cribl-control-plane 0.0.59 → 0.0.60

package/README.md

@@ -236,14 +236,10 @@ run();
 <details open>
 <summary>Available methods</summary>
 
-### [auth](docs/sdks/auth/README.md)
-
-
 #### [auth.tokens](docs/sdks/tokens/README.md)
 
 * [get](docs/sdks/tokens/README.md#get) - Log in and fetch an authentication token
 
-
 ### [destinations](docs/sdks/destinations/README.md)
 
 * [list](docs/sdks/destinations/README.md#list) - List all Destinations
@@ -340,9 +336,6 @@ run();
 * [create](docs/sdks/hectokens/README.md#create) - Add an HEC token and optional metadata to a Splunk HEC Source
 * [update](docs/sdks/hectokens/README.md#update) - Update metadata for an HEC token for a Splunk HEC Source
 
-### [versions](docs/sdks/versions/README.md)
-
-
 #### [versions.branches](docs/sdks/branches/README.md)
 
 * [list](docs/sdks/branches/README.md#list) - List all branches in the Git repository used for Cribl configuration

package/RUNTIMES.md

@@ -2,9 +2,9 @@
 
 This SDK is intended to be used in JavaScript runtimes that support ECMAScript 2020 or newer. The SDK uses the following features:
 
-* [Web Fetch API][web-fetch]
-* [Web Streams API][web-streams] and in particular `ReadableStream`
-* [Async iterables][async-iter] using `Symbol.asyncIterator`
+- [Web Fetch API][web-fetch]
+- [Web Streams API][web-streams] and in particular `ReadableStream`
+- [Async iterables][async-iter] using `Symbol.asyncIterator`
 
 [web-fetch]: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
 [web-streams]: https://developer.mozilla.org/en-US/docs/Web/API/Streams_API
@@ -25,7 +25,7 @@ Runtime environments that are explicitly supported are:
 
 The following `tsconfig.json` options are recommended for projects using this
 SDK in order to get static type support for features like async iterables,
-streams and `fetch`-related APIs ([`for await...of`][for-await-of], 
+streams and `fetch`-related APIs ([`for await...of`][for-await-of],
 [`AbortSignal`][abort-signal], [`Request`][request], [`Response`][response] and
 so on):
 
