npm - ibm-cloud-sdk-core - Versions diffs - 4.2.2 → 4.2.4 - Mend

ibm-cloud-sdk-core 4.2.2 → 4.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/.secrets.baseline CHANGED Viewed

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-01-04T12:07:27Z",
+  "generated_at": "2024-02-27T01:02:51Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -96,7 +96,7 @@
         "hashed_secret": "bc2f74c22f98f7b6ffbc2f67453dbfa99bce9a32",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 118,
+        "line_number": 132,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -244,7 +244,7 @@
         "hashed_secret": "f84f793e0af9ade37c8b927bc5091e98f35bf821",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 84,
+        "line_number": 85,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -252,7 +252,7 @@
         "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 118,
+        "line_number": 119,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -260,7 +260,7 @@
         "hashed_secret": "99833a8b234b57b886a9aef1dba187fdd7ceece8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 120,
+        "line_number": 121,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -334,7 +334,7 @@
         "hashed_secret": "45c43fe97e3a06ab078b0eeff6fbe622cc417a25",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 283,
+        "line_number": 284,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -522,7 +522,7 @@
         "hashed_secret": "a7ef1be18bb8d37af79f3d87761a203378bf26a2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 146,
+        "line_number": 151,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -582,7 +582,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.61.dss",
+  "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,
     "hash": null

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+## [4.2.4](https://github.com/IBM/node-sdk-core/compare/v4.2.3...v4.2.4) (2024-02-28)
+### Bug Fixes
+* adjust IAM token expiration time ([#268](https://github.com/IBM/node-sdk-core/issues/268)) ([9b975e0](https://github.com/IBM/node-sdk-core/commit/9b975e0da75d46ea29095eebeda5d0b079f058c6))
+## [4.2.3](https://github.com/IBM/node-sdk-core/compare/v4.2.2...v4.2.3) (2024-02-01)
+### Bug Fixes
+* **token-manager:** handle request errors when refreshing tokens ([#267](https://github.com/IBM/node-sdk-core/issues/267)) ([2909804](https://github.com/IBM/node-sdk-core/commit/290980474d8e567612d36d6160315ee7e433b07b))
 ## [4.2.2](https://github.com/IBM/node-sdk-core/compare/v4.2.1...v4.2.2) (2024-01-04)

package/auth/token-managers/iam-request-based-token-manager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -89,4 +89,14 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager {
      * @returns Promise
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }

package/auth/token-managers/iam-request-based-token-manager.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@ var jwt_token_manager_1 = require("./jwt-token-manager");
 var CLIENT_ID_SECRET_WARNING = 'Warning: Client ID and Secret must BOTH be given, or the header will not be included.';
 var DEFAULT_IAM_URL = 'https://iam.cloud.ibm.com';
 var OPERATION_PATH = '/identity/token';
+var IAM_EXPIRATION_WINDOW = 10;
 /**
  * The IamRequestBasedTokenManager class contains code relevant to any token manager that
  * interacts with the IAM service to manage a token. It stores information relevant to all
@@ -168,6 +169,23 @@ var IamRequestBasedTokenManager = /** @class */ (function (_super) {
         };
         return this.requestWrapperInstance.sendRequest(parameters);
     };
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    IamRequestBasedTokenManager.prototype.isTokenExpired = function () {
+        var expireTime = this.expireTime;
+        if (!expireTime) {
+            return true;
+        }
+        var currentTime = (0, helpers_1.getCurrentTime)();
+        return currentTime >= expireTime - IAM_EXPIRATION_WINDOW;
+    };
     return IamRequestBasedTokenManager;
 }(jwt_token_manager_1.JwtTokenManager));
 exports.IamRequestBasedTokenManager = IamRequestBasedTokenManager;

package/auth/token-managers/jwt-token-manager.js CHANGED Viewed

@@ -32,7 +32,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JwtTokenManager = void 0;
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -102,7 +102,7 @@ var JwtTokenManager = /** @class */ (function (_super) {
         }
         var decodedResponse = (0, jsonwebtoken_1.decode)(this.accessToken);
         if (!decodedResponse) {
-            var err = 'Access token recieved is not a valid JWT';
+            var err = 'Access token received is not a valid JWT';
             logger_1.default.error(err);
             throw new Error(err);
         }

