ibm-cloud-sdk-core 4.1.5 → 4.2.0

package/.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-06-22T15:14:17Z",
+  "generated_at": "2023-11-09T19:29:53Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -70,7 +70,7 @@
         "hashed_secret": "91dfd9ddb4198affc5c194cd8ce6d338fde470e2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 73,
+        "line_number": 74,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -78,7 +78,7 @@
         "hashed_secret": "98635b2eaa2379f28cd6d72a38299f286b81b459",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 432,
+        "line_number": 433,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -86,7 +86,7 @@
         "hashed_secret": "47fcf185ee7e15fe05cae31fbe9e4ebe4a06a40d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 470,
+        "line_number": 543,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -96,7 +96,7 @@
         "hashed_secret": "bc2f74c22f98f7b6ffbc2f67453dbfa99bce9a32",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 55,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -106,7 +106,7 @@
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 62,
+        "line_number": 63,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -185,6 +185,16 @@
         "verified_result": null
       }
     ],
+    "auth/authenticators/mcsp-authenticator.ts": [
+      {
+        "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 60,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "auth/token-managers/container-token-manager.ts": [
       {
         "hashed_secret": "184ee1f04a018aa3b897e085516a9b657fea0f6b",
@@ -281,12 +291,30 @@
         "verified_result": null
       }
     ],
+    "auth/token-managers/mcsp-token-manager.ts": [
+      {
+        "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 78,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "65e622227634e8876cfa733000233fb80c6f0473",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 91,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "auth/utils/get-authenticator-from-environment.ts": [
       {
         "hashed_secret": "6947818ac409551f11fbaa78f0ea6391960aa5b8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 49,
+        "line_number": 50,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -306,7 +334,7 @@
         "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 279,
+        "line_number": 283,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -499,6 +527,26 @@
         "verified_result": null
       }
     ],
+    "test/unit/mcsp-authenticator.test.js": [
+      {
+        "hashed_secret": "0c910ad3070d996b37a1c65f542b17adc3f962bc",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 20,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/unit/mcsp-token-manager.test.js": [
+      {
+        "hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 30,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "test/unit/read-external-sources.test.js": [
       {
         "hashed_secret": "4c65cd3f160d60f7ca28ca04fa60b9035132781c",
@@ -534,7 +582,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.60.dss",
+  "version": "0.13.1+ibm.61.dss",
   "word_list": {
     "file": null,
     "hash": null

package/Authentication.md

@@ -6,6 +6,7 @@ The node-sdk-core project supports the following types of authentication:
 - Container Authentication
 - VPC Instance Authentication
 - Cloud Pak for Data Authentication
+- Multi-Cloud Saas Platform (MCSP) Authentication
 - No Authentication (for testing)
 
 The SDK user configures the appropriate type of authentication for use with service instances.
@@ -484,6 +485,78 @@ const service = ExampleServiceV1.newInstance(options);
 ```
 
 
+## Multi-Cloud Saas Platform (MCSP) Authentication
+The `McspAuthenticator` can be used in scenarios where an application needs to
+interact with an IBM Cloud service that has been deployed to a non-IBM Cloud environment (e.g. AWS).
+It accepts a user-supplied apikey and performs the necessary interactions with the
+Multi-Cloud Saas Platform token service to obtain a suitable MCSP access token (a bearer token)
+for the specified apikey.
+The authenticator will also obtain a new bearer token when the current token expires.
+The bearer token is then added to each outbound request in the `Authorization` header in the
+form:
+```
+   Authorization: Bearer <bearer-token>
+```
+
+### Properties
+
+- apikey: (required) the apikey to be used to obtain an MCSP access token.
+
+- url: (required) The URL representing the MCSP token service endpoint's base URL string. Do not include the
+operation path (e.g. `/siusermgr/api/1.0/apikeys/token`) as part of this property's value.
+
+- disableSSLVerification: (optional) A flag that indicates whether verificaton of the server's SSL
+certificate should be disabled or not. The default value is `false`.
+
+- headers: (optional) A set of key/value pairs that will be sent as HTTP headers in requests
+made to the MCSP token service.
+
+### Usage Notes
+- When constructing an McspAuthenticator instance, you must specify the apikey and url properties.
+
+- The authenticator will use the token server's `POST /siusermgr/api/1.0/apikeys/token` operation to
+exchange the user-supplied apikey for an MCSP access token (the bearer token).
+
+### Programming example
+```js
+const { McspAuthenticator } = require('ibm-cloud-sdk-core');
+const ExampleServiceV1 = require('<sdk-package-name>/example-service/v1');
+
+const authenticator = new McspAuthenticator({
+  apikey: 'myapikey',
+  url: 'https://example.mcsp.token-exchange.com',
+});
+
+const options = {
+  authenticator,
+};
+
+const service = new ExampleServiceV1(options);
+
+// 'service' can now be used to invoke operations.
