@zapier/zapier-sdk 0.22.0 → 0.23.0

package/dist/index.mjs

@@ -2264,7 +2264,8 @@ var listClientCredentialsPlugin = ({ context }) => {
           }
           return void 0;
         },
-        authRequired: true
+        authRequired: true,
+        requiredScopes: ["credentials"]
       }
     );
     return response;
@@ -2321,7 +2322,8 @@ var createClientCredentialsPlugin = ({ context }) => {
           }
           return void 0;
         },
-        authRequired: true
+        authRequired: true,
+        requiredScopes: ["credentials"]
       }
     );
     return {
@@ -2379,7 +2381,8 @@ var deleteClientCredentialsPlugin = ({ context }) => {
         }
         return void 0;
       },
-      authRequired: true
+      authRequired: true,
+      requiredScopes: ["credentials"]
     });
     return {
       success: true
@@ -3795,21 +3798,27 @@ function deriveAuthBaseUrl(sdkBaseUrl) {
   return getZapierBaseUrl(sdkBaseUrl);
 }
 function normalizeCredentialsObject(obj, sdkBaseUrl) {
-  const resolvedBaseUrl = obj.baseUrl || deriveAuthBaseUrl(sdkBaseUrl);
-  if (obj.type === "client_credentials" || "clientSecret" in obj && obj.clientSecret) {
+  const merged = {
+    clientSecret: ZAPIER_CREDENTIALS_CLIENT_SECRET,
+    baseUrl: ZAPIER_CREDENTIALS_BASE_URL,
+    scope: ZAPIER_CREDENTIALS_SCOPE,
+    ...obj
+  };
+  const resolvedBaseUrl = merged.baseUrl || deriveAuthBaseUrl(sdkBaseUrl);
+  if (obj.type === "client_credentials" || "clientSecret" in merged && merged.clientSecret) {
     return {
       type: "client_credentials",
       clientId: obj.clientId,
-      clientSecret: obj.clientSecret,
+      clientSecret: merged.clientSecret,
       baseUrl: resolvedBaseUrl,
-      scope: obj.scope
+      scope: merged.scope
     };
   }
   return {
     type: "pkce",
     clientId: obj.clientId,
     baseUrl: resolvedBaseUrl,
-    scope: obj.scope
+    scope: merged.scope
   };
 }
 function resolveCredentialsFromEnv(sdkBaseUrl) {
@@ -3907,37 +3916,65 @@ function getClientIdFromCredentials(credentials) {
 // src/auth.ts
 var tokenCache = /* @__PURE__ */ new Map();
 var pendingExchanges = /* @__PURE__ */ new Map();
+function buildCacheKey(clientId, scopes) {
+  const sortedScopes = [...scopes].sort().join(",");
+  return `${clientId}:${sortedScopes}`;
+}
 function clearTokenCache() {
   tokenCache.clear();
   pendingExchanges.clear();
 }
 var TOKEN_EXPIRATION_BUFFER = 5 * 60 * 1e3;
-function getCachedToken(clientId) {
-  const cached = tokenCache.get(clientId);
+function getCachedToken(clientId, scopes) {
+  const cacheKey = buildCacheKey(clientId, scopes);
+  const cached = tokenCache.get(cacheKey);
   if (!cached) return void 0;
   if (cached.expiresAt > Date.now() + TOKEN_EXPIRATION_BUFFER) {
     return cached.accessToken;
   }
-  tokenCache.delete(clientId);
+  tokenCache.delete(cacheKey);
   return void 0;
 }
-function cacheToken(clientId, accessToken, expiresIn) {
-  tokenCache.set(clientId, {
+function cacheToken(clientId, scopes, accessToken, expiresIn) {
+  const cacheKey = buildCacheKey(clientId, scopes);
+  tokenCache.set(cacheKey, {
     accessToken,
     expiresAt: Date.now() + expiresIn * 1e3
   });
 }
-function invalidateCachedToken(clientId) {
-  tokenCache.delete(clientId);
+function invalidateCachedToken(clientId, scopes) {
+  const cacheKey = buildCacheKey(clientId, scopes);
+  tokenCache.delete(cacheKey);
+  pendingExchanges.delete(cacheKey);
 }
 function getTokenEndpointUrl(baseUrl) {
   const base = baseUrl || ZAPIER_BASE_URL;
   return `${base}/oauth/token/`;
 }
+function mergeScopes(credentialsScope, requiredScopes) {
+  const scopeSet = /* @__PURE__ */ new Set();
+  if (credentialsScope) {
+    for (const s of credentialsScope.split(" ")) {
