@trayio/cdk-cli 5.5.0 → 5.6.0

package/dist/lib/oauth2-token/types.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Shared types for OAuth2 token command
+ */
+export type AnyObject = Record<string, any>;
+export type FoundField = {
+    path: string[];
+    parent: AnyObject;
+    key: string;
+    value: any;
+};
+export type ClientAuthMethod = 'basic' | 'body' | 'both';
+export type OAuth2Config = {
+    tokenUrl: string;
+    authorizeUrl?: string;
+    deviceCodeUrl?: string;
+    clientId: string;
+    clientSecret?: string;
+    scope?: string;
+    audience?: string;
+    redirectUri?: string;
+    clientAuthMethod?: ClientAuthMethod;
+    disablePkce?: boolean;
+};
+export type TokenResponse = {
+    access_token: string;
+    refresh_token?: string;
+    expires_in?: number;
+    token_type?: string;
+};
+export type PkceChallenge = {
+    verifier: string;
+    challenge: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/lib/oauth2-token/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/oauth2-token/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAE5C,MAAM,MAAM,UAAU,GAAG;IACxB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,SAAS,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,GAAG,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAEzD,MAAM,MAAM,YAAY,GAAG;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,WAAW,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CAClB,CAAC"}

package/dist/lib/oauth2-token/types.js

@@ -0,0 +1,5 @@
+"use strict";
+/**
+ * Shared types for OAuth2 token command
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/lib/oauth2-token/utils/browser.d.ts

@@ -0,0 +1,2 @@
+export declare const openBrowser: (urlToOpen: string) => void;
+//# sourceMappingURL=browser.d.ts.map

package/dist/lib/oauth2-token/utils/browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/browser.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,WAAW,cAAe,MAAM,KAAG,IAW/C,CAAC"}

package/dist/lib/oauth2-token/utils/browser.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.openBrowser = void 0;
+/**
+ * Browser interaction utilities
+ */
+const child_process_1 = require("child_process");
+const openBrowser = (urlToOpen) => {
+    const { platform } = process;
+    let command = '';
+    if (platform === 'darwin') {
+        command = `open '${urlToOpen}'`;
+    }
+    else if (platform === 'win32') {
+        command = `start "" "${urlToOpen}"`;
+    }
+    else {
+        command = `xdg-open '${urlToOpen}'`;
+    }
+    (0, child_process_1.exec)(command);
+};
+exports.openBrowser = openBrowser;

package/dist/lib/oauth2-token/utils/crypto.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+import { PkceChallenge } from '../types';
+export declare const base64UrlEncode: (buffer: Buffer) => string;
+export declare const generatePkce: () => PkceChallenge;
+export declare const generateState: () => string;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/lib/oauth2-token/utils/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/crypto.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,eAAe,WAAY,MAAM,KAAG,MAK3B,CAAC;AAEvB,eAAO,MAAM,YAAY,QAAO,aAO/B,CAAC;AAEF,eAAO,MAAM,aAAa,QAAO,MACO,CAAC"}

package/dist/lib/oauth2-token/utils/crypto.js

@@ -0,0 +1,47 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateState = exports.generatePkce = exports.base64UrlEncode = void 0;
+/**
+ * Cryptographic utilities for OAuth2 (PKCE, state generation)
+ */
+const crypto = __importStar(require("crypto"));
+const base64UrlEncode = (buffer) => buffer
+    .toString('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_');
+exports.base64UrlEncode = base64UrlEncode;
+const generatePkce = () => {
+    const verifier = (0, exports.base64UrlEncode)(crypto.randomBytes(64));
+    const sha = crypto.createHash('sha256');
+    sha.update(verifier);
+    const digest = sha.digest();
+    const challenge = (0, exports.base64UrlEncode)(digest);
+    return { verifier, challenge };
+};
+exports.generatePkce = generatePkce;
+const generateState = () => (0, exports.base64UrlEncode)(crypto.randomBytes(16));
+exports.generateState = generateState;

package/dist/lib/oauth2-token/utils/env.d.ts

@@ -0,0 +1,7 @@
+export declare const loadEnvConfig: (envPath: string) => Promise<Record<string, string>>;
+/**
+ * Get value from environment variables with fallback keys
+ * Precedence: OAUTH2_* keys first, then fallback keys
+ */
+export declare const getEnvValue: (env: Record<string, string>, primaryKey: string, fallbackKey?: string) => string;
+//# sourceMappingURL=env.d.ts.map