@@ -38,11 +38,11 @@ so on):
 {
   "compilerOptions": {
     "target": "es2020", // or higher
-    "lib": ["es2020", "dom", "dom.iterable"],
+    "lib": ["es2020", "dom", "dom.iterable"]
   }
 }
 ```
 
 While `target` can be set to older ECMAScript versions, it may result in extra,
 unnecessary compatibility code being generated if you are not targeting old
-runtimes.
+runtimes.

package/dist/commonjs/hooks/clientcredentials.d.ts

@@ -2,8 +2,9 @@ import { SDKOptions } from "../lib/config.js";
 import { AfterErrorContext, AfterErrorHook, BeforeRequestContext, BeforeRequestHook, SDKInitHook } from "./types.js";
 export declare class ClientCredentialsHook implements SDKInitHook, BeforeRequestHook, AfterErrorHook {
     private client?;
-    private sessions;
+    private sessionStore;
     sdkInit(opts: SDKOptions): SDKOptions;
+    private isHookDisabled;
     beforeRequest(hookCtx: BeforeRequestContext, request: Request): Promise<Request>;
     afterError(hookCtx: AfterErrorContext, response: Response | null, error: unknown): Promise<{
         response: Response | null;
@@ -13,8 +14,6 @@ export declare class ClientCredentialsHook implements SDKInitHook, BeforeRequest
     private getCredentials;
     private getCredentialsGlobal;
     private getSessionKey;
-    private hasRequiredScopes;
-    private getScopes;
-    private hasTokenExpired;
+    private getRequiredScopes;
 }
 //# sourceMappingURL=clientcredentials.d.ts.map

package/dist/commonjs/hooks/clientcredentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientcredentials.d.ts","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAK9C,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EAEjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAgBpB,qBAAa,qBACX,YAAW,WAAW,EAAE,iBAAiB,EAAE,cAAc;IAEzD,OAAO,CAAC,MAAM,CAAC,CAAa;IAC5B,OAAO,CAAC,QAAQ,CAA+B;IAE/C,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAM/B,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC;IAiCb,UAAU,CACd,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,QAAQ,GAAG,IAAI,EACzB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;YAuB3C,cAAc;YAuEd,cAAc;YAiBd,oBAAoB;IA8BlC,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,eAAe;CAGxB"}
+{"version":3,"file":"clientcredentials.d.ts","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAM9C,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EAEjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAgBpB,qBAAa,qBACX,YAAW,WAAW,EAAE,iBAAiB,EAAE,cAAc;IAEzD,OAAO,CAAC,MAAM,CAAC,CAAa;IAC5B,OAAO,CAAC,YAAY,CAA4B;IAEhD,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAMrC,OAAO,CAAC,cAAc;IAIhB,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC;IAiCb,UAAU,CACd,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,QAAQ,GAAG,IAAI,EACzB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;YA2B3C,cAAc;YAuEd,cAAc;YAiBd,oBAAoB;IAmClC,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,iBAAiB;CAS1B"}

package/dist/commonjs/hooks/clientcredentials.js

@@ -37,22 +37,31 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ClientCredentialsHook = void 0;
+const z = __importStar(require("zod"));
 const base64_js_1 = require("../lib/base64.js");
 const env_js_1 = require("../lib/env.js");
 const http_js_1 = require("../lib/http.js");
+const oauth2_sessions_js_1 = require("../lib/oauth2-sessions.js");
 const schemas_js_1 = require("../lib/schemas.js");
 const models = __importStar(require("../models/index.js"));
+const TokenResponseDataSchema = z.object({
+    access_token: z.string(),
+    token_type: z.string(),
+    expires_in: z.number().optional(),
+});
 class ClientCredentialsHook {
     constructor() {
-        this.sessions = {};
+        this.sessionStore = new oauth2_sessions_js_1.OAuth2SessionStore();
     }
     sdkInit(opts) {
         this.client = opts.httpClient || new http_js_1.HTTPClient();
         return opts;
     }
+    isHookDisabled(hookCtx) {
+        return !hookCtx.oAuth2Scopes;
+    }
     async beforeRequest(hookCtx, request) {
-        if (!hookCtx.oAuth2Scopes) {
-            // OAuth2 not in use
+        if (this.isHookDisabled(hookCtx)) {
             return request;
         }
         const credentials = await this.getCredentials(hookCtx);
@@ -60,12 +69,11 @@ class ClientCredentialsHook {
             return request;
         }
         const sessionKey = this.getSessionKey(credentials);
-        let session = this.sessions[sessionKey];
-        if (!session
-            || !this.hasRequiredScopes(session.scopes, hookCtx.oAuth2Scopes)
-            || this.hasTokenExpired(session.expiresAt)) {
-            session = await this.doTokenRequest(hookCtx, credentials, this.getScopes(hookCtx.oAuth2Scopes, session));
-            this.sessions[sessionKey] = session;
+        const requiredScopes = this.getRequiredScopes(credentials, hookCtx.oAuth2Scopes);
+        let session = this.sessionStore.getSession(sessionKey, requiredScopes);
+        if (!session) {
+            session = await this.doTokenRequest(hookCtx, credentials, requiredScopes);
+            this.sessionStore.storeSession(sessionKey, requiredScopes, session);
         }
         request.headers.set("Authorization", `Bearer ${session.token}`);
         return request;
@@ -84,7 +92,8 @@ class ClientCredentialsHook {
         }
         if (response && response?.status === 401) {