package/auth/token-managers/token-manager.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /// <reference types="node" />
 /**
- * (C) Copyright IBM Corp. 2020, 2023.
+ * (C) Copyright IBM Corp. 2020, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -106,7 +106,7 @@ export declare class TokenManager {
     /**
      * Checks if currently-stored token is expired
      */
-    private isTokenExpired;
+    protected isTokenExpired(): boolean;
     /**
      * Checks if currently-stored token should be refreshed
      * i.e. past the window to request a new token

package/auth/token-managers/token-manager.js CHANGED Viewed

@@ -56,6 +56,15 @@ var TokenManager = /** @class */ (function () {
         if (this.tokenNeedsRefresh()) {
             this.requestToken().then(function (tokenResponse) {
                 _this.saveTokenInfo(tokenResponse);
+            }, function (err) {
+                // If the refresh request failed: catch the error, log a message, and return the stored token.
+                // The attempt to get a new token will be retried upon the next request.
+                var message = 'Attempted token refresh failed. The refresh will be retried with the next request.';
+                if (err && err.message) {
+                    message += " ".concat(err.message);
+                }
+                logger_1.default.error(message);
+                logger_1.default.debug(err);
             });
         }
         // 2. use valid, managed token

package/auth/token-managers/vpc-instance-token-manager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2021, 2023.
+ * (C) Copyright IBM Corp. 2021, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,5 +53,15 @@ export declare class VpcInstanceTokenManager extends JwtTokenManager {
     setIamProfileId(iamProfileId: string): void;
     protected requestToken(): Promise<any>;
     private getInstanceIdentityToken;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }
 export {};

package/auth/token-managers/vpc-instance-token-manager.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2021, 2023.
+ * (C) Copyright IBM Corp. 2021, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -75,6 +75,7 @@ var helpers_1 = require("../utils/helpers");
 var jwt_token_manager_1 = require("./jwt-token-manager");
 var DEFAULT_IMS_ENDPOINT = 'http://169.254.169.254';
 var METADATA_SERVICE_VERSION = '2022-03-01';
+var IAM_EXPIRATION_WINDOW = 10;
 /**
  * Token Manager for VPC Instance Authentication.
  */
@@ -207,6 +208,23 @@ var VpcInstanceTokenManager = /** @class */ (function (_super) {
             });
         });
     };
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    VpcInstanceTokenManager.prototype.isTokenExpired = function () {
+        var expireTime = this.expireTime;
+        if (!expireTime) {
+            return true;
+        }
+        var currentTime = (0, helpers_1.getCurrentTime)();
+        return currentTime >= expireTime - IAM_EXPIRATION_WINDOW;
+    };
     return VpcInstanceTokenManager;
 }(jwt_token_manager_1.JwtTokenManager));
 exports.VpcInstanceTokenManager = VpcInstanceTokenManager;

package/build/docs/ibm-cloud-sdk-core.iamrequestbasedtokenmanager.istokenexpired.md ADDED Viewed

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+[Home](./index.md) &gt; [ibm-cloud-sdk-core](./ibm-cloud-sdk-core.md) &gt; [IamRequestBasedTokenManager](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.md) &gt; [isTokenExpired](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.istokenexpired.md)
+## IamRequestBasedTokenManager.isTokenExpired() method
+Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.
+**Signature:**
+```typescript
+protected isTokenExpired(): boolean;
+```
+**Returns:**
+boolean
+true if the token has expired, false otherwise

package/build/docs/ibm-cloud-sdk-core.iamrequestbasedtokenmanager.md CHANGED Viewed

@@ -31,6 +31,7 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager
 |  Method | Modifiers | Description |
 |  --- | --- | --- |
 |  [getRefreshToken()](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.getrefreshtoken.md) |  | Returns the most recently stored refresh token. |
+|  [isTokenExpired()](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.istokenexpired.md) | <code>protected</code> | Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service. |
 |  [requestToken()](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.requesttoken.md) | <code>protected</code> | Request an IAM access token using an API key. |
 |  [saveTokenInfo(tokenResponse)](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.savetokeninfo.md) | <code>protected</code> | Extend this method from the parent class to extract the refresh token from the request and save it. |
 |  [setClientIdAndSecret(clientId, clientSecret)](./ibm-cloud-sdk-core.iamrequestbasedtokenmanager.setclientidandsecret.md) |  | Sets the IAM "clientId" and "clientSecret" values. These values are used to compute the Authorization header used when retrieving the IAM access token. If these values are not set, no Authorization header will be set on the request (it is not required). |

package/build/docs/ibm-cloud-sdk-core.tokenmanager.istokenexpired.md ADDED Viewed

