@zapier/zapier-sdk 0.18.4 → 0.19.0

package/dist/index.cjs

@@ -58,6 +58,14 @@ function isPositional(schema) {
 // src/constants.ts
 var ZAPIER_BASE_URL = process.env.ZAPIER_BASE_URL || "https://zapier.com";
 var MAX_PAGE_LIMIT = 1e4;
+var ZAPIER_CREDENTIALS = process.env.ZAPIER_CREDENTIALS;
+var ZAPIER_CREDENTIALS_CLIENT_ID = process.env.ZAPIER_CREDENTIALS_CLIENT_ID;
+var ZAPIER_CREDENTIALS_CLIENT_SECRET = process.env.ZAPIER_CREDENTIALS_CLIENT_SECRET;
+var ZAPIER_CREDENTIALS_BASE_URL = process.env.ZAPIER_CREDENTIALS_BASE_URL;
+var ZAPIER_CREDENTIALS_SCOPE = process.env.ZAPIER_CREDENTIALS_SCOPE;
+var ZAPIER_TOKEN = process.env.ZAPIER_TOKEN;
+var ZAPIER_AUTH_BASE_URL = process.env.ZAPIER_AUTH_BASE_URL;
+var ZAPIER_AUTH_CLIENT_ID = process.env.ZAPIER_AUTH_CLIENT_ID;
 
 // src/types/properties.ts
 var AppKeyPropertySchema = withPositional(
@@ -2109,6 +2117,9 @@ var listAuthenticationsPlugin = ({ context }) => {
     if (options.owner) {
       searchParams.owner = options.owner;
     }
+    if (options.isExpired !== void 0) {
+      searchParams.isExpired = options.isExpired.toString();
+    }
     if (options.cursor) {
       searchParams.offset = options.cursor;
     }
@@ -2290,14 +2301,14 @@ var getAuthenticationPlugin = ({ context }) => {
     }
   };
 };
-var FindFirstAuthenticationSchema = zod.z.object({
-  appKey: AppKeyPropertySchema.optional().describe(
-    "App key of authentication to find (e.g., 'SlackCLIAPI' or slug like 'github')"
-  ),
-  search: zod.z.string().optional().describe("Search term to filter authentications by title"),
-  title: zod.z.string().optional().describe("Filter authentications by exact title match"),
-  accountId: zod.z.string().optional().describe("Filter by account ID"),
-  owner: zod.z.string().optional().describe("Filter by owner")
+
+// src/plugins/findFirstAuthentication/schemas.ts
+var FindFirstAuthenticationSchema = ListAuthenticationsQuerySchema.omit({
+  authenticationIds: true,
+  pageSize: true,
+  maxItems: true,
+  cursor: true,
+  _telemetry: true
 }).describe("Find the first authentication matching the criteria");
 
 // src/plugins/findFirstAuthentication/index.ts
@@ -2341,14 +2352,14 @@ var findFirstAuthenticationPlugin = ({ sdk, context }) => {
     }
   };
 };
-var FindUniqueAuthenticationSchema = zod.z.object({
-  appKey: AppKeyPropertySchema.optional().describe(
-    "App key of authentication to find (e.g., 'SlackCLIAPI' or slug like 'github')"
-  ),
-  search: zod.z.string().optional().describe("Search term to filter authentications by title"),
-  title: zod.z.string().optional().describe("Filter authentications by exact title match"),
-  accountId: zod.z.string().optional().describe("Filter by account ID"),
-  owner: zod.z.string().optional().describe("Filter by owner")
+
+// src/plugins/findUniqueAuthentication/schemas.ts
+var FindUniqueAuthenticationSchema = ListAuthenticationsQuerySchema.omit({
+  authenticationIds: true,
+  pageSize: true,
+  maxItems: true,
+  cursor: true,
+  _telemetry: true
 }).describe("Find a unique authentication matching the criteria");
 
 // src/plugins/findUniqueAuthentication/index.ts
@@ -2751,8 +2762,11 @@ async function readManifestFromFile(filePath) {
     const resolvedPath = await resolve(filePath);
     const content = await readFile(resolvedPath);
     return parseManifestContent(content, resolvedPath);
-  } catch {
-    console.warn(`\u26A0\uFE0F Failed to read manifest from ${filePath}`);
+  } catch (error) {
+    const isFileNotFound = error && typeof error === "object" && "code" in error && error.code === "ENOENT" || error instanceof Error && error.message.includes("File not found");