+```
+
+### Configuration example
+External configuration:
+```
+export EXAMPLE_SERVICE_AUTH_TYPE=mcsp
+export EXAMPLE_SERVICE_APIKEY=myapikey
+export EXAMPLE_SERVICE_AUTH_URL=https://example.mcsp.token-exchange.com
+```
+Application code:
+```js
+const ExampleServiceV1 = require('<sdk-package-name>/example-service/v1');
+
+const options = {
+  serviceName: 'example_service',
+};
+
+const service = ExampleServiceV1.newInstance(options);
+
+// 'service' can now be used to invoke operations.
+```
+
+
 ## No Auth Authentication
 The `NoAuthAuthenticator` is a placeholder authenticator which performs no actual authentication function.
 It can be used in situations where authentication needs to be bypassed, perhaps while developing

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [4.2.0](https://github.com/IBM/node-sdk-core/compare/v4.1.5...v4.2.0) (2023-11-15)
+
+
+### Features
+
+* **McspAuthenticator:** add new authenticator for Multi-Cloud Saas Platform ([#258](https://github.com/IBM/node-sdk-core/issues/258)) ([4fe7f71](https://github.com/IBM/node-sdk-core/commit/4fe7f7191c8a93947b359034229f7f966936ae53))
+
 ## [4.1.5](https://github.com/IBM/node-sdk-core/compare/v4.1.4...v4.1.5) (2023-11-13)
 
 

package/auth/authenticators/authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2023.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@ export declare class Authenticator implements AuthenticatorInterface {
     static AUTHTYPE_CP4D: string;
     static AUTHTYPE_NOAUTH: string;
     static AUTHTYPE_VPC: string;
+    static AUTHTYPE_MCSP: string;
     static AUTHTYPE_UNKNOWN: string;
     /**
      * Create a new Authenticator instance.

package/auth/authenticators/authenticator.js

@@ -51,6 +51,7 @@ var Authenticator = /** @class */ (function () {
     Authenticator.AUTHTYPE_CP4D = 'cp4d';
     Authenticator.AUTHTYPE_NOAUTH = 'noAuth';
     Authenticator.AUTHTYPE_VPC = 'vpc';
+    Authenticator.AUTHTYPE_MCSP = 'mcsp';
     Authenticator.AUTHTYPE_UNKNOWN = 'unknown';
     return Authenticator;
 }());

package/auth/authenticators/index.d.ts

@@ -37,6 +37,7 @@
  *   IAMAuthenticator: Authenticator for passing IAM authentication information to service endpoint.
  *   ContainerAuthenticator: Authenticator for passing IAM authentication to a service, based on a token living on the container.
  *   VpcInstanceAuthenticator: Authenticator that uses the VPC Instance Metadata Service API to retrieve an IAM token.
+ *   McspAuthenticator: Authenticator for passing MCSP authentication to a service endpoint.
  *   NoAuthAuthenticator: Performs no authentication. Useful for testing purposes.
  */
 export { AuthenticatorInterface } from './authenticator-interface';
@@ -50,3 +51,4 @@ export { NoAuthAuthenticator } from './no-auth-authenticator';
 export { IamRequestBasedAuthenticator } from './iam-request-based-authenticator';
 export { TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
 export { VpcInstanceAuthenticator } from './vpc-instance-authenticator';
+export { McspAuthenticator } from './mcsp-authenticator';

package/auth/authenticators/index.js

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
+exports.McspAuthenticator = exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
 var authenticator_1 = require("./authenticator");
 Object.defineProperty(exports, "Authenticator", { enumerable: true, get: function () { return authenticator_1.Authenticator; } });
 var basic_authenticator_1 = require("./basic-authenticator");
@@ -36,3 +36,5 @@ var token_request_based_authenticator_1 = require("./token-request-based-authent
 Object.defineProperty(exports, "TokenRequestBasedAuthenticator", { enumerable: true, get: function () { return token_request_based_authenticator_1.TokenRequestBasedAuthenticator; } });
 var vpc_instance_authenticator_1 = require("./vpc-instance-authenticator");
 Object.defineProperty(exports, "VpcInstanceAuthenticator", { enumerable: true, get: function () { return vpc_instance_authenticator_1.VpcInstanceAuthenticator; } });
+var mcsp_authenticator_1 = require("./mcsp-authenticator");
+Object.defineProperty(exports, "McspAuthenticator", { enumerable: true, get: function () { return mcsp_authenticator_1.McspAuthenticator; } });

package/auth/authenticators/mcsp-authenticator.d.ts

@@ -0,0 +1,57 @@
+/**
+ * (C) Copyright IBM Corp. 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { McspTokenManager } from '../token-managers/mcsp-token-manager';
+import { BaseOptions, TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
+/** Configuration options for Multi-Cloud Saas Platform (MCSP) authentication. */
+export interface Options extends BaseOptions {
+    /** The API key used to obtain an MCSP access token. */
+    apikey: string;
+    /** The URL representing the MCSP token service endpoint. */
+    url: string;
+}
+/**
+ * The McspAuthenticator uses an apikey to obtain an access token from the MCSP token server.
