attlaz-client 1.48.3 → 1.49.0

package/dist/Client.d.ts

@@ -51,6 +51,11 @@ export declare class Client {
         apiEndpoint: string | undefined;
     }): Client;
     setClientCredentials(clientId: string, clientSecret?: string): void;
+    /**
+     * Configure this client as a public OAuth client (no client_secret).
+     * Used for SPAs and other public clients that cannot keep a secret.
+     */
+    setPublicClient(clientId: string): void;
     setVersion(version: string | null): void;
     getHttpClient(): OAuthClient;
     authenticate(): Promise<boolean>;

package/dist/Client.js

@@ -104,6 +104,16 @@ export class Client {
         this.httpClient = new OAuthClient(options);
         this.transport = this.httpClient;
     }
+    /**
+     * Configure this client as a public OAuth client (no client_secret).
+     * Used for SPAs and other public clients that cannot keep a secret.
+     */
+    setPublicClient(clientId) {
+        const options = new OAuthClientOptions(this.apiEndpoint, clientId, null);
+        options.scopes = ['all'];
+        this.httpClient = new OAuthClient(options);
+        this.transport = this.httpClient;
+    }
     setVersion(version) {
         this.httpClient.setVersion(version);
     }

package/dist/Http/ClientError.d.ts

@@ -1,9 +1,8 @@
-import { AxiosError } from 'axios';
 export declare class ClientError extends Error {
     httpStatus: number | null;
     message: string;
     response: unknown;
     constructor(message: string, httpErrorCode?: number | null);
-    static fromError(error: Error | AxiosError): ClientError;
+    static fromError(error: Error): ClientError;
     static byStatus(statusCode: number, statusText: string): ClientError | null;
 }

package/dist/Http/ClientError.js

@@ -1,4 +1,3 @@
-import { AxiosError } from 'axios';
 import { HttpStatus } from './HttpStatus.js';
 export class ClientError extends Error {
     httpStatus = null;
@@ -11,35 +10,6 @@ export class ClientError extends Error {
     }
     static fromError(error) {
         let clientError = new ClientError('Unknown error', HttpStatus.HTTP_INTERNAL_SERVER_ERROR);
-        if (error instanceof AxiosError) {
-            if (error.code === 'ECONNREFUSED' || error.code === 'ERR_NETWORK') {
-                clientError.httpStatus = HttpStatus.HTTP_UNAVAILABLE;
-                // clientError.code = 'Service not available';
-                clientError.message = 'Service not available';
-                return clientError;
-            }
-            if (error.status !== undefined && error.status !== null) {
-                clientError.httpStatus = error.status;
-            }
-            // console.log('Status', clientError.httpStatus);
-            // if(clientError.httpStatus === HttpStatusCode.Ref)
-            // clientError.message = error.message;
-            if (error.response === undefined) {
-                console.error('Unknown AxiosError error', {
-                    error, status: error.status, code: error.code,
-                });
-            }
-            else {
-                const response = {
-                    status: error.response.status,
-                    statusText: error.response.statusText,
-                    data: error.response.data,
-                };
-                clientError.message = response.statusText;
-                clientError.response = response;
-            }
-            return clientError;
-        }
         const xError = error;
         if (xError.status !== null && xError.status !== undefined) {
             const statusCode = xError.status;
@@ -73,6 +43,12 @@ export class ClientError extends Error {
                     clientError.httpStatus = HttpStatus.HTTP_INTERNAL_SERVER_ERROR;
             }
         }
+        else if (error instanceof TypeError) {
+            // fetch throws TypeError on network failures (ECONNREFUSED, DNS, etc.)
+            clientError.httpStatus = HttpStatus.HTTP_UNAVAILABLE;
+            clientError.message = 'Service not available';
+            return clientError;
+        }
         clientError.name = error.name;
         // TODO: only in debug mode
         clientError.stack = error.stack;