             const sessionKey = this.getSessionKey(credentials);
-            delete this.sessions[sessionKey];
+            const requiredScopes = this.getRequiredScopes(credentials, hookCtx.oAuth2Scopes);
+            this.sessionStore.deleteSession(sessionKey, requiredScopes);
         }
         return { response, error };
     }
@@ -116,28 +125,25 @@ class ClientCredentialsHook {
             throw new Error("Failed to fetch token");
         }
         if (res.status < 200 || res.status >= 300) {
-            throw new Error("Unexpected status code");
-        }
-        const data = await res.json();
-        if (!data || typeof data !== "object") {
-            throw new Error("Unexpected response format");
-        }
-        if (data.token_type?.toLowerCase() !== "bearer") {
-            throw new Error("Unexpected token type");
-        }
-        let expiresAt;
-        if (data.expires_in) {
-            expiresAt = Date.now() + data.expires_in * 1000;
+            let errorMessage = `Received unexpected status code ${res.status} while fetching token`;
+            try {
+                errorMessage += `: ${await res.text()}`;
+            }
+            catch {
+                // ignore response body
+            }
+            throw new Error(errorMessage);
         }
-        const sess = {
-            credentials,
-            token: data.access_token,
+        const rawData = await res.json();
+        const tokenResponseData = (0, schemas_js_1.parse)(rawData, (val) => TokenResponseDataSchema.parse(val), "Invalid token response format");
+        const session = {
+            token: tokenResponseData.access_token,
             scopes,
         };
-        if (expiresAt !== undefined) {
-            sess.expiresAt = expiresAt;
+        if (tokenResponseData.expires_in !== undefined) {
+            session.expiresAt = Date.now() + tokenResponseData.expires_in * 1000;
         }
-        return sess;
+        return session;
     }
     async getCredentials(hookCtx) {
         const source = hookCtx.securitySource;
@@ -152,10 +158,12 @@ class ClientCredentialsHook {
     }
     async getCredentialsGlobal(security) {
         const out = (0, schemas_js_1.parse)(security, (val) => models.Security$outboundSchema.parse(val), "unexpected security type");
+        const DEFAULT_TOKEN_URL = "https://login.cribl.cloud/oauth/token";
+        const envTokenURL = (0, env_js_1.env)().CRIBLCONTROLPLANE_TOKEN_URL ?? DEFAULT_TOKEN_URL;
         const additionalProperties = {};
         for (const [key, value] of Object.entries(out?.clientOauth ?? {})) {
-            if (key !== "clientID" && key !== "clientSecret" && key !== "tokenURL"
-                && typeof value === "string") {
+            if (typeof value === "string"
+                && !["clientID", "clientSecret", "tokenURL", "scopes"].includes(key)) {
                 additionalProperties[key] = value;
             }
         }
@@ -164,8 +172,10 @@ class ClientCredentialsHook {
                 ?? "",
             clientSecret: out?.clientOauth?.clientSecret
                 ?? (0, env_js_1.env)().CRIBLCONTROLPLANE_CLIENT_SECRET ?? "",
-            tokenURL: out?.clientOauth?.tokenURL ?? (0, env_js_1.env)().CRIBLCONTROLPLANE_TOKEN_URL
-                ?? "",
+            tokenURL: out?.clientOauth?.tokenURL !== DEFAULT_TOKEN_URL
+                ? out?.clientOauth?.tokenURL
+                : envTokenURL,
+            scopes: undefined,
             additionalProperties,
         };
     }
@@ -173,14 +183,11 @@ class ClientCredentialsHook {
         const key = `${credentials.clientID}:${credentials.clientSecret}`;
         return (0, base64_js_1.stringToBase64)(key);
     }
-    hasRequiredScopes(scopes, requiredScopes) {
-        return requiredScopes.every((scope) => scopes.includes(scope));
-    }
-    getScopes(requiredScopes, sess) {
-        return [...new Set((sess?.scopes ?? []).concat(requiredScopes))];
-    }
-    hasTokenExpired(expiresAt) {
-        return !expiresAt || Date.now() + 60000 > expiresAt;
+    getRequiredScopes(credentials, oAuth2Scopes) {
+        if (credentials.scopes !== undefined) {
+            return credentials.scopes;
+        }
+        return oAuth2Scopes;
     }
 }
 exports.ClientCredentialsHook = ClientCredentialsHook;

package/dist/commonjs/hooks/clientcredentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"clientcredentials.js","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,gDAAkD;AAElD,0CAAoC;AACpC,4CAA4C;AAC5C,kDAA0C;AAC1C,2DAA6C;AAwB7C,MAAa,qBAAqB;IAAlC;QAIU,aAAQ,GAA4B,EAAE,CAAC;IAgNjD,CAAC;IA9MC,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,oBAAU,EAAE,CAAC;QAElD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAA6B,EAC7B,OAAgB;QAEhB,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,oBAAoB;YACpB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAEnD,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,IACE,CAAC,OAAO;eACL,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC;eAC7D,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,EAC1C,CAAC;YACD,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CACjC,OAAO,EACP,WAAW,EACX,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,CAC9C,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAEhE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