@@ -0,0 +1,17 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+[Home](./index.md) &gt; [ibm-cloud-sdk-core](./ibm-cloud-sdk-core.md) &gt; [TokenManager](./ibm-cloud-sdk-core.tokenmanager.md) &gt; [isTokenExpired](./ibm-cloud-sdk-core.tokenmanager.istokenexpired.md)
+## TokenManager.isTokenExpired() method
+Checks if currently-stored token is expired
+**Signature:**
+```typescript
+protected isTokenExpired(): boolean;
+```
+**Returns:**
+boolean

package/build/docs/ibm-cloud-sdk-core.tokenmanager.md CHANGED Viewed

@@ -35,6 +35,7 @@ export declare class TokenManager
 |  Method | Modifiers | Description |
 |  --- | --- | --- |
 |  [getToken()](./ibm-cloud-sdk-core.tokenmanager.gettoken.md) |  | Retrieves a new token using "requestToken()" if there is not a currently stored token from a previous call, or the previous token has expired. |
+|  [isTokenExpired()](./ibm-cloud-sdk-core.tokenmanager.istokenexpired.md) | <code>protected</code> | Checks if currently-stored token is expired |
 |  [pacedRequestToken()](./ibm-cloud-sdk-core.tokenmanager.pacedrequesttoken.md) | <code>protected</code> | <p>Paces requests to requestToken().</p><p>This method pseudo-serializes requests for an access\_token when the current token is undefined or expired. The first caller to this method records its <code>requestTime</code> and then issues the token request. Subsequent callers will check the <code>requestTime</code> to see if a request is active (has been issued within the past 60 seconds), and if so will queue their promise for the active requestor to resolve when that request completes.</p> |
 |  [requestToken()](./ibm-cloud-sdk-core.tokenmanager.requesttoken.md) | <code>protected</code> | Request a token using an API endpoint. |
 |  [saveTokenInfo(tokenResponse)](./ibm-cloud-sdk-core.tokenmanager.savetokeninfo.md) | <code>protected</code> | Parse and save token information from the response. Save the requested token into field <code>accessToken</code>. Calculate expiration and refresh time from the received info and store them in fields <code>expireTime</code> and <code>refreshTime</code>. |

package/build/docs/ibm-cloud-sdk-core.vpcinstancetokenmanager.istokenexpired.md ADDED Viewed

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+[Home](./index.md) &gt; [ibm-cloud-sdk-core](./ibm-cloud-sdk-core.md) &gt; [VpcInstanceTokenManager](./ibm-cloud-sdk-core.vpcinstancetokenmanager.md) &gt; [isTokenExpired](./ibm-cloud-sdk-core.vpcinstancetokenmanager.istokenexpired.md)
+## VpcInstanceTokenManager.isTokenExpired() method
+Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.
+**Signature:**
+```typescript
+protected isTokenExpired(): boolean;
+```
+**Returns:**
+boolean
+true if the token has expired, false otherwise

package/build/docs/ibm-cloud-sdk-core.vpcinstancetokenmanager.md CHANGED Viewed

@@ -23,6 +23,7 @@ export declare class VpcInstanceTokenManager extends JwtTokenManager
 |  Method | Modifiers | Description |
 |  --- | --- | --- |
+|  [isTokenExpired()](./ibm-cloud-sdk-core.vpcinstancetokenmanager.istokenexpired.md) | <code>protected</code> | Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service. |
 |  [requestToken()](./ibm-cloud-sdk-core.vpcinstancetokenmanager.requesttoken.md) | <code>protected</code> |  |
 |  [setIamProfileCrn(iamProfileCrn)](./ibm-cloud-sdk-core.vpcinstancetokenmanager.setiamprofilecrn.md) |  | Sets the CRN of the IAM trusted profile to use when fetching the access token from the IAM token server. |
 |  [setIamProfileId(iamProfileId)](./ibm-cloud-sdk-core.vpcinstancetokenmanager.setiamprofileid.md) |  | Sets the Id of the IAM trusted profile to use when fetching the access token from the IAM token server. |