+      if (s.trim()) {
+        scopeSet.add(s.trim());
+      }
+    }
+  } else {
+    scopeSet.add("external");
+  }
+  if (requiredScopes) {
+    for (const s of requiredScopes) {
+      scopeSet.add(s);
+    }
+  }
+  return [...scopeSet].sort();
+}
 async function exchangeClientCredentials(options) {
-  const { clientId, clientSecret, baseUrl, scope, onEvent } = options;
+  const { clientId, clientSecret, baseUrl, scope, requiredScopes, onEvent } = options;
   const fetchFn = options.fetch || globalThis.fetch;
   const tokenUrl = getTokenEndpointUrl(baseUrl);
+  const mergedScopes = mergeScopes(scope, requiredScopes);
+  const scopeString = mergedScopes.join(" ");
   onEvent?.({
     type: "auth_exchanging",
     payload: {
@@ -3955,7 +3992,7 @@ async function exchangeClientCredentials(options) {
       grant_type: "client_credentials",
       client_id: clientId,
       client_secret: clientSecret,
-      scope: scope || "external",
+      scope: scopeString,
       audience: "zapier.com"
     })
   });
@@ -3979,7 +4016,7 @@ async function exchangeClientCredentials(options) {
     throw new Error("Client credentials response missing access_token");
   }
   const expiresIn = data.expires_in || 3600;
-  cacheToken(clientId, data.access_token, expiresIn);
+  cacheToken(clientId, mergedScopes, data.access_token, expiresIn);
   onEvent?.({
     type: "auth_success",
     payload: {
@@ -4009,7 +4046,8 @@ async function resolveAuthToken(options = {}) {
   }
   return getTokenFromCliLogin({
     onEvent: options.onEvent,
-    fetch: options.fetch
+    fetch: options.fetch,
+    debug: options.debug
   });
 }
 async function resolveAuthTokenFromCredentials(credentials, options) {
@@ -4018,11 +4056,13 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
   }
   if (isClientCredentials(credentials)) {
     const { clientId } = credentials;
-    const cached = getCachedToken(clientId);
+    const mergedScopes = mergeScopes(credentials.scope, options.requiredScopes);
+    const cacheKey = buildCacheKey(clientId, mergedScopes);
+    const cached = getCachedToken(clientId, mergedScopes);
     if (cached) {
       return cached;
     }
-    const pending = pendingExchanges.get(clientId);
+    const pending = pendingExchanges.get(cacheKey);
     if (pending) {
       return pending;
     }
@@ -4031,19 +4071,21 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
       clientSecret: credentials.clientSecret,
       baseUrl: credentials.baseUrl || options.baseUrl,
       scope: credentials.scope,
+      requiredScopes: options.requiredScopes,
       fetch: options.fetch,
       onEvent: options.onEvent
     }).finally(() => {
-      pendingExchanges.delete(clientId);
+      pendingExchanges.delete(cacheKey);
     });
-    pendingExchanges.set(clientId, exchangePromise);
+    pendingExchanges.set(cacheKey, exchangePromise);
     return exchangePromise;
   }
   if (isPkceCredentials(credentials)) {
     const storedToken = await getTokenFromCliLogin({
       onEvent: options.onEvent,
       fetch: options.fetch,
-      credentials
+      credentials,
+      debug: options.debug
     });
     if (storedToken) {
       return storedToken;
@@ -4056,9 +4098,11 @@ async function resolveAuthTokenFromCredentials(credentials, options) {
 }
 async function invalidateCredentialsToken(options) {
   const resolved = await resolveCredentials(options);
+  if (!resolved) return;
   const clientId = getClientIdFromCredentials(resolved);
-  if (clientId) {
-    invalidateCachedToken(clientId);
+  if (clientId && isClientCredentials(resolved)) {
+    const scopes = mergeScopes(resolved.scope, options.requiredScopes);
+    invalidateCachedToken(clientId, scopes);
   }
 }
 