,UAAU,CACd,OAA0B,EAC1B,QAAyB,EACzB,KAAc;QAEd,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,oBAAoB;YACpB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,QAAQ,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,OAAoB,EACpB,WAAwB,EACxB,MAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;QACvC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAEpD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnD,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC;QAE3D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,KACE,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,oBAAoB,CAAC,EACtE,CAAC;YACD,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,SAA6B,CAAC;QAClC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAY;YACpB,WAAW;YACX,KAAK,EAAE,IAAI,CAAC,YAAY;YACxB,MAAM;SACP,CAAC;QAEF,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IACO,KAAK,CAAC,cAAc,CAC1B,OAAoB;QAEpB,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;QAEtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,QAAQ,GAAG,MAAM,CAAC;QACtB,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,QAAQ,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,QAAiB;QAEjB,MAAM,GAAG,GAAG,IAAA,kBAAK,EACf,QAAQ,EACR,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,uBAAuB,CAAC,KAAK,CAAC,GAAG,CAAC,EAClD,0BAA0B,CAC3B,CAAC;QAEF,MAAM,oBAAoB,GAA2B,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC;YAClE,IACE,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,cAAc,IAAI,GAAG,KAAK,UAAU;mBAC/D,OAAO,KAAK,KAAK,QAAQ,EAC5B,CAAC;gBACD,oBAAoB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACpC,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,IAAI,IAAA,YAAG,GAAE,CAAC,2BAA2B;mBACpE,EAAE;YACP,YAAY,EAAE,GAAG,EAAE,WAAW,EAAE,YAAY;mBACvC,IAAA,YAAG,GAAE,CAAC,+BAA+B,IAAI,EAAE;YAChD,QAAQ,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,IAAI,IAAA,YAAG,GAAE,CAAC,2BAA2B;mBACpE,EAAE;YACP,oBAAoB;SACrB,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,WAAwB;QAC5C,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QAClE,OAAO,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAEO,iBAAiB,CACvB,MAAgB,EAChB,cAAwB;QAExB,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACjE,CAAC;IAEO,SAAS,CAAC,cAAwB,EAAE,IAAc;QACxD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAEO,eAAe,CAAC,SAAkB;QACxC,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,SAAS,CAAC;IACtD,CAAC;CACF;AApND,sDAoNC"}
+{"version":3,"file":"clientcredentials.js","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,gDAAkD;AAElD,0CAAoC;AACpC,4CAA4C;AAC5C,kEAA8E;AAC9E,kDAA0C;AAC1C,2DAA6C;AAkB7C,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;IACtB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAa,qBAAqB;IAAlC;QAIU,iBAAY,GAAG,IAAI,uCAAkB,EAAE,CAAC;IAwNlD,CAAC;IAtNC,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,oBAAU,EAAE,CAAC;QAElD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,OAAoB;QACzC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAA6B,EAC7B,OAAgB;QAEhB,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAC3C,WAAW,EACX,OAAO,CAAC,YAAa,CACtB,CAAC;QAEF,IAAI,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAEvE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CACjC,OAAO,EACP,WAAW,EACX,cAAc,CACf,CAAC;YAEF,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,UAAU,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAEhE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,UAAU,CACd,OAA0B,EAC1B,QAAyB,EACzB,KAAc;QAEd,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,oBAAoB;YACpB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,QAAQ,IAAI,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAC3C,WAAW,EACX,OAAO,CAAC,YAAa,CACtB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,OAAoB,EACpB,WAAwB,EACxB,MAAgB;QAEhB,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;QACvC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAEpD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,mCAAmC;SACpD,CAAC;QAEF,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnD,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC;QAE3D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,KACE,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,oBAAoB,CAAC,EACtE,CAAC;YACD,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1C,IAAI,YAAY,GACd,mCAAmC,GAAG,CAAC,MAAM,uBAAuB,CAAC;YACvE,IAAI,CAAC;gBACH,YAAY,IAAI,KAAK,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACjC,MAAM,iBAAiB,GAAG,IAAA,kBAAK,EAC7B,OAAO,EACP,CAAC,GAAG,EAAE,EAAE,CAAC,uBAAuB,CAAC,KAAK,CAAC,GAAG,CAAC,EAC3C,+BAA+B,CAChC,CAAC;QAEF,MAAM,OAAO,GAAkB;YAC7B,KAAK,EAAE,iBAAiB,CAAC,YAAY;YACrC,MAAM;SACP,CAAC;QAEF,IAAI,iBAAiB,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAC/C,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,CAAC,UAAU,GAAG,IAAI,CAAC;QACvE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,OAAoB;QAEpB,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;QAEtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,QAAQ,GAAG,MAAM,CAAC;QACtB,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,QAAQ,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,QAAiB;QAEjB,MAAM,GAAG,GAAG,IAAA,kBAAK,EACf,QAAQ,EACR,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,uBAAuB,CAAC,KAAK,CAAC,GAAG,CAAC,EAClD,0BAA0B,CAC3B,CAAC;QAEF,MAAM,iBAAiB,GAAG,uCAAuC,CAAC;QAClE,MAAM,WAAW,GAAG,IAAA