+ * When the access token expires, a new access token is obtained from the token server.
+ * The access token will be added to outbound requests via the Authorization header
+ * of the form:    "Authorization: Bearer <access-token>"
+ */
+export declare class McspAuthenticator extends TokenRequestBasedAuthenticator {
+    protected requiredOptions: string[];
+    protected tokenManager: McspTokenManager;
+    private apikey;
+    /**
+     * Create a new McspAuthenticator instance.
+     *
+     * @param options - Configuration options for CloudPakForData authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service
+     * - username: (required) the username used to obtain a bearer token
+     * - password: (optional) the password used to obtain a bearer token (required if apikey is not specified)
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified)
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     *
+     * @throws Error: the username, password, and/or url are not valid, or unspecified, for Cloud Pak For Data token requests.
+     */
+    constructor(options: Options);
+    /**
+     * Returns the authenticator's type ('cp4d').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    authenticationType(): string;
+}

package/auth/authenticators/mcsp-authenticator.js

@@ -0,0 +1,82 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McspAuthenticator = void 0;
+var authenticator_1 = require("./authenticator");
+var mcsp_token_manager_1 = require("../token-managers/mcsp-token-manager");
+var token_request_based_authenticator_1 = require("./token-request-based-authenticator");
+/**
+ * The McspAuthenticator uses an apikey to obtain an access token from the MCSP token server.
+ * When the access token expires, a new access token is obtained from the token server.
+ * The access token will be added to outbound requests via the Authorization header
+ * of the form:    "Authorization: Bearer <access-token>"
+ */
+var McspAuthenticator = /** @class */ (function (_super) {
+    __extends(McspAuthenticator, _super);
+    /**
+     * Create a new McspAuthenticator instance.
+     *
+     * @param options - Configuration options for CloudPakForData authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service
+     * - username: (required) the username used to obtain a bearer token
+     * - password: (optional) the password used to obtain a bearer token (required if apikey is not specified)
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified)
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     *
+     * @throws Error: the username, password, and/or url are not valid, or unspecified, for Cloud Pak For Data token requests.
+     */
+    function McspAuthenticator(options) {
+        var _this = _super.call(this, options) || this;
+        _this.requiredOptions = ['apikey', 'url'];
+        _this.apikey = options.apikey;
+        _this.url = options.url;
+        // the param names are shared between the authenticator and the token
+        // manager so we can just pass along the options object.
+        // also, the token manager will handle input validation
+        _this.tokenManager = new mcsp_token_manager_1.McspTokenManager(options);
+        return _this;
+    }
+    /**
+     * Returns the authenticator's type ('cp4d').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    // eslint-disable-next-line class-methods-use-this
+    McspAuthenticator.prototype.authenticationType = function () {
+        return authenticator_1.Authenticator.AUTHTYPE_MCSP;
+    };
+    return McspAuthenticator;
+}(token_request_based_authenticator_1.TokenRequestBasedAuthenticator));
+exports.McspAuthenticator = McspAuthenticator;

package/auth/token-managers/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2021.
+ * (C) Copyright IBM Corp. 2019, 2023.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,15 +21,17 @@
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
+ * Multi-Cloud Saas Platform (MCSP)
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
- * tokens where as the authenticators add these tokens to the actual request.
+ * tokens, whereas the authenticators add these tokens to the actual request.
  *
  * classes:
  *   IamTokenManager: Token Manager of IAM via apikey.
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
+ *   McspTokenManager: Token Manager of MCSP via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 export { IamTokenManager } from './iam-token-manager';
@@ -39,3 +41,4 @@ export { IamRequestBasedTokenManager, IamRequestOptions } from './iam-request-ba
 export { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
 export { TokenManager, TokenManagerOptions } from './token-manager';
 export { VpcInstanceTokenManager } from './vpc-instance-token-manager';
+export { McspTokenManager } from './mcsp-token-manager';

package/auth/token-managers/index.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 2021.
+ * (C) Copyright IBM Corp. 2019, 2023.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
+exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
 /**
  * @module token-managers
  * The ibm-cloud-sdk-core module supports the following types of token authentication:
@@ -24,15 +24,17 @@ exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
+ * Multi-Cloud Saas Platform (MCSP)
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
- * tokens where as the authenticators add these tokens to the actual request.