package/docs/ibm-cloud-sdk-core.api.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "metadata": {
     "toolPackage": "@microsoft/api-extractor",
-    "toolVersion": "7.39.0",
+    "toolVersion": "7.41.0",
     "schemaVersion": 1011,
     "oldestForwardsCompatibleVersion": 1001,
     "tsdocConfig": {
@@ -4514,6 +4514,37 @@
               "isAbstract": false,
               "name": "getRefreshToken"
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!IamRequestBasedTokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.\n *\n * @returns true if the token has expired, false otherwise\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Property",
               "canonicalReference": "ibm-cloud-sdk-core!IamRequestBasedTokenManager#refreshToken:member",
@@ -6582,6 +6613,37 @@
               "isProtected": true,
               "isAbstract": false
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!TokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Checks if currently-stored token is expired\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!TokenManager#pacedRequestToken:member(1)",
@@ -8373,6 +8435,37 @@
                 }
               ]
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!VpcInstanceTokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.\n *\n * @returns true if the token has expired, false otherwise\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!VpcInstanceTokenManager#requestToken:member(1)",

package/es/auth/token-managers/iam-request-based-token-manager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -89,4 +89,14 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager {
      * @returns Promise
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }

package/es/auth/token-managers/iam-request-based-token-manager.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,11 +15,12 @@
  */
 import extend from 'extend';
 import logger from '../../lib/logger';
-import { computeBasicAuthHeader, onlyOne, removeSuffix } from '../utils/helpers';
+import { computeBasicAuthHeader, getCurrentTime, onlyOne, removeSuffix } from '../utils/helpers';
 import { JwtTokenManager } from './jwt-token-manager';
 const CLIENT_ID_SECRET_WARNING = 'Warning: Client ID and Secret must BOTH be given, or the header will not be included.';
 const DEFAULT_IAM_URL = 'https://iam.cloud.ibm.com';
 const OPERATION_PATH = '/identity/token';
+const IAM_EXPIRATION_WINDOW = 10;
 /**
  * The IamRequestBasedTokenManager class contains code relevant to any token manager that
  * interacts with the IAM service to manage a token. It stores information relevant to all
@@ -144,4 +145,21 @@ export class IamRequestBasedTokenManager extends JwtTokenManager {
         };
         return this.requestWrapperInstance.sendRequest(parameters);
     }
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    isTokenExpired() {
+        const { expireTime } = this;
+        if (!expireTime) {
+            return true;
+        }
+        const currentTime = getCurrentTime();
+        return currentTime >= expireTime - IAM_EXPIRATION_WINDOW;
+    }
 }

package/es/auth/token-managers/jwt-token-manager.js CHANGED Viewed

@@ -1,6 +1,6 @@
 /* eslint-disable class-methods-use-this */
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -67,7 +67,7 @@ export class JwtTokenManager extends TokenManager {
         }
         const decodedResponse = decode(this.accessToken);
         if (!decodedResponse) {
-            const err = 'Access token recieved is not a valid JWT';
+            const err = 'Access token received is not a valid JWT';
             logger.error(err);
             throw new Error(err);
         }

package/es/auth/token-managers/token-manager.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /// <reference types="node" />
 /**
- * (C) Copyright IBM Corp. 2020, 2023.
+ * (C) Copyright IBM Corp. 2020, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -106,7 +106,7 @@ export declare class TokenManager {
     /**
      * Checks if currently-stored token is expired
      */
-    private isTokenExpired;
+    protected isTokenExpired(): boolean;
     /**
      * Checks if currently-stored token should be refreshed
      * i.e. past the window to request a new token

package/es/auth/token-managers/token-manager.js CHANGED Viewed

@@ -49,6 +49,15 @@ export class TokenManager {
         if (this.tokenNeedsRefresh()) {
             this.requestToken().then((tokenResponse) => {
                 this.saveTokenInfo(tokenResponse);
+            }, (err) => {
+                // If the refresh request failed: catch the error, log a message, and return the stored token.
+                // The attempt to get a new token will be retried upon the next request.
+                let message = 'Attempted token refresh failed. The refresh will be retried with the next request.';
+                if (err && err.message) {
+                    message += ` ${err.message}`;
+                }
+                logger.error(message);
+                logger.debug(err);
             });
         }
         // 2. use valid, managed token