,YAAG,GAAE,CAAC,2BAA2B,IAAI,iBAAiB,CAAC;QAE3E,MAAM,oBAAoB,GAA2B,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC;YAClE,IACE,OAAO,KAAK,KAAK,QAAQ;mBACtB,CAAC,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EACpE,CAAC;gBACD,oBAAoB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACpC,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,IAAI,IAAA,YAAG,GAAE,CAAC,2BAA2B;mBACpE,EAAE;YACP,YAAY,EAAE,GAAG,EAAE,WAAW,EAAE,YAAY;mBACvC,IAAA,YAAG,GAAE,CAAC,+BAA+B,IAAI,EAAE;YAChD,QAAQ,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,KAAK,iBAAiB;gBACxD,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,QAAQ;gBAC5B,CAAC,CAAC,WAAW;YACf,MAAM,EAAE,SAAS;YACjB,oBAAoB;SACrB,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,WAAwB;QAC5C,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QAClE,OAAO,IAAA,0BAAc,EAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAEO,iBAAiB,CACvB,WAAwB,EACxB,YAAsB;QAEtB,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,OAAO,WAAW,CAAC,MAAM,CAAC;QAC5B,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AA5ND,sDA4NC"}

package/dist/commonjs/lib/config.d.ts

@@ -35,8 +35,8 @@ export declare function serverURLFromOptions(options: SDKOptions): URL | null;
 export declare const SDK_METADATA: {
     readonly language: "typescript";
     readonly openapiDocVersion: "4.14.0-837595d5";
-    readonly sdkVersion: "0.0.59";
-    readonly genVersion: "2.721.0";
-    readonly userAgent: "speakeasy-sdk/typescript 0.0.59 2.721.0 4.14.0-837595d5 cribl-control-plane";
+    readonly sdkVersion: "0.0.60";
+    readonly genVersion: "2.723.11";
+    readonly userAgent: "speakeasy-sdk/typescript 0.0.60 2.723.11 4.14.0-837595d5 cribl-control-plane";
 };
 //# sourceMappingURL=config.d.ts.map

package/dist/commonjs/lib/config.js

@@ -28,8 +28,8 @@ function serverURLFromOptions(options) {
 exports.SDK_METADATA = {
     language: "typescript",
     openapiDocVersion: "4.14.0-837595d5",
-    sdkVersion: "0.0.59",
-    genVersion: "2.721.0",
-    userAgent: "speakeasy-sdk/typescript 0.0.59 2.721.0 4.14.0-837595d5 cribl-control-plane",
+    sdkVersion: "0.0.60",
+    genVersion: "2.723.11",
+    userAgent: "speakeasy-sdk/typescript 0.0.60 2.723.11 4.14.0-837595d5 cribl-control-plane",
 };
 //# sourceMappingURL=config.js.map

package/dist/commonjs/lib/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/lib/config.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AA0CH,oDAeC;AAnDD,qCAA8C;AAE9C;;GAEG;AACU,QAAA,UAAU,GAAG;IACxB,GAAG;CACK,CAAC;AA6BX,SAAgB,oBAAoB,CAAC,OAAmB;IACtD,IAAI,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAElC,MAAM,MAAM,GAAW,EAAE,CAAC;IAE1B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;QACzC,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,kBAAU,CAAC,MAAM,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,wBAAwB,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,SAAS,GAAG,kBAAU,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,CAAC,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;IACxC,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAEY,QAAA,YAAY,GAAG;IAC1B,QAAQ,EAAE,YAAY;IACtB,iBAAiB,EAAE,iBAAiB;IACpC,UAAU,EAAE,QAAQ;IACpB,UAAU,EAAE,SAAS;IACrB,SAAS,EACP,6EAA6E;CACvE,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/lib/config.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AA0CH,oDAeC;AAnDD,qCAA8C;AAE9C;;GAEG;AACU,QAAA,UAAU,GAAG;IACxB,GAAG;CACK,CAAC;AA6BX,SAAgB,oBAAoB,CAAC,OAAmB;IACtD,IAAI,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAElC,MAAM,MAAM,GAAW,EAAE,CAAC;IAE1B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;QACzC,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,kBAAU,CAAC,MAAM,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,wBAAwB,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,SAAS,GAAG,kBAAU,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,CAAC,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;IACxC,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAEY,QAAA,YAAY,GAAG;IAC1B,QAAQ,EAAE,YAAY;IACtB,iBAAiB,EAAE,iBAAiB;IACpC,UAAU,EAAE,QAAQ;IACpB,UAAU,EAAE,UAAU;IACtB,SAAS,EACP,8EAA8E;CACxE,CAAC"}

package/dist/commonjs/lib/oauth2-sessions.d.ts

@@ -0,0 +1,18 @@
+export type OAuth2Session = {
+    token: string;
+    expiresAt?: number;
+    scopes: string[];
+};
+export declare class OAuth2SessionStore {
+    #private;
+    cache: Map<string, Map<string, OAuth2Session>>;
+    getSession(ownerKey: string, scopes: string[]): OAuth2Session | undefined;
+    storeSession(ownerKey: string, scopes: string[], entry: OAuth2Session): void;
+    deleteSession(ownerKey: string, scopes: string[]): OAuth2Session | undefined;
+    statistics(): {
+        total: number;
+        active: number;
+        expired: number;
+    };
+}
+//# sourceMappingURL=oauth2-sessions.d.ts.map

package/dist/commonjs/lib/oauth2-sessions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2-sessions.d.ts","sourceRoot":"","sources":["../../../src/lib/oauth2-sessions.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,aAAa,GAAG;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAAC;AAEF,qBAAa,kBAAkB;;IAC7B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAa;IAE3D,UAAU,CACR,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,aAAa,GAAG,SAAS;IA6B5B,YAAY,CACV,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,EAAE,aAAa,GACnB,IAAI;IAUP,aAAa,CACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,aAAa,GAAG,SAAS;IAkB5B,UAAU,IAAI;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB;CA8DF"}