@@ -4118,18 +4162,25 @@ var ZapierApiClient = class {
     }
   }
   // Helper to get a token from the different places it could be gotten
-  async getAuthToken() {
+  async getAuthToken(options) {
     return resolveAuthToken({
       credentials: this.options.credentials,
       token: this.options.token,
       onEvent: this.options.onEvent,
       fetch: this.options.fetch,
-      baseUrl: this.options.baseUrl
+      baseUrl: this.options.baseUrl,
+      requiredScopes: options?.requiredScopes,
+      debug: this.options.debug
     });
   }
   // Helper to handle responses
   async handleResponse(params) {
-    const { response, customErrorHandler, wasMissingAuthToken } = params;
+    const {
+      response,
+      customErrorHandler,
+      wasMissingAuthToken,
+      requiredScopes
+    } = params;
     const { data: responseData } = await this.parseResult(response);
     if (response.ok) {
       return responseData;
@@ -4169,7 +4220,8 @@ var ZapierApiClient = class {
       if (response.status === 401) {
         await invalidateCredentialsToken({
           credentials: this.options.credentials,
-          token: this.options.token
+          token: this.options.token,
+          requiredScopes
         });
       }
       throw new ZapierAuthenticationError(message, errorOptions);
@@ -4265,24 +4317,24 @@ var ZapierApiClient = class {
       (configPath) => path === configPath || path.startsWith(configPath + "/")
     );
     const config = matchingPathKey ? pathConfig[matchingPathKey] : void 0;
+    let finalPath = path;
+    if (config && "pathPrefix" in config && config.pathPrefix && matchingPathKey) {
+      const pathWithoutPrefix = path.slice(matchingPathKey.length) || "/";
+      finalPath = `${config.pathPrefix}${pathWithoutPrefix}`;
+    }
     const zapierBaseUrl = getZapierBaseUrl(this.options.baseUrl);
     if (zapierBaseUrl === this.options.baseUrl) {
       const originalBaseUrl = new URL(this.options.baseUrl);
       const finalBaseUrl = `https://sdkapi.${originalBaseUrl.hostname}`;
-      let finalPath = path;
-      if (config && "pathPrefix" in config && config.pathPrefix && matchingPathKey) {
-        const pathWithoutPrefix = path.slice(matchingPathKey.length) || "/";
-        finalPath = `${config.pathPrefix}${pathWithoutPrefix}`;
-      }
       return {
         url: new URL(finalPath, finalBaseUrl),
         pathConfig: config
       };
     }
     const baseUrl = new URL(this.options.baseUrl);
-    const fullPath = baseUrl.pathname.replace(/\/$/, "") + path;
+    const basePath = baseUrl.pathname.replace(/\/$/, "");
     return {
-      url: new URL(fullPath, baseUrl.origin),
+      url: new URL(basePath + finalPath, baseUrl.origin),
       pathConfig: config
     };
   }
@@ -4299,7 +4351,9 @@ var ZapierApiClient = class {
   // Helper to build headers
   async buildHeaders(options = {}, pathConfig2) {
     const headers = new Headers(options.headers ?? {});
-    const authToken = await this.getAuthToken();
+    const authToken = await this.getAuthToken({
+      requiredScopes: options.requiredScopes
+    });
     if (authToken) {
       const authHeaderName = pathConfig2 && pathConfig2.authHeader ? pathConfig2.authHeader : "Authorization";
       headers.set(authHeaderName, getAuthorizationHeader(authToken));
@@ -4319,7 +4373,7 @@ var ZapierApiClient = class {
     if (data && typeof data === "object") {
       headers["Content-Type"] = "application/json";
     }
-    const wasMissingAuthToken = options.authRequired && await this.getAuthToken() == null;
+    const wasMissingAuthToken = options.authRequired && await this.getAuthToken({ requiredScopes: options.requiredScopes }) == null;
     const response = await this.plainFetch(path, {
       ...options,
       method,
@@ -4329,7 +4383,8 @@ var ZapierApiClient = class {
     const result = await this.handleResponse({
       response,
       customErrorHandler: options.customErrorHandler,
-      wasMissingAuthToken
+      wasMissingAuthToken,
+      requiredScopes: options.requiredScopes
     });
     if (typeof result === "string") {
       if (result === "" && (method === "DELETE" || response.status === 204)) {
@@ -5007,7 +5062,7 @@ function getCpuTime() {
 