+    if (!isFileNotFound) {
+      console.warn(`\u26A0\uFE0F Failed to read manifest from ${filePath}`);
+    }
     return null;
   }
 }
@@ -3465,36 +3479,29 @@ async function pollUntilComplete(options) {
   }
 }
 
-// src/auth.ts
-function getTokenFromEnv() {
-  return process.env.ZAPIER_TOKEN;
+// src/types/credentials.ts
+function isClientCredentials(credentials) {
+  return typeof credentials === "object" && credentials !== null && "clientId" in credentials && "clientSecret" in credentials;
 }
-async function getTokenFromCliLogin(options = {}) {
-  try {
-    const { getToken } = await import('@zapier/zapier-sdk-cli-login');
-    return await getToken(options);
-  } catch {
-    return void 0;
-  }
+function isPkceCredentials(credentials) {
+  return typeof credentials === "object" && credentials !== null && "clientId" in credentials && !("clientSecret" in credentials);
 }
-async function getTokenFromEnvOrConfig(options = {}) {
-  const envToken = getTokenFromEnv();
-  if (envToken) {
-    return envToken;
-  }
-  return getTokenFromCliLogin(options);
+function isCredentialsObject(credentials) {
+  return typeof credentials === "object" && credentials !== null && "clientId" in credentials;
 }
-async function resolveAuthToken(options = {}) {
-  if (options.token) {
-    return options.token;
-  }
-  if (options.getToken) {
-    const token = await options.getToken();
-    if (token) {
-      return token;
-    }
-  }
-  return getTokenFromEnvOrConfig(options);
+function isCredentialsFunction(credentials) {
+  return typeof credentials === "function";
+}
+
+// src/utils/logging.ts
+var loggedDeprecations = /* @__PURE__ */ new Set();
+function logDeprecation(message) {
+  if (loggedDeprecations.has(message)) return;
+  loggedDeprecations.add(message);
+  console.warn(`[zapier-sdk] Deprecation: ${message}`);
+}
+function resetDeprecationWarnings() {
+  loggedDeprecations.clear();
 }
 
 // src/utils/url-utils.ts
@@ -3543,6 +3550,278 @@ function getTrackingBaseUrl({
   return ZAPIER_BASE_URL;
 }
 
+// src/credentials.ts
+function deriveAuthBaseUrl(sdkBaseUrl) {
+  if (!sdkBaseUrl) return void 0;
+  return getZapierBaseUrl(sdkBaseUrl);
+}
+function normalizeCredentialsObject(obj, sdkBaseUrl) {
+  const resolvedBaseUrl = obj.baseUrl || deriveAuthBaseUrl(sdkBaseUrl);
+  if (obj.type === "client_credentials" || "clientSecret" in obj && obj.clientSecret) {
+    return {
+      type: "client_credentials",
+      clientId: obj.clientId,
+      clientSecret: obj.clientSecret,
+      baseUrl: resolvedBaseUrl,
+      scope: obj.scope
+    };
+  }
+  return {
+    type: "pkce",
+    clientId: obj.clientId,
+    baseUrl: resolvedBaseUrl,
+    scope: obj.scope
+  };
+}
+function resolveCredentialsFromEnv(sdkBaseUrl) {
+  if (ZAPIER_CREDENTIALS) {
+    return ZAPIER_CREDENTIALS;
+  }
+  if (ZAPIER_CREDENTIALS_CLIENT_ID) {
+    const resolvedBaseUrl = ZAPIER_CREDENTIALS_BASE_URL || deriveAuthBaseUrl(sdkBaseUrl);
+    if (ZAPIER_CREDENTIALS_CLIENT_SECRET) {
+      return {
+        type: "client_credentials",
+        clientId: ZAPIER_CREDENTIALS_CLIENT_ID,
+        clientSecret: ZAPIER_CREDENTIALS_CLIENT_SECRET,
+        baseUrl: resolvedBaseUrl,
+        scope: ZAPIER_CREDENTIALS_SCOPE
+      };
+    } else {
+      return {
+        type: "pkce",
+        clientId: ZAPIER_CREDENTIALS_CLIENT_ID,
+        baseUrl: resolvedBaseUrl,
+        scope: ZAPIER_CREDENTIALS_SCOPE
+      };
+    }
+  }
+  if (ZAPIER_TOKEN) {
+    logDeprecation(
+      "ZAPIER_TOKEN is deprecated. Use ZAPIER_CREDENTIALS instead."