package/dist/commonjs/lib/oauth2-sessions.js

@@ -0,0 +1,105 @@
+"use strict";
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _OAuth2SessionStore_instances, _OAuth2SessionStore_getScopesKey, _OAuth2SessionStore_hasRequiredScopes, _OAuth2SessionStore_hasTokenExpired;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuth2SessionStore = void 0;
+class OAuth2SessionStore {
+    constructor() {
+        _OAuth2SessionStore_instances.add(this);
+        this.cache = new Map();
+    }
+    getSession(ownerKey, scopes) {
+        const tokens = this.cache.get(ownerKey);
+        if (!tokens) {
+            return;
+        }
+        const scopeKey = __classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_getScopesKey).call(this, scopes);
+        // First look for an exact match
+        const exactMatch = tokens.get(scopeKey);
+        if (exactMatch !== undefined && !__classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_hasTokenExpired).call(this, exactMatch.expiresAt)) {
+            return exactMatch;
+        }
+        // If no exact match was found or it was expired, look for a superset match
+        for (const [_, session] of tokens) {
+            if (__classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_hasRequiredScopes).call(this, session.scopes, scopes)
+                && !__classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_hasTokenExpired).call(this, session.expiresAt)) {
+                return session;
+            }
+        }
+        return undefined;
+    }
+    storeSession(ownerKey, scopes, entry) {
+        let tokens = this.cache.get(ownerKey);
+        if (tokens == null) {
+            tokens = new Map();
+            this.cache.set(ownerKey, tokens);
+        }
+        tokens.set(__classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_getScopesKey).call(this, scopes), entry);
+    }
+    deleteSession(ownerKey, scopes) {
+        const tokens = this.cache.get(ownerKey);
+        if (!tokens) {
+            return;
+        }
+        const scopeKey = __classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_getScopesKey).call(this, scopes);
+        const outgoing = tokens.get(scopeKey);
+        tokens.delete(scopeKey);
+        // Clean up empty owner maps
+        if (tokens.size === 0) {
+            this.cache.delete(ownerKey);
+        }
+        return outgoing;
+    }
+    statistics() {
+        let total = 0;
+        let active = 0;
+        let expired = 0;
+        for (const [_, sessions] of this.cache) {
+            for (const [_, session] of sessions) {
+                total += 1;
+                if (__classPrivateFieldGet(this, _OAuth2SessionStore_instances, "m", _OAuth2SessionStore_hasTokenExpired).call(this, session.expiresAt)) {
+                    expired += 1;
+                }
+                else {
+                    active += 1;
+                }
+            }
+        }
+        return { total, active, expired };
+    }
+}
+exports.OAuth2SessionStore = OAuth2SessionStore;
+_OAuth2SessionStore_instances = new WeakSet(), _OAuth2SessionStore_getScopesKey = function _OAuth2SessionStore_getScopesKey(scopes) {
+    if (!scopes?.length) {
+        return "";
+    }
+    const p = new URLSearchParams();
+    const sorted = scopes.slice().sort();
+    for (const scope of sorted) {
+        p.append("s", scope);
+    }
+    return p.toString();
+}, _OAuth2SessionStore_hasRequiredScopes = function _OAuth2SessionStore_hasRequiredScopes(sessionScopes, requiredScopes) {
+    // If no scopes are required, any token works
+    if (requiredScopes.length === 0) {
+        return true;
+    }
+    // Check if session has all required scopes
+    const sessionScopeSet = new Set(sessionScopes);
+    for (const requiredScope of requiredScopes) {
+        if (!sessionScopeSet.has(requiredScope)) {
+            return false;
+        }
+    }
+    return true;
+}, _OAuth2SessionStore_hasTokenExpired = function _OAuth2SessionStore_hasTokenExpired(expiresAt) {
+    return expiresAt !== undefined && Date.now() + 60000 >= expiresAt;
+};
+//# sourceMappingURL=oauth2-sessions.js.map

package/dist/commonjs/lib/oauth2-sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2-sessions.js","sourceRoot":"","sources":["../../../src/lib/oauth2-sessions.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;AAQH,MAAa,kBAAkB;IAA/B;;QACE,UAAK,GAA4C,IAAI,GAAG,EAAE,CAAC;IAuI7D,CAAC;IArIC,UAAU,CACR,QAAgB,EAChB,MAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,uBAAA,IAAI,uEAAc,MAAlB,IAAI,EAAe,MAAM,CAAC,CAAC;QAE5C,gCAAgC;QAChC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IACE,UAAU,KAAK,SAAS,IAAI,CAAC,uBAAA,IAAI,0EAAiB,MAArB,IAAI,EAAkB,UAAU,CAAC,SAAS,CAAC,EACxE,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,2EAA2E;QAC3E,KAAK,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,MAAM,EAAE,CAAC;YAClC,IACE,uBAAA,IAAI,4EAAmB,MAAvB,IAAI,EAAoB,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;mBAC5C,CAAC,uBAAA,IAAI,0EAAiB,MAArB,IAAI,EAAkB,OAAO,CAAC,SAAS,CAAC,EAC5C,CAAC;gBACD,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,CACV,QAAgB,EAChB,MAAgB,EAChB,KAAoB;QAEpB,IAAI,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACnB,MAAM,GAAG,IAAI,GAAG,EAAyB,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,uBAAA,IAAI,uEAAc,MAAlB,IAAI,EAAe,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC;IAED,aAAa,CACX,QAAgB,EAChB,MAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,uBAAA,IAAI,uEAAc,MAAlB,IAAI,EAAe,MAAM,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAExB,4BAA4B;QAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,UAAU;QAKR,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACvC,KAAK,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACpC,KAAK,IAAI,CAAC,CAAC;gBAEX,IAAI,uBAAA,IAAI,0EAAiB,MAArB,IAAI,EAAkB,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC7C,OAAO,IAAI,CAAC,CAAC;gBACf,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,CAAC,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACpC,CAAC;CA4CF;AAxID,gDAwIC;4HA1Ce,MAAgB;IAC5B,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QACpB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,CAAC,GAAG,IAAI,eAAe,EAAE,CAAC;IAChC,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC,yFAGC,aAAuB,EACvB,cAAwB;IAExB,6CAA6C;IAC7C,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2CAA2C;IAC3C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IAC/C,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;QAC3C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,qFAOgB,SAA6B;IAC5C,OAAO,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,SAAS,CAAC;AACpE,CAAC"}

package/dist/esm/hooks/clientcredentials.d.ts

@@ -2,8 +2,9 @@ import { SDKOptions } from "../lib/config.js";
 import { AfterErrorContext, AfterErrorHook, BeforeRequestContext, BeforeRequestHook, SDKInitHook } from "./types.js";
 export declare class ClientCredentialsHook implements SDKInitHook, BeforeRequestHook, AfterErrorHook {
     private client?;
-    private sessions;
+    private sessionStore;
     sdkInit(opts: SDKOptions): SDKOptions;
+    private isHookDisabled;
     beforeRequest(hookCtx: BeforeRequestContext, request: Request): Promise<Request>;
     afterError(hookCtx: AfterErrorContext, response: Response | null, error: unknown): Promise<{
         response: Response | null;
@@ -13,8 +14,6 @@ export declare class ClientCredentialsHook implements SDKInitHook, BeforeRequest
     private getCredentials;
     private getCredentialsGlobal;
     private getSessionKey;
-    private hasRequiredScopes;
-    private getScopes;
-    private hasTokenExpired;
+    private getRequiredScopes;
 }
 //# sourceMappingURL=clientcredentials.d.ts.map

package/dist/esm/hooks/clientcredentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientcredentials.d.ts","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAK9C,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EAEjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAgBpB,qBAAa,qBACX,YAAW,WAAW,EAAE,iBAAiB,EAAE,cAAc;IAEzD,OAAO,CAAC,MAAM,CAAC,CAAa;IAC5B,OAAO,CAAC,QAAQ,CAA+B;IAE/C,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAM/B,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC;IAiCb,UAAU,CACd,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,QAAQ,GAAG,IAAI,EACzB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;YAuB3C,cAAc;YAuEd,cAAc;YAiBd,oBAAoB;IA8BlC,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,eAAe;CAGxB"}
+{"version":3,"file":"clientcredentials.d.ts","sourceRoot":"","sources":["../../../src/hooks/clientcredentials.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAM9C,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EAEjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAgBpB,qBAAa,qBACX,YAAW,WAAW,EAAE,iBAAiB,EAAE,cAAc;IAEzD,OAAO,CAAC,MAAM,CAAC,CAAa;IAC5B,OAAO,CAAC,YAAY,CAA4B;IAEhD,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAMrC,OAAO,CAAC,cAAc;IAIhB,aAAa,CACjB,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC;IAiCb,UAAU,CACd,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,QAAQ,GAAG,IAAI,EACzB,KAAK,EAAE,OAAO,GACb,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;YA2B3C,cAAc;YAuEd,cAAc;YAiBd,oBAAoB;IAmClC,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,iBAAiB;CAS1B"}

package/dist/esm/hooks/clientcredentials.js

@@ -1,22 +1,31 @@
 /*
  * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
  */
+import * as z from "zod";
 import { stringToBase64 } from "../lib/base64.js";
 import { env } from "../lib/env.js";
 import { HTTPClient } from "../lib/http.js";
+import { OAuth2SessionStore } from "../lib/oauth2-sessions.js";
 import { parse } from "../lib/schemas.js";
 import * as models from "../models/index.js";
+const TokenResponseDataSchema = z.object({
+    access_token: z.string(),
+    token_type: z.string(),
+    expires_in: z.number().optional(),
+});
 export class ClientCredentialsHook {
     constructor() {
-        this.sessions = {};
+        this.sessionStore = new OAuth2SessionStore();
     }
     sdkInit(opts) {
         this.client = opts.httpClient || new HTTPClient();
         return opts;
     }
+    isHookDisabled(hookCtx) {
+        return !hookCtx.oAuth2Scopes;
+    }
     async beforeRequest(hookCtx, request) {
-        if (!hookCtx.oAuth2Scopes) {
-            // OAuth2 not in use
+        if (this.isHookDisabled(hookCtx)) {
             return request;
         }
         const credentials = await this.getCredentials(hookCtx);