 // package.json
 var package_default = {
-  version: "0.22.0"};
+  version: "0.23.0"};
 
 // src/plugins/eventEmission/builders.ts
 function createBaseEvent(context = {}) {

package/dist/plugins/createClientCredentials/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/createClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,6BAA6B,EAC7B,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EACnC,MAAM,WAAW,CAAC;AAInB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,qCAAqC;IACpD,uBAAuB,EAAE,CACvB,OAAO,EAAE,8BAA8B,KACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC5C,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,uBAAuB,EAAE;gBACvB,WAAW,EAAE,OAAO,6BAA6B,CAAC;aACnD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAChD,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,qCAAqC,CAiEtC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/createClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,6BAA6B,EAC7B,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EACnC,MAAM,WAAW,CAAC;AAInB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,qCAAqC;IACpD,uBAAuB,EAAE,CACvB,OAAO,EAAE,8BAA8B,KACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC5C,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,uBAAuB,EAAE;gBACvB,WAAW,EAAE,OAAO,6BAA6B,CAAC;aACnD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAChD,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,qCAAqC,CAkEtC,CAAC"}

package/dist/plugins/createClientCredentials/index.js

@@ -21,6 +21,7 @@ export const createClientCredentialsPlugin = ({ context }) => {
                 return undefined;
             },
             authRequired: true,
+            requiredScopes: ["credentials"],
         });
         return {
             data: response.data,

package/dist/plugins/deleteClientCredentials/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/deleteClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,6BAA6B,EAC7B,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EACnC,MAAM,WAAW,CAAC;AAEnB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,qCAAqC;IACpD,uBAAuB,EAAE,CACvB,OAAO,EAAE,8BAA8B,KACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC5C,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,uBAAuB,EAAE;gBACvB,WAAW,EAAE,OAAO,6BAA6B,CAAC;aACnD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAChD,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,qCAAqC,CAwDtC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/deleteClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,6BAA6B,EAC7B,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EACnC,MAAM,WAAW,CAAC;AAEnB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,qCAAqC;IACpD,uBAAuB,EAAE,CACvB,OAAO,EAAE,8BAA8B,KACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC5C,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,uBAAuB,EAAE;gBACvB,WAAW,EAAE,OAAO,6BAA6B,CAAC;aACnD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAChD,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,qCAAqC,CAyDtC,CAAC"}

package/dist/plugins/deleteClientCredentials/index.js

@@ -17,6 +17,7 @@ export const deleteClientCredentialsPlugin = ({ context }) => {
                 return undefined;
             },
             authRequired: true,
+            requiredScopes: ["credentials"],
         });
         return {
             success: true,

package/dist/plugins/listClientCredentials/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/listClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,uDAAuD,CAAC;AACnG,OAAO,EACL,gCAAgC,EAChC,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC/B,MAAM,WAAW,CAAC;AAInB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,mCAAmC;IAClD,qBAAqB,EAAE,CACrB,OAAO,CAAC,EAAE,4BAA4B,KACnC,OAAO,CAAC,yBAAyB,CAAC,GACrC,aAAa,CAAC,yBAAyB,CAAC,GAAG;QACzC,KAAK,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;KAC/C,CAAC;IACJ,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,qBAAqB,EAAE;gBACrB,WAAW,EAAE,OAAO,gCAAgC,CAAC;aACtD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,mCAAmC,CAkEpC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/listClientCredentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,uDAAuD,CAAC;AACnG,OAAO,EACL,gCAAgC,EAChC,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC/B,MAAM,WAAW,CAAC;AAInB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAK7D,MAAM,WAAW,mCAAmC;IAClD,qBAAqB,EAAE,CACrB,OAAO,CAAC,EAAE,4BAA4B,KACnC,OAAO,CAAC,yBAAyB,CAAC,GACrC,aAAa,CAAC,yBAAyB,CAAC,GAAG;QACzC,KAAK,IAAI,aAAa,CAAC,qBAAqB,CAAC,CAAC;KAC/C,CAAC;IACJ,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,qBAAqB,EAAE;gBACrB,WAAW,EAAE,OAAO,gCAAgC,CAAC;aACtD,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAC9C,EAAE,EACF;IACE,GAAG,EAAE,SAAS,CAAC;CAChB,GAAG,oBAAoB,EACxB,mCAAmC,CAmEpC,CAAC"}

package/dist/plugins/listClientCredentials/index.js

@@ -25,6 +25,7 @@ export const listClientCredentialsPlugin = ({ context }) => {
                 return undefined;
             },
             authRequired: true,
+            requiredScopes: ["credentials"],
         });
         return response;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zapier/zapier-sdk",
-  "version": "0.22.0",
+  "version": "0.23.0",
   "description": "Complete Zapier SDK - combines all Zapier SDK packages",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",
@@ -36,7 +36,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@zapier/zapier-sdk-core": "^0.7.0",
+    "@zapier/zapier-sdk-core": "^0.7.2",
     "zod": "4.2.1"
   },
   "devDependencies": {
@@ -44,7 +44,7 @@
     "tsup": "^8.5.0",
     "typescript": "^5.8.3",
     "vitest": "^3.2.3",
-    "@zapier/zapier-sdk-cli-login": "0.6.0"
+    "@zapier/zapier-sdk-cli-login": "0.7.0"
   },
   "scripts": {
     "build": "tsup",