+    );
+    return ZAPIER_TOKEN;
+  }
+  if (ZAPIER_AUTH_CLIENT_ID) {
+    logDeprecation(
+      "ZAPIER_AUTH_CLIENT_ID is deprecated. Use ZAPIER_CREDENTIALS_CLIENT_ID instead."
+    );
+    if (ZAPIER_AUTH_BASE_URL) {
+      logDeprecation(
+        "ZAPIER_AUTH_BASE_URL is deprecated. Use ZAPIER_CREDENTIALS_BASE_URL instead."
+      );
+    }
+    const resolvedBaseUrl = ZAPIER_AUTH_BASE_URL || deriveAuthBaseUrl(sdkBaseUrl);
+    return {
+      type: "pkce",
+      clientId: ZAPIER_AUTH_CLIENT_ID,
+      baseUrl: resolvedBaseUrl
+    };
+  }
+  return void 0;
+}
+async function resolveCredentials(options = {}) {
+  const { baseUrl } = options;
+  if (options.credentials !== void 0) {
+    if (isCredentialsFunction(options.credentials)) {
+      const resolved = await options.credentials();
+      if (typeof resolved === "function") {
+        throw new Error(
+          "Credentials function returned another function. Credentials functions must return a string or credentials object."
+        );
+      }
+      if (isCredentialsObject(resolved)) {
+        return normalizeCredentialsObject(resolved, baseUrl);
+      }
+      return resolved;
+    }
+    if (isCredentialsObject(options.credentials)) {
+      return normalizeCredentialsObject(options.credentials, baseUrl);
+    }
+    return options.credentials;
+  }
+  if (options.token !== void 0) {
+    logDeprecation(
+      "The `token` option is deprecated. Use `credentials` instead."
+    );
+    return options.token;
+  }
+  const envCredentials = resolveCredentialsFromEnv(baseUrl);
+  if (envCredentials !== void 0) {
+    return envCredentials;
+  }
+  return void 0;
+}
+function getBaseUrlFromCredentials(credentials) {
+  if (credentials && isCredentialsObject(credentials)) {
+    return credentials.baseUrl;
+  }
+  return void 0;
+}
+function getClientIdFromCredentials(credentials) {
+  if (credentials && isCredentialsObject(credentials)) {
+    return credentials.clientId;
+  }
+  return void 0;
+}
+
+// src/auth.ts
+var tokenCache = /* @__PURE__ */ new Map();
+var pendingExchanges = /* @__PURE__ */ new Map();
+function clearTokenCache() {
+  tokenCache.clear();
+  pendingExchanges.clear();
+}
+var TOKEN_EXPIRATION_BUFFER = 5 * 60 * 1e3;
+function getCachedToken(clientId) {
+  const cached = tokenCache.get(clientId);
+  if (!cached) return void 0;
+  if (cached.expiresAt > Date.now() + TOKEN_EXPIRATION_BUFFER) {
+    return cached.accessToken;
+  }
+  tokenCache.delete(clientId);
+  return void 0;
+}
+function cacheToken(clientId, accessToken, expiresIn) {
+  tokenCache.set(clientId, {
+    accessToken,
+    expiresAt: Date.now() + expiresIn * 1e3
+  });
+}
+function invalidateCachedToken(clientId) {
+  tokenCache.delete(clientId);
+}
+function getTokenEndpointUrl(baseUrl) {
+  const base = baseUrl || ZAPIER_BASE_URL;
+  return `${base}/oauth/token/`;
+}
+async function exchangeClientCredentials(options) {
+  const { clientId, clientSecret, baseUrl, scope, onEvent } = options;
+  const fetchFn = options.fetch || globalThis.fetch;
+  const tokenUrl = getTokenEndpointUrl(baseUrl);
+  onEvent?.({
+    type: "auth_exchanging",
+    payload: {
+      message: "Exchanging client credentials for token...",
+      operation: "client_credentials"
+    },
+    timestamp: Date.now()
+  });
+  const response = await fetchFn(tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams({