package/dist/lib/oauth2-token/utils/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/env.ts"],"names":[],"mappings":"AA0BA,eAAO,MAAM,aAAa,YAChB,MAAM,KACb,QAAQ,OAAO,MAAM,EAAE,MAAM,CAAC,CAqBhC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,QAClB,OAAO,MAAM,EAAE,MAAM,CAAC,cACf,MAAM,gBACJ,MAAM,KAClB,MAQF,CAAC"}

package/dist/lib/oauth2-token/utils/env.js

@@ -0,0 +1,85 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getEnvValue = exports.loadEnvConfig = void 0;
+/**
+ * Environment configuration utilities
+ *
+ * Load environment variables from a .env file
+ * Expected .env file structure for OAuth2 configuration:
+ *
+ * # OAuth2 Configuration
+ * CLIENT_ID=your_client_id_here
+ * CLIENT_SECRET=your_client_secret_here
+ * TOKEN_URL=https://oauth.provider.com/token
+ * AUTHORIZE_URL=https://oauth.provider.com/authorize
+ * DEVICE_CODE_URL=https://oauth.provider.com/device_authorization
+ * REDIRECT_URI=http://localhost:3400/callback
+ * SCOPE="read write admin"
+ * AUDIENCE=https://api.provider.com
+ * REFRESH_TOKEN=your_refresh_token_here
+ * CLIENT_AUTH_METHOD=basic
+ *
+ * # Client Auth Method options:
+ * # - basic: Send credentials via HTTP Basic Auth header (required for Workday)
+ * # - body: Send credentials in request body (default, most common)
+ * # - both: Send credentials in both header and body
+ */
+const fs = __importStar(require("fs/promises"));
+const dotenv = __importStar(require("dotenv"));
+const loadEnvConfig = async (envPath) => {
+    try {
+        const envExists = await fs
+            .access(envPath)
+            .then(() => true)
+            .catch(() => false);
+        if (!envExists) {
+            return {};
+        }
+        const result = dotenv.config({ path: envPath });
+        if (result.error) {
+            throw result.error;
+        }
+        return result.parsed || {};
+    }
+    catch (error) {
+        // If .env file doesn't exist or can't be read, return empty config
+        // This allows the command to work without .env file
+        return {};
+    }
+};
+exports.loadEnvConfig = loadEnvConfig;
+/**
+ * Get value from environment variables with fallback keys
+ * Precedence: OAUTH2_* keys first, then fallback keys
+ */
+const getEnvValue = (env, primaryKey, fallbackKey) => {
+    const oauth2Key = `OAUTH2_${primaryKey}`;
+    return (env[oauth2Key] ||
+        (fallbackKey ? env[fallbackKey] : '') ||
+        env[primaryKey] ||
+        '');
+};
+exports.getEnvValue = getEnvValue;

package/dist/lib/oauth2-token/utils/file.d.ts

@@ -0,0 +1,4 @@
+import { AnyObject } from '../types';
+export declare const readJsonFile: (filePath: string) => Promise<AnyObject>;
+export declare const writeJsonFile: (filePath: string, data: AnyObject) => Promise<void>;
+//# sourceMappingURL=file.d.ts.map

package/dist/lib/oauth2-token/utils/file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/file.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,eAAO,MAAM,YAAY,aAAoB,MAAM,KAAG,QAAQ,SAAS,CAGtE,CAAC;AAEF,eAAO,MAAM,aAAa,aACf,MAAM,QACV,SAAS,KACb,QAAQ,IAAI,CAGd,CAAC"}

package/dist/lib/oauth2-token/utils/file.js

@@ -0,0 +1,40 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeJsonFile = exports.readJsonFile = void 0;
+/**
+ * File I/O utilities
+ */
+const fs = __importStar(require("fs/promises"));
+const readJsonFile = async (filePath) => {
+    const raw = await fs.readFile(filePath, 'utf-8');
+    return JSON.parse(raw);
+};
+exports.readJsonFile = readJsonFile;
+const writeJsonFile = async (filePath, data) => {
+    const content = `${JSON.stringify(data, null, 2)}\n`;
+    await fs.writeFile(filePath, content, 'utf-8');
+};
+exports.writeJsonFile = writeJsonFile;