@@ -24,12 +33,11 @@ export class ClientCredentialsHook {
             return request;
         }
         const sessionKey = this.getSessionKey(credentials);
-        let session = this.sessions[sessionKey];
-        if (!session
-            || !this.hasRequiredScopes(session.scopes, hookCtx.oAuth2Scopes)
-            || this.hasTokenExpired(session.expiresAt)) {
-            session = await this.doTokenRequest(hookCtx, credentials, this.getScopes(hookCtx.oAuth2Scopes, session));
-            this.sessions[sessionKey] = session;
+        const requiredScopes = this.getRequiredScopes(credentials, hookCtx.oAuth2Scopes);
+        let session = this.sessionStore.getSession(sessionKey, requiredScopes);
+        if (!session) {
+            session = await this.doTokenRequest(hookCtx, credentials, requiredScopes);
+            this.sessionStore.storeSession(sessionKey, requiredScopes, session);
         }
         request.headers.set("Authorization", `Bearer ${session.token}`);
         return request;
@@ -48,7 +56,8 @@ export class ClientCredentialsHook {
         }
         if (response && response?.status === 401) {
             const sessionKey = this.getSessionKey(credentials);
-            delete this.sessions[sessionKey];
+            const requiredScopes = this.getRequiredScopes(credentials, hookCtx.oAuth2Scopes);
+            this.sessionStore.deleteSession(sessionKey, requiredScopes);
         }
         return { response, error };
     }
@@ -80,28 +89,25 @@ export class ClientCredentialsHook {
             throw new Error("Failed to fetch token");
         }
         if (res.status < 200 || res.status >= 300) {
-            throw new Error("Unexpected status code");
-        }
-        const data = await res.json();
-        if (!data || typeof data !== "object") {
-            throw new Error("Unexpected response format");
-        }
-        if (data.token_type?.toLowerCase() !== "bearer") {
-            throw new Error("Unexpected token type");
-        }
-        let expiresAt;
-        if (data.expires_in) {
-            expiresAt = Date.now() + data.expires_in * 1000;
+            let errorMessage = `Received unexpected status code ${res.status} while fetching token`;
+            try {
+                errorMessage += `: ${await res.text()}`;
+            }
+            catch {
+                // ignore response body
+            }
+            throw new Error(errorMessage);
         }
-        const sess = {
-            credentials,
-            token: data.access_token,
+        const rawData = await res.json();
+        const tokenResponseData = parse(rawData, (val) => TokenResponseDataSchema.parse(val), "Invalid token response format");
+        const session = {
+            token: tokenResponseData.access_token,
             scopes,
         };
-        if (expiresAt !== undefined) {
-            sess.expiresAt = expiresAt;
+        if (tokenResponseData.expires_in !== undefined) {
+            session.expiresAt = Date.now() + tokenResponseData.expires_in * 1000;
         }
-        return sess;
+        return session;
     }
     async getCredentials(hookCtx) {
         const source = hookCtx.securitySource;
@@ -116,10 +122,12 @@ export class ClientCredentialsHook {
     }
     async getCredentialsGlobal(security) {
         const out = parse(security, (val) => models.Security$outboundSchema.parse(val), "unexpected security type");
+        const DEFAULT_TOKEN_URL = "https://login.cribl.cloud/oauth/token";
+        const envTokenURL = env().CRIBLCONTROLPLANE_TOKEN_URL ?? DEFAULT_TOKEN_URL;
         const additionalProperties = {};
         for (const [key, value] of Object.entries(out?.clientOauth ?? {})) {
-            if (key !== "clientID" && key !== "clientSecret" && key !== "tokenURL"
-                && typeof value === "string") {
+            if (typeof value === "string"
+                && !["clientID", "clientSecret", "tokenURL", "scopes"].includes(key)) {
                 additionalProperties[key] = value;
             }
         }
@@ -128,8 +136,10 @@ export class ClientCredentialsHook {
                 ?? "",
             clientSecret: out?.clientOauth?.clientSecret
                 ?? env().CRIBLCONTROLPLANE_CLIENT_SECRET ?? "",
-            tokenURL: out?.clientOauth?.tokenURL ?? env().CRIBLCONTROLPLANE_TOKEN_URL
-                ?? "",
+            tokenURL: out?.clientOauth?.tokenURL !== DEFAULT_TOKEN_URL
+                ? out?.clientOauth?.tokenURL
+                : envTokenURL,
+            scopes: undefined,
             additionalProperties,
         };
     }
@@ -137,14 +147,11 @@ export class ClientCredentialsHook {
         const key = `${credentials.clientID}:${credentials.clientSecret}`;
         return stringToBase64(key);
     }
-    hasRequiredScopes(scopes, requiredScopes) {
-        return requiredScopes.every((scope) => scopes.includes(scope));
-    }
-    getScopes(requiredScopes, sess) {
-        return [...new Set((sess?.scopes ?? []).concat(requiredScopes))];
-    }
-    hasTokenExpired(expiresAt) {
-        return !expiresAt || Date.now() + 60000 > expiresAt;
+    getRequiredScopes(credentials, oAuth2Scopes) {
+        if (credentials.scopes !== undefined) {
+            return credentials.scopes;
+        }
+        return oAuth2Scopes;
     }
 }
 //# sourceMappingURL=clientcredentials.js.map