select",
     },
 };
+exports.OPTION_AUTHORIZATION_FLOW = {
+    longName: "authorization-flow",
+    description: "specifies the authorization flow to use",
+    args: [{ name: "authorization-flow" }],
+    choices: [
+        types_1.GrantType.authorization_code,
+        types_1.GrantType.client_credentials,
+    ],
+    default: types_1.GrantType.authorization_code,
+    required: true,
+    hidden: true,
+};

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@sap/cli-core",
-  "version": "2024.22.0",
+  "version": "2024.24.0",
   "description": "Command-Line Interface (CLI) Core Module",
   "license": "SEE LICENSE IN LICENSE",
   "author": "SAP SE",
   "homepage": "https://www.sap.com",
   "main": "index.js",
   "engines": {
-    "node": "^18 || ^19 || ^20 || ^21",
+    "node": "^18 || ^19 || ^20 || ^21 || ^22",
     "npm": "^9 || ^10"
   },
   "keywords": [
@@ -23,7 +23,7 @@
     "compare-versions": "6.1.1",
     "config": "3.3.12",
     "dotenv": "16.4.5",
-    "form-data": "4.0.0",
+    "form-data": "4.0.1",
     "fs-extra": "11.2.0",
     "https": "1.0.0",
     "https-proxy-agent": "7.0.5",

package/types.d.ts

@@ -16,6 +16,7 @@ export type Secret = {
     jti: string;
     scope: string;
     id_token: string;
+    authorization_flow: GrantType;
 };
 export declare const ALLOWED_SECRET_TYPES: string[];
 export { HTTPMethod, HTTPConfig, HTTPResponse };
@@ -211,3 +212,8 @@ export type DeprecatedProperties = Array<{
 export type Command = TopCommand | LeafCommand;
 export type AddCommands = (program: CommandType) => Promise<void>;
 export type ResponsePostProcessor = (response: HTTPResponse) => Promise<void>;
+export declare enum GrantType {
+    authorization_code = "authorization_code",
+    client_credentials = "client_credentials",
+    refresh_token = "refresh_token"
+}

package/types.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CHARACTERS = exports.LogLevel = exports.ALLOWED_SECRET_TYPES = void 0;
+exports.GrantType = exports.CHARACTERS = exports.LogLevel = exports.ALLOWED_SECRET_TYPES = void 0;
 // unfortunately there does not seem to be a good solution to automatically
 // create the below array from a statically defined type. Thus, the array must
 // always be kept in sync with the type Secret defined above.
@@ -20,6 +20,7 @@ exports.ALLOWED_SECRET_TYPES = [
     "jti",
     "scope",
     "id_token",
+    "authorization_flow",
 ];
 var LogLevel;
 (function (LogLevel) {
@@ -85,3 +86,9 @@ exports.CHARACTERS = [
     "Y",
     "Z",
 ];
+var GrantType;
+(function (GrantType) {
+    GrantType["authorization_code"] = "authorization_code";
+    GrantType["client_credentials"] = "client_credentials";
+    GrantType["refresh_token"] = "refresh_token";
+})(GrantType || (exports.GrantType = GrantType = {}));

package/utils/utils.d.ts

@@ -15,6 +15,7 @@ export declare const getEngines: (cwd?: string) => PackageJson["engines"];
 export declare const getBin: (cwd?: string) => string;
 export declare const removeScopeFromPackageName: (packageName: string) => string;
 export declare const parseTenant: (tenant: string) => string;
+export declare function isValidURL(url: string): boolean;
 export declare const getInfoFromTenant: (tenant: string, verbose: boolean, printOutput?: boolean) => {
     host: string;
     publicfqdn: string;

package/utils/utils.js

@@ -28,6 +28,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.toConstantCase = exports.sha256 = exports.getInfoFromTenant = exports.parseTenant = exports.removeScopeFromPackageName = exports.getBin = exports.getEngines = exports.getDescription = exports.getPackageName = exports.getName = exports.getVersion = exports.readPackageJson = exports.requireFile = exports.parseVersion = void 0;
 exports.buildOptionName = buildOptionName;
+exports.isValidURL = isValidURL;
 exports.removeQueryParametersFromUrl = removeQueryParametersFromUrl;
 const crypto = __importStar(require("crypto"));
 const path_1 = __importDefault(require("path"));
@@ -124,6 +125,19 @@ const parseTenant = (tenant) => {
     return new URL(t).host;
 };
 exports.parseTenant = parseTenant;
+function isValidURL(url) {
+    const { debug, error } = getLogger();
+    try {
+        // eslint-disable-next-line no-new
+        new URL(url);
+        debug(`url ${url} is valid`);
+        return true;
+    }
+    catch (err) {
+        error(`url ${url} is no valid url`, err);
+        return false;
+    }
+}
 const getInfoFromTenant = (tenant, verbose, printOutput = true) => {
     let protocol;
     try {