+      grant_type: "client_credentials",
+      client_id: clientId,
+      client_secret: clientSecret,
+      scope: scope || "external",
+      audience: "zapier.com"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    onEvent?.({
+      type: "auth_error",
+      payload: {
+        message: `Client credentials exchange failed: ${response.status}`,
+        error: errorText,
+        operation: "client_credentials"
+      },
+      timestamp: Date.now()
+    });
+    throw new Error(
+      `Client credentials exchange failed: ${response.status} ${response.statusText}`
+    );
+  }
+  const data = await response.json();
+  if (!data.access_token) {
+    throw new Error("Client credentials response missing access_token");
+  }
+  const expiresIn = data.expires_in || 3600;
+  cacheToken(clientId, data.access_token, expiresIn);
+  onEvent?.({
+    type: "auth_success",
+    payload: {
+      message: "Client credentials exchange successful",
+      operation: "client_credentials"
+    },
+    timestamp: Date.now()
+  });
+  return data.access_token;
+}
+async function getTokenFromCliLogin(options) {
+  try {
+    const cliLogin = await import('@zapier/zapier-sdk-cli-login');
+    return await cliLogin.getToken(options);
+  } catch {
+    return void 0;
+  }
+}
+async function resolveAuthToken(options = {}) {
+  const credentials = await resolveCredentials({
+    credentials: options.credentials,
+    token: options.token
+  });
+  if (credentials !== void 0) {
+    return resolveAuthTokenFromCredentials(credentials, options);
+  }
+  return getTokenFromCliLogin({
+    onEvent: options.onEvent,
+    fetch: options.fetch
+  });
+}
+async function resolveAuthTokenFromCredentials(credentials, options) {
+  if (typeof credentials === "string") {
+    return credentials;
+  }
+  if (isClientCredentials(credentials)) {
+    const { clientId } = credentials;
+    const cached = getCachedToken(clientId);
+    if (cached) {
+      return cached;
+    }
+    const pending = pendingExchanges.get(clientId);
+    if (pending) {
+      return pending;
+    }
+    const exchangePromise = exchangeClientCredentials({
+      clientId: credentials.clientId,
+      clientSecret: credentials.clientSecret,
+      baseUrl: credentials.baseUrl || options.baseUrl,
+      scope: credentials.scope,
+      fetch: options.fetch,
+      onEvent: options.onEvent
+    }).finally(() => {
+      pendingExchanges.delete(clientId);
+    });
+    pendingExchanges.set(clientId, exchangePromise);
+    return exchangePromise;
+  }
+  if (isPkceCredentials(credentials)) {
+    const storedToken = await getTokenFromCliLogin({
+      onEvent: options.onEvent,
+      fetch: options.fetch,
+      credentials
+    });
+    if (storedToken) {
+      return storedToken;
+    }
+    throw new Error(
+      "PKCE credentials require interactive login. Please run the 'login' command with the CLI first, or use client_credentials flow."
+    );
+  }
+  throw new Error("Unknown credentials type");
+}
+async function invalidateCredentialsToken(options) {
+  const resolved = await resolveCredentials(options);
+  const clientId = getClientIdFromCredentials(resolved);
+  if (clientId) {
+    invalidateCachedToken(clientId);
+  }
+}
+
 // src/api/client.ts
 var pathConfig = {
   // e.g. /relay -> https://sdkapi.zapier.com/api/v0/sdk/relay/...