package/dist/Http/HttpClient.d.ts

@@ -1,7 +1,5 @@
 import { HttpClientRequest } from './HttpClientRequest.js';
 import { HttpClientResponse } from './HttpClientResponse.js';
 export declare class HttpClient {
-    private static readonly axiosInstance;
     static request(request: HttpClientRequest): Promise<HttpClientResponse>;
-    private static axiosRequest;
 }

package/dist/Http/HttpClient.js

@@ -1,32 +1,51 @@
-import axios from 'axios';
 import { HttpClientResponse } from './HttpClientResponse.js';
 import { ClientError } from './ClientError.js';
 export class HttpClient {
-    static axiosInstance = axios.create();
     static async request(request) {
-        return HttpClient.axiosRequest(request);
-    }
-    static async axiosRequest(request) {
-        const requestConfig = {
-            url: request.getFullUrl(),
+        const init = {
             method: request.method,
             headers: request.headers,
         };
         if (request.body !== null && request.body !== undefined) {
-            requestConfig.data = request.body;
+            init.body = request.body;
         }
         try {
-            const rawResponse = await HttpClient.axiosInstance.request(requestConfig);
+            const rawResponse = await fetch(request.getFullUrl(), init);
+            if (!rawResponse.ok) {
+                const statusText = rawResponse.statusText || 'Unknown error';
+                const clientError = ClientError.byStatus(rawResponse.status, statusText)
+                    ?? new ClientError(statusText, rawResponse.status);
+                // Try to attach the response body for downstream error handling
+                try {
+                    clientError.response = {
+                        status: rawResponse.status,
+                        statusText,
+                        data: await rawResponse.json(),
+                    };
+                }
+                catch {
+                    // Response body is not JSON — leave response as-is
+                }
+                throw clientError;
+            }
             const httpResponse = new HttpClientResponse(rawResponse.status, rawResponse.statusText);
-            Object.keys(rawResponse.headers).forEach((header) => {
-                const headerValue = rawResponse.headers[header];
-                httpResponse.headers[header] = headerValue === null ? '' : headerValue;
+            rawResponse.headers.forEach((value, header) => {
+                httpResponse.headers[header] = value;
             });
-            httpResponse.body = rawResponse.data;
+            const contentType = rawResponse.headers.get('content-type');
+            if (contentType !== null && contentType.includes('application/json')) {
+                httpResponse.body = await rawResponse.json();
+            }
+            else {
+                httpResponse.body = await rawResponse.text();
+            }
             return httpResponse;
         }
-        catch (requestError) {
-            throw ClientError.fromError(requestError);
+        catch (error) {
+            if (error instanceof ClientError) {
+                throw error;
+            }
+            throw ClientError.fromError(error);
         }
     }
 }

package/dist/Http/Transport/OAuthClient.d.ts

@@ -1,12 +1,11 @@
 import { Headers } from '../Data/Headers.js';
 import { Parameters } from '../Data/Parameters.js';
-import { ITransport } from './ITransport.js';
 import { OAuthClientOptions } from '../OAuthClientOptions.js';
 import { OAuthClientToken } from '../OAuthClientToken.js';
+import { ITransport } from './ITransport.js';
 export declare class OAuthClient implements ITransport {
     private readonly options;
     private debug;
-    private axiosInstance;
     private oauthClientToken;
     private refreshTokenPromise;
     private version;
@@ -14,7 +13,13 @@ export declare class OAuthClient implements ITransport {
     authenticate(username: string, password: string): Promise<boolean>;
     authenticate(): Promise<boolean>;
     refreshToken(): Promise<void>;
-    private getAxiosInstance;
+    private isPublicClient;
+    /**
+     * Direct token request for public clients that must not send client_secret.
+     * The axios-oauth-client library always includes client_secret in the body,
+     * so public clients use this method instead.
+     */
+    private requestToken;
     isTokenExpires(): boolean;
     request<T>(action: string, parameters?: Parameters, method?: string, signWithOauthToken?: boolean): Promise<T>;
     isAuthenticated(): boolean;