package/dist/lib/oauth2-token/utils/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Utility functions
+ */
+export * from './json';
+export * from './file';
+export * from './crypto';
+export * from './browser';
+export * from './url';
+export * from './env';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/oauth2-token/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC;AACvB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,OAAO,CAAC;AACtB,cAAc,OAAO,CAAC"}

package/dist/lib/oauth2-token/utils/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Utility functions
+ */
+__exportStar(require("./json"), exports);
+__exportStar(require("./file"), exports);
+__exportStar(require("./crypto"), exports);
+__exportStar(require("./browser"), exports);
+__exportStar(require("./url"), exports);
+__exportStar(require("./env"), exports);

package/dist/lib/oauth2-token/utils/json.d.ts

@@ -0,0 +1,9 @@
+/**
+ * JSON and object manipulation utilities
+ */
+import * as O from 'fp-ts/Option';
+import { AnyObject, FoundField } from '../types';
+export declare const isObject: (val: unknown) => val is AnyObject;
+export declare const normalizeKey: (key: string) => string;
+export declare const findFirstByKeys: (obj: AnyObject, keys: string[]) => O.Option<FoundField>;
+//# sourceMappingURL=json.d.ts.map

package/dist/lib/oauth2-token/utils/json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/json.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEjD,eAAO,MAAM,QAAQ,QAAS,OAAO,qBAC0B,CAAC;AAEhE,eAAO,MAAM,YAAY,QAAS,MAAM,KAAG,MACJ,CAAC;AAExC,eAAO,MAAM,eAAe,QACtB,SAAS,QACR,MAAM,EAAE,KACZ,EAAE,MAAM,CAAC,UAAU,CAoBrB,CAAC"}

package/dist/lib/oauth2-token/utils/json.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findFirstByKeys = exports.normalizeKey = exports.isObject = void 0;
+/**
+ * JSON and object manipulation utilities
+ */
+const O = __importStar(require("fp-ts/Option"));
+const isObject = (val) => val !== null && typeof val === 'object' && !Array.isArray(val);
+exports.isObject = isObject;
+const normalizeKey = (key) => key.replace(/[-_]/g, '').toLowerCase();
+exports.normalizeKey = normalizeKey;
+const findFirstByKeys = (obj, keys) => {
+    const targetKeys = new Set(keys.map(exports.normalizeKey));
+    const dfs = (current, currentPath) => {
+        for (const [k, v] of Object.entries(current)) {
+            if (targetKeys.has((0, exports.normalizeKey)(k))) {
+                return O.some({ path: currentPath, parent: current, key: k, value: v });
+            }
+            if ((0, exports.isObject)(v)) {
+                const found = dfs(v, [...currentPath, k]);
+                if (O.isSome(found))
+                    return found;
+            }
+        }
+        return O.none;
+    };
+    return dfs(obj, []);
+};
+exports.findFirstByKeys = findFirstByKeys;

package/dist/lib/oauth2-token/utils/url.d.ts

@@ -0,0 +1,6 @@
+/**
+ * URL utilities
+ */
+export declare const isLocalhostRedirect: (redirectUri: string) => boolean;
+export declare const sleep: (ms: number) => Promise<void>;
+//# sourceMappingURL=url.d.ts.map

package/dist/lib/oauth2-token/utils/url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../../../src/lib/oauth2-token/utils/url.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,eAAO,MAAM,mBAAmB,gBAAiB,MAAM,KAAG,OAWzD,CAAC;AAEF,eAAO,MAAM,KAAK,OAAQ,MAAM,KAAG,QAAQ,IAAI,CAG5C,CAAC"}

package/dist/lib/oauth2-token/utils/url.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * URL utilities
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sleep = exports.isLocalhostRedirect = void 0;
+const isLocalhostRedirect = (redirectUri) => {
+    try {
+        const u = new URL(redirectUri);
+        return (u.hostname === 'localhost' ||
+            u.hostname === '127.0.0.1' ||
+            u.hostname === '[::1]');
+    }
+    catch {
+        return false;
+    }
+};
+exports.isLocalhostRedirect = isLocalhostRedirect;
+const sleep = (ms) => new Promise((resolve) => {
+    setTimeout(resolve, ms);
+});
+exports.sleep = sleep;