@@ -3600,13 +3879,11 @@ var ZapierApiClient = class {
   // Helper to get a token from the different places it could be gotten
   async getAuthToken() {
     return resolveAuthToken({
+      credentials: this.options.credentials,
       token: this.options.token,
-      getToken: this.options.getToken,
       onEvent: this.options.onEvent,
       fetch: this.options.fetch,
-      baseUrl: this.options.baseUrl,
-      authBaseUrl: this.options.authBaseUrl,
-      authClientId: this.options.authClientId
+      baseUrl: this.options.baseUrl
     });
   }
   // Helper to handle responses
@@ -3644,10 +3921,16 @@ var ZapierApiClient = class {
     if (response.status === 401 || response.status === 403) {
       if (wasMissingAuthToken) {
         throw new ZapierAuthenticationError(
-          `Authentication required (HTTP ${response.status}). Please provide a token in options or set ZAPIER_TOKEN environment variable.`,
+          `Authentication required (HTTP ${response.status}). Please provide credentials in options or set ZAPIER_CREDENTIALS environment variable.`,
           errorOptions
         );
       }
+      if (response.status === 401) {
+        await invalidateCredentialsToken({
+          credentials: this.options.credentials,
+          token: this.options.token
+        });
+      }
       throw new ZapierAuthenticationError(message, errorOptions);
     }
     if (response.status === 400) {
@@ -3783,7 +4066,7 @@ var ZapierApiClient = class {
     if (options.authRequired) {
       if (headers.get("Authorization") == null && authToken == null) {
         throw new ZapierAuthenticationError(
-          `Authentication required but no token available. Please set ZAPIER_TOKEN, or run the 'login' command with the CLI.`
+          `Authentication required but no credentials available. Please set ZAPIER_CREDENTIALS, or run the 'login' command with the CLI.`
         );
       }
     }
@@ -3859,27 +4142,28 @@ var apiPlugin = (params) => {
   const {
     fetch: customFetch = globalThis.fetch,
     baseUrl = ZAPIER_BASE_URL,
-    authBaseUrl,
-    authClientId,
+    credentials,
     token,
-    getToken,
     onEvent,
     debug = false
   } = params.context.options;
   const api = createZapierApi({
     baseUrl,
-    authBaseUrl,
-    authClientId,
+    credentials,
     token,
-    getToken,
     debug,
     fetch: customFetch,
     onEvent
   });
   return {
     context: {
-      api
+      api,
       // Provide API client in context for other plugins to use
+      resolveCredentials: () => resolveCredentials({
+        credentials,
+        token,
+        baseUrl
+      })
     }
   };
 };
@@ -4473,7 +4757,7 @@ function getCpuTime() {
 
 // package.json
 var package_default = {
-  version: "0.18.4"};
+  version: "0.19.0"};
 
 // src/plugins/eventEmission/builders.ts
 function createBaseEvent(context = {}) {
@@ -4646,11 +4930,9 @@ var eventEmissionPlugin = ({ context }) => {
   const getUserContext = (async () => {
     try {
       const token = await resolveAuthToken({
+        credentials: context.options.credentials,
         token: context.options.token,
-        getToken: context.options.getToken,
         baseUrl: context.options.baseUrl,
-        authBaseUrl: context.options.authBaseUrl,
-        authClientId: context.options.authClientId,
         onEvent: context.options.onEvent,
         fetch: context.options.fetch
       });