+ * tokens, whereas the authenticators add these tokens to the actual request.
  *
  * classes:
  *   IamTokenManager: Token Manager of IAM via apikey.
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
+ *   McspTokenManager: Token Manager of MCSP via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 var iam_token_manager_1 = require("./iam-token-manager");
@@ -49,3 +51,5 @@ var token_manager_1 = require("./token-manager");
 Object.defineProperty(exports, "TokenManager", { enumerable: true, get: function () { return token_manager_1.TokenManager; } });
 var vpc_instance_token_manager_1 = require("./vpc-instance-token-manager");
 Object.defineProperty(exports, "VpcInstanceTokenManager", { enumerable: true, get: function () { return vpc_instance_token_manager_1.VpcInstanceTokenManager; } });
+var mcsp_token_manager_1 = require("./mcsp-token-manager");
+Object.defineProperty(exports, "McspTokenManager", { enumerable: true, get: function () { return mcsp_token_manager_1.McspTokenManager; } });

package/auth/token-managers/mcsp-token-manager.d.ts

@@ -0,0 +1,59 @@
+/**
+ * (C) Copyright IBM Corp. 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
+/**
+ * Configuration options for MCSP token retrieval.
+ */
+interface Options extends JwtTokenManagerOptions {
+    /** The API key used to obtain an access token. */
+    apikey: string;
+    /** The base endpoint URL for MCSP token requests. */
+    url: string;
+}
+/**
+ * This interface models the response object received from the MCSP token service.
+ */
+export interface McspTokenData {
+    token: string;
+    token_type: string;
+    expires_in: number;
+}
+/**
+ * Token Manager for Multi-Cloud Saas Platform (MCSP) authenticator.
+ *
+ * The Token Manager will invoke the MCSP token service's 'POST /siusermgr/api/1.0/apikeys/token'
+ * operation to obtain an MCSP access token for a user-supplied apikey.
+ */
+export declare class McspTokenManager extends JwtTokenManager {
+    protected requiredOptions: string[];
+    private apikey;
+    /**
+     * Create a new McspTokenManager instance.
+     *
+     * @param options - Configuration options
+     * This should be an object containing these fields:
+     * - url: (required) the base endpoint URL for the MCSP token service
+     * - apikey: (required) the API key used to obtain the MCSP access token.
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     *
+     * @throws Error: the configuration options were invalid.
+     */
+    constructor(options: Options);
+    protected requestToken(): Promise<any>;
+}
+export {};

package/auth/token-managers/mcsp-token-manager.js

@@ -0,0 +1,94 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McspTokenManager = void 0;
+var extend_1 = __importDefault(require("extend"));
+var helpers_1 = require("../utils/helpers");
+var jwt_token_manager_1 = require("./jwt-token-manager");
+/**
+ * This is the path associated with the operation used to obtain
+ * an access token from the MCSP token service.
+ */
+var OPERATION_PATH = '/siusermgr/api/1.0/apikeys/token';
+/**
+ * Token Manager for Multi-Cloud Saas Platform (MCSP) authenticator.
+ *
+ * The Token Manager will invoke the MCSP token service's 'POST /siusermgr/api/1.0/apikeys/token'
+ * operation to obtain an MCSP access token for a user-supplied apikey.
+ */
+var McspTokenManager = /** @class */ (function (_super) {
+    __extends(McspTokenManager, _super);
+    /**
+     * Create a new McspTokenManager instance.
+     *
+     * @param options - Configuration options
+     * This should be an object containing these fields:
+     * - url: (required) the base endpoint URL for the MCSP token service
+     * - apikey: (required) the API key used to obtain the MCSP access token.
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     *
+     * @throws Error: the configuration options were invalid.
+     */
+    function McspTokenManager(options) {
+        var _this = _super.call(this, options) || this;
+        _this.requiredOptions = ['apikey', 'url'];
+        _this.tokenName = 'token';
+        (0, helpers_1.validateInput)(options, _this.requiredOptions);
+        _this.apikey = options.apikey;
+        return _this;
+    }
+    McspTokenManager.prototype.requestToken = function () {
+        var requiredHeaders = {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+        };
+        var parameters = {
+            options: {
+                url: this.url + OPERATION_PATH,
+                body: {
+                    apikey: this.apikey,
+                },
+                method: 'POST',
+                headers: (0, extend_1.default)(true, {}, this.headers, requiredHeaders),
+                rejectUnauthorized: !this.disableSslVerification,
+            },
+        };
+        return this.requestWrapperInstance.sendRequest(parameters);
+    };
+    return McspTokenManager;
+}(jwt_token_manager_1.JwtTokenManager));
+exports.McspTokenManager = McspTokenManager;