package/oclif.manifest.json

@@ -154,6 +154,155 @@
         "init.js"
       ]
     },
+    "connector:oauth2-token": {
+      "aliases": [],
+      "args": {},
+      "description": "Generate or refresh an OAuth2 token from .env and write it to src/test.ctx.json.",
+      "flags": {
+        "ctxPath": {
+          "char": "c",
+          "description": "Path to context JSON file",
+          "name": "ctxPath",
+          "default": "src/test.ctx.json",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "envPath": {
+          "char": "e",
+          "description": "Path to .env file for sensitive credentials",
+          "name": "envPath",
+          "default": ".env",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "grantType": {
+          "char": "g",
+          "description": "OAuth2 grant type to use (auto infers from context)",
+          "name": "grantType",
+          "default": "auto",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "options": [
+            "auto",
+            "client_credentials",
+            "authorization_code",
+            "device_code"
+          ],
+          "type": "option"
+        },
+        "refresh": {
+          "char": "r",
+          "description": "Use refresh token to get new access token",
+          "name": "refresh",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "authorizeUrl": {
+          "description": "Override authorization URL",
+          "name": "authorizeUrl",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "redirectUri": {
+          "description": "Override redirect URI for auth code",
+          "name": "redirectUri",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "deviceCodeUrl": {
+          "description": "Override device authorization URL",
+          "name": "deviceCodeUrl",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "openBrowser": {
+          "description": "Open browser for interactive flows",
+          "name": "openBrowser",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "tokenUrl": {
+          "description": "Override token URL",
+          "name": "tokenUrl",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "clientId": {
+          "description": "Override client ID",
+          "name": "clientId",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "clientSecret": {
+          "description": "Override client secret",
+          "name": "clientSecret",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "scope": {
+          "description": "Override scope (space-separated)",
+          "name": "scope",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "audience": {
+          "description": "Override audience",
+          "name": "audience",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "clientAuthMethod": {
+          "description": "Client authentication method: basic (header), body (form), or both (default: body for backwards compatibility)",
+          "name": "clientAuthMethod",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "options": [
+            "basic",
+            "body",
+            "both"
+          ],
+          "type": "option"
+        },
+        "disablePkce": {
+          "description": "Disable PKCE (Proof Key for Code Exchange) for providers that do not support it",
+          "name": "disablePkce",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "dryRun": {
+          "char": "n",
+          "description": "Do not write to file, just print the token JSON",
+          "name": "dryRun",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "connector:oauth2-token",
+      "pluginAlias": "@trayio/cdk-cli",
+      "pluginName": "@trayio/cdk-cli",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": false,
+      "relativePath": [
+        "dist",
+        "commands",
+        "connector",
+        "oauth2-token.js"
+      ]
+    },
     "connector:test": {
       "aliases": [],
       "args": {
@@ -535,5 +684,5 @@
       ]
     }
   },
-  "version": "5.5.0"
+  "version": "5.6.0"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trayio/cdk-cli",
-  "version": "5.5.0",
+  "version": "5.6.0",
   "description": "A CLI for connector development",
   "exports": {
     "./*": "./dist/*.js"
@@ -22,14 +22,15 @@
     "@oclif/plugin-version": "2.0.11",
     "@oclif/plugin-warn-if-update-available": "^3.1.4",
     "@oclif/test": "3.1.12",
-    "@trayio/axios": "5.5.0",
-    "@trayio/cdk-build": "5.5.0",
-    "@trayio/cdk-cli-commons": "5.5.0",
-    "@trayio/commons": "5.5.0",
-    "@trayio/generator": "5.5.0",
-    "@trayio/tray-client": "5.5.0",
-    "@trayio/tray-openapi": "5.5.0",
+    "@trayio/axios": "5.6.0",
+    "@trayio/cdk-build": "5.6.0",
+    "@trayio/cdk-cli-commons": "5.6.0",
+    "@trayio/commons": "5.6.0",
+    "@trayio/generator": "5.6.0",
+    "@trayio/tray-client": "5.6.0",
+    "@trayio/tray-openapi": "5.6.0",
     "chalk": "4.1.2",
+    "dotenv": "^16.0.0",
     "inquirer": "8.2.6"
   },
   "typesVersions": {
@@ -44,7 +45,8 @@
     "/bin",
     "/dist",
     "/oclif.manifest.json",
-    "/INTRODUCTION.md"
+    "/INTRODUCTION.md",
+    "/OAUTH2_TOKEN.md"
   ],
   "bin": {
     "tray-cdk": "./bin/run"