@@ -4929,7 +5211,15 @@ exports.OutputPropertySchema = OutputPropertySchema;
 exports.ParamsPropertySchema = ParamsPropertySchema;
 exports.RelayFetchSchema = RelayFetchSchema;
 exports.RelayRequestSchema = RelayRequestSchema;
+exports.ZAPIER_AUTH_BASE_URL = ZAPIER_AUTH_BASE_URL;
+exports.ZAPIER_AUTH_CLIENT_ID = ZAPIER_AUTH_CLIENT_ID;
 exports.ZAPIER_BASE_URL = ZAPIER_BASE_URL;
+exports.ZAPIER_CREDENTIALS = ZAPIER_CREDENTIALS;
+exports.ZAPIER_CREDENTIALS_BASE_URL = ZAPIER_CREDENTIALS_BASE_URL;
+exports.ZAPIER_CREDENTIALS_CLIENT_ID = ZAPIER_CREDENTIALS_CLIENT_ID;
+exports.ZAPIER_CREDENTIALS_CLIENT_SECRET = ZAPIER_CREDENTIALS_CLIENT_SECRET;
+exports.ZAPIER_CREDENTIALS_SCOPE = ZAPIER_CREDENTIALS_SCOPE;
+exports.ZAPIER_TOKEN = ZAPIER_TOKEN;
 exports.ZapierActionError = ZapierActionError;
 exports.ZapierApiError = ZapierApiError;
 exports.ZapierAppNotFoundError = ZapierAppNotFoundError;
@@ -4954,6 +5244,7 @@ exports.buildApplicationLifecycleEvent = buildApplicationLifecycleEvent;
 exports.buildErrorEvent = buildErrorEvent;
 exports.buildErrorEventWithContext = buildErrorEventWithContext;
 exports.buildMethodCalledEvent = buildMethodCalledEvent;
+exports.clearTokenCache = clearTokenCache;
 exports.createBaseEvent = createBaseEvent;
 exports.createFunction = createFunction;
 exports.createSdk = createSdk;
@@ -4968,7 +5259,9 @@ exports.generateEventId = generateEventId;
 exports.getActionPlugin = getActionPlugin;
 exports.getAppPlugin = getAppPlugin;
 exports.getAuthenticationPlugin = getAuthenticationPlugin;
+exports.getBaseUrlFromCredentials = getBaseUrlFromCredentials;
 exports.getCiPlatform = getCiPlatform;
+exports.getClientIdFromCredentials = getClientIdFromCredentials;
 exports.getCpuTime = getCpuTime;
 exports.getCurrentTimestamp = getCurrentTimestamp;
 exports.getMemoryUsage = getMemoryUsage;
@@ -4978,22 +5271,30 @@ exports.getPreferredManifestEntryKey = getPreferredManifestEntryKey;
 exports.getProfilePlugin = getProfilePlugin;
 exports.getReleaseId = getReleaseId;
 exports.getTokenFromCliLogin = getTokenFromCliLogin;
-exports.getTokenFromEnv = getTokenFromEnv;
-exports.getTokenFromEnvOrConfig = getTokenFromEnvOrConfig;
 exports.inputFieldKeyResolver = inputFieldKeyResolver;
 exports.inputsAllOptionalResolver = inputsAllOptionalResolver;
 exports.inputsResolver = inputsResolver;
+exports.invalidateCachedToken = invalidateCachedToken;
+exports.invalidateCredentialsToken = invalidateCredentialsToken;
 exports.isCi = isCi;
+exports.isClientCredentials = isClientCredentials;
+exports.isCredentialsFunction = isCredentialsFunction;
+exports.isCredentialsObject = isCredentialsObject;
+exports.isPkceCredentials = isPkceCredentials;
 exports.isPositional = isPositional;
 exports.listActionsPlugin = listActionsPlugin;
 exports.listAppsPlugin = listAppsPlugin;
 exports.listAuthenticationsPlugin = listAuthenticationsPlugin;
 exports.listInputFieldsPlugin = listInputFieldsPlugin;
+exports.logDeprecation = logDeprecation;
 exports.manifestPlugin = manifestPlugin;
 exports.readManifestFromFile = readManifestFromFile;
 exports.registryPlugin = registryPlugin;
 exports.requestPlugin = requestPlugin;
+exports.resetDeprecationWarnings = resetDeprecationWarnings;
 exports.resolveAuthToken = resolveAuthToken;
+exports.resolveCredentials = resolveCredentials;
+exports.resolveCredentialsFromEnv = resolveCredentialsFromEnv;
 exports.runActionPlugin = runActionPlugin;
 exports.toSnakeCase = toSnakeCase;
 exports.toTitleCase = toTitleCase;