package/dist/Http/Transport/OAuthClient.js

@@ -1,5 +1,3 @@
-import axios from 'axios';
-import { clientCredentials, ownerCredentials, refreshToken } from 'axios-oauth-client';
 import { JsonSerializable } from '../../Model/JsonSerializable.js';
 import { VERSION } from '../../version.js';
 import { ClientError } from '../ClientError.js';
@@ -9,7 +7,6 @@ import { OAuthClientToken } from '../OAuthClientToken.js';
 export class OAuthClient {
     options;
     debug = false;
-    axiosInstance = null;
     oauthClientToken = null;
     refreshTokenPromise = null;
     version = null;
@@ -22,15 +19,28 @@ export class OAuthClient {
         try {
             if (username !== null && username !== undefined && password !== null && password !== undefined) {
                 // Password flow / Owner Credentials grant
-                const getOwnerCredentials = ownerCredentials(this.getAxiosInstance(), this.getApiEndpointUrl(this.options.accessTokenUri), this.options.clientId === null ? undefined : this.options.clientId, this.options.clientSecret === null ? undefined : this.options.clientSecret);
-                const rawAuthToken = await getOwnerCredentials(username, password, this.options.scopes.join(' '));
+                const params = {
+                    grant_type: 'password',
+                    client_id: this.options.clientId,
+                    username,
+                    password,
+                    scope: this.options.scopes.join(' '),
+                };
+                if (!this.isPublicClient()) {
+                    params.client_secret = this.options.clientSecret;
+                }
+                const rawAuthToken = await this.requestToken(params);
                 this.oauthClientToken = this.tokenToOauthClientToken(rawAuthToken);
                 return true;
             }
             if (this.options.clientId !== null && this.options.clientSecret !== null) {
-                // Client credentials flow
-                const getClientCredentials = clientCredentials(this.getAxiosInstance(), this.getApiEndpointUrl(this.options.accessTokenUri), this.options.clientId === null ? undefined : this.options.clientId, this.options.clientSecret === null ? undefined : this.options.clientSecret);
-                const rawAuthToken = await getClientCredentials(this.options.scopes.join(' '));
+                // Client credentials flow (only for confidential clients)
+                const rawAuthToken = await this.requestToken({
+                    grant_type: 'client_credentials',
+                    client_id: this.options.clientId,
+                    client_secret: this.options.clientSecret,
+                    scope: this.options.scopes.join(' '),
+                });
                 this.oauthClientToken = this.tokenToOauthClientToken(rawAuthToken);
             }
             return true;
@@ -53,24 +63,40 @@ export class OAuthClient {
             throw new Error('unable to refresh token, refresh token not set');
         }
         try {
-            const getRefreshToken = refreshToken(this.getAxiosInstance(), this.getApiEndpointUrl(this.options.accessTokenUri), this.options.clientId === null ? undefined : this.options.clientId, this.options.clientSecret === null ? undefined : this.options.clientSecret);
-            const auth = await getRefreshToken(this.oauthClientToken.refresh_token, this.options.scopes.join(' '));
-            this.oauthClientToken = this.tokenToOauthClientToken(auth);
+            const params = {
+                grant_type: 'refresh_token',
+                client_id: this.options.clientId,
+                refresh_token: this.oauthClientToken.refresh_token,
+                scope: this.options.scopes.join(' '),
+            };
+            if (!this.isPublicClient()) {
+                params.client_secret = this.options.clientSecret;
+            }
+            const rawAuthToken = await this.requestToken(params);
+            this.oauthClientToken = this.tokenToOauthClientToken(rawAuthToken);
         }
         catch (e) {
             throw ClientError.fromError(e);
         }
     }
-    getAxiosInstance() {
-        if (this.axiosInstance === null) {
-            const config = {
-            // httpsAgent: new https.Agent({
-            //     rejectUnauthorized: false,
-            // }),
-            };
-            this.axiosInstance = axios.create(config);
+    isPublicClient() {
+        return this.options.clientSecret === null || this.options.clientSecret === '';
+    }
+    /**
+     * Direct token request for public clients that must not send client_secret.
+     * The axios-oauth-client library always includes client_secret in the body,
+     * so public clients use this method instead.
+     */
+    async requestToken(params) {
+        const response = await fetch(this.getApiEndpointUrl(this.options.accessTokenUri), {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams(params).toString(),
+        });
+        if (!response.ok) {
+            throw new ClientError(response.statusText || 'Token request failed', response.status);
         }
-        return this.axiosInstance;
+        return response.json();
     }
     isTokenExpires() {
         if (this.oauthClientToken === null) {
@@ -167,7 +193,7 @@ export class OAuthClient {
         this.version = version;
     }
     isNodeEnvironment() {
-        return typeof process !== 'undefined' && process.versions != null && process.versions.node != null;
+        return typeof process !== 'undefined' && process.versions !== null && process.versions.node !== null;
     }
     tokenToOauthClientToken(oauthToken) {
         let scopes = '';
@@ -185,7 +211,7 @@ export class OAuthClient {
         return token;
     }
     getApiEndpointUrl(uri) {
-        if (uri.indexOf('http://') === 0 || uri.indexOf('https://') === 0) {
+        if (uri.startsWith('http://') || uri.startsWith('https://')) {
             return uri;
         }
         return this.options.apiEndpoint.replace(/\/+$/, '') + '/' + uri.replace(/^\/+/g, '');
@@ -210,10 +236,9 @@ export class OAuthClient {
             requestData.setJsonHeader();
         }
         if (method === 'GET' && parameters !== null && parameters !== undefined) {
-            Object.keys(parameters).forEach((key, index) => {
-                // @ts-ignore
-                const value = parameters[key];
-                requestData.addQueryParam(key, value);
+            const params = parameters;
+            Object.keys(params).forEach((key) => {
+                requestData.addQueryParam(key, params[key]);
             });
         }
         if (signWithOauthToken) {

package/dist/Service/Endpoint.js

@@ -134,7 +134,7 @@ export class Endpoint {
             const apiError = new ApiError(error.message, error.httpStatus);
             if (error.response !== null && error.response !== undefined) {
                 const response = error.response;
-                if (response.data.error !== undefined) {
+                if (response.data !== null && response.data !== undefined && response.data.error !== undefined) {
                     if (response.data.error.type !== undefined) {
                         apiError.type = response.data.error.type;
                     }

package/dist/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "1.48.3";
+export declare const VERSION = "1.49.0";

package/dist/version.js

@@ -1 +1 @@
-export const VERSION = "1.48.3";
+export const VERSION = "1.49.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "attlaz-client",
-  "version": "1.48.3",
+  "version": "1.49.0",
   "description": "Javascript Client to access Attlaz API",
   "types": "./dist/index.d.ts",
   "main": "./dist/index.js",
@@ -48,18 +48,13 @@
     "cache": "~/.npm",
     "registry": "https://registry.npmjs.org"
   },
-  "dependencies": {
-    "axios": "^1.13.6",
-    "axios-oauth-client": "^2.2.0"
-  },
   "devDependencies": {
     "@types/jest": "^30.0.0",
     "@types/node": "^24.12.0",
     "@typescript-eslint/eslint-plugin": "^8.1.0",
     "@typescript-eslint/parser": "^8.1.0",
-    "dotenv": "^17.3.1",
     "eslint": "^9.39.4",
-    "eslint-config-attlaz-base": "^1.5.2",
+    "eslint-config-attlaz-base": "^1.6.0",
     "eslint-import-resolver-typescript": "^4.4.4",
     "eslint-plugin-import": "^2.32.0",
     "eslint-plugin-jsdoc": "^51.4.1",
@@ -67,9 +62,6 @@
     "eslint-plugin-promise": "^7.2.1",
     "jest": "^30.3.0",
     "rimraf": "^6.1.3",
-    "rollup-plugin-commonjs": "^10.1.0",
-    "rollup-plugin-node-resolve": "^5.2.0",
-    "rollup-plugin-typescript": "^1.0.1",
     "ts-jest": "^29.4.6",
     "typescript": "^5.9.3"
   },