@winwinmbs/portal-api 1.0.0 → 2.0.0

package/dist/index.mjs

@@ -1953,8 +1953,8 @@ var PortalApiClient = class {
       timeout: config.timeout ?? 3e4,
       withCredentials: true
     });
-    this.axios.interceptors.request.use((cfg) => {
-      const token = config.getToken();
+    this.axios.interceptors.request.use(async (cfg) => {
+      const token = config.getToken ? await config.getToken() : null;
       if (token) cfg.headers.Authorization = `Bearer ${token}`;
       if (config.apiKey) cfg.headers["X-API-Key"] = config.apiKey;
       return cfg;
@@ -1992,6 +1992,78 @@ var PortalApiClient = class {
   }
 };
 
+// src/client-credentials.ts
+var ClientCredentialsTokenProvider = class {
+  constructor(config) {
+    this.config = config;
+    this.token = null;
+    this.expiresAtMs = 0;
+    this.inflight = null;
+    if (!config.clientId || !config.clientSecret) {
+      throw new Error("ClientCredentialsTokenProvider requires clientId and clientSecret");
+    }
+  }
+  /**
+   * Returns a valid access token, fetching or refreshing as needed. Safe to call
+   * on every request — cached until shortly before expiry. Concurrent calls
+   * share a single in-flight request.
+   */
+  async getAccessToken() {
+    const skewMs = (this.config.refreshSkewSeconds ?? 60) * 1e3;
+    if (this.token && Date.now() < this.expiresAtMs - skewMs) {
+      return this.token;
+    }
+    if (!this.inflight) {
+      this.inflight = this.fetchToken().finally(() => {
+        this.inflight = null;
+      });
+    }
+    return this.inflight;
+  }
+  /** Last cached token without triggering a fetch (may be stale or null). */
+  getCachedToken() {
+    return this.token;
+  }
+  /** Forget the cached token so the next `getAccessToken()` fetches a fresh one. */
+  reset() {
+    this.token = null;
+    this.expiresAtMs = 0;
+  }
+  async fetchToken() {
+    const fetchFn = this.config.fetchFn ?? globalThis.fetch;
+    if (typeof fetchFn !== "function") {
+      throw new Error("No fetch implementation available \u2014 pass config.fetchFn");
+    }
+    const endpoint = this.config.tokenEndpoint ?? `${this.config.apiUrl.replace(/\/$/, "")}/oauth/token`;
+    const body = {
+      grant_type: "client_credentials",
+      client_id: this.config.clientId,
+      client_secret: this.config.clientSecret
+    };
+    if (this.config.scope) body.scope = this.config.scope;
+    const res = await fetchFn(endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Accept: "application/json" },
+      body: JSON.stringify(body)
+    });
+    if (!res.ok) {
+      let detail = "";
+      try {
+        detail = JSON.stringify(await res.json());
+      } catch {
+      }
+      throw new Error(`client_credentials token request failed (HTTP ${res.status}) ${detail}`.trim());
+    }
+    const data = await res.json();
+    if (!data.access_token) {
+      throw new Error("client_credentials response did not include an access_token");
+    }
+    this.token = data.access_token;
+    this.expiresAtMs = Date.now() + (data.expires_in ?? 3600) * 1e3;
+    return this.token;
+  }
+};
+
 // ../../shared/src/enums/common.enums.ts
 var OrganizationType = /* @__PURE__ */ ((OrganizationType2) => {
   OrganizationType2["GROUP"] = "group";
@@ -2059,6 +2131,7 @@ var TodoPriority = /* @__PURE__ */ ((TodoPriority2) => {
 })(TodoPriority || {});
 export {
   ActorType,
+  ClientCredentialsTokenProvider,
   EmailAPI,
   EventCategory,
   EventLogApi,