package/es/auth/token-managers/vpc-instance-token-manager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2021, 2023.
+ * (C) Copyright IBM Corp. 2021, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,5 +53,15 @@ export declare class VpcInstanceTokenManager extends JwtTokenManager {
     setIamProfileId(iamProfileId: string): void;
     protected requestToken(): Promise<any>;
     private getInstanceIdentityToken;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }
 export {};

package/es/auth/token-managers/vpc-instance-token-manager.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2021, 2023.
+ * (C) Copyright IBM Corp. 2021, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,10 +23,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 import logger from '../../lib/logger';
-import { atMostOne } from '../utils/helpers';
+import { atMostOne, getCurrentTime } from '../utils/helpers';
 import { JwtTokenManager } from './jwt-token-manager';
 const DEFAULT_IMS_ENDPOINT = 'http://169.254.169.254';
 const METADATA_SERVICE_VERSION = '2022-03-01';
+const IAM_EXPIRATION_WINDOW = 10;
 /**
  * Token Manager for VPC Instance Authentication.
  */
@@ -141,4 +142,21 @@ export class VpcInstanceTokenManager extends JwtTokenManager {
             return token;
         });
     }
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    isTokenExpired() {
+        const { expireTime } = this;
+        if (!expireTime) {
+            return true;
+        }
+        const currentTime = getCurrentTime();
+        return currentTime >= expireTime - IAM_EXPIRATION_WINDOW;
+    }
 }

package/es/tsdoc-metadata.json CHANGED Viewed

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.39.0"
+      "packageVersion": "7.41.0"
     }
   ]
 }

package/etc/ibm-cloud-sdk-core.api.md CHANGED Viewed

@@ -276,6 +276,7 @@ export class IamRequestBasedTokenManager extends JwtTokenManager {
     // (undocumented)
     protected formData: any;
     getRefreshToken(): string;
+    protected isTokenExpired(): boolean;
     // (undocumented)
     protected refreshToken: string;
     protected requestToken(): Promise<any>;
@@ -411,6 +412,7 @@ export class TokenManager {
     getToken(): Promise<any>;
     // (undocumented)
     protected headers: OutgoingHttpHeaders;
+    protected isTokenExpired(): boolean;
     protected pacedRequestToken(): Promise<any>;
     // (undocumented)
     protected refreshTime: number;
@@ -501,6 +503,7 @@ export class VpcInstanceAuthenticator extends TokenRequestBasedAuthenticator {
 export class VpcInstanceTokenManager extends JwtTokenManager {
     // Warning: (ae-forgotten-export) The symbol "Options_9" needs to be exported by the entry point index.d.ts
     constructor(options: Options_9);
+    protected isTokenExpired(): boolean;
     // (undocumented)
     protected requestToken(): Promise<any>;
     setIamProfileCrn(iamProfileCrn: string): void;

package/ibm-cloud-sdk-core.d.ts CHANGED Viewed

@@ -925,6 +925,16 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager {
      * @returns Promise
      */
     protected requestToken(): Promise<any>;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }
 /** Configuration options for IAM token retrieval. */
@@ -1436,7 +1446,7 @@ export declare class TokenManager {
     /**
      * Checks if currently-stored token is expired
      */
-    private isTokenExpired;
+    protected isTokenExpired(): boolean;
     /**
      * Checks if currently-stored token should be refreshed
      * i.e. past the window to request a new token
@@ -1658,6 +1668,16 @@ export declare class VpcInstanceTokenManager extends JwtTokenManager {
     setIamProfileId(iamProfileId: string): void;
     protected requestToken(): Promise<any>;
     private getInstanceIdentityToken;
+    /**
+     * Returns true iff the currently-cached IAM access token is expired.
+     * We'll consider an access token as expired when we reach its IAM server-reported
+     * expiration time minus our expiration window (10 secs).
+     * We do this to avoid using an access token that might expire in the middle of a long-running
+     * transaction within an IBM Cloud service.
+     *
+     * @returns true if the token has expired, false otherwise
+     */
+    protected isTokenExpired(): boolean;
 }
 export { }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ibm-cloud-sdk-core",
-  "version": "4.2.2",
+  "version": "4.2.4",
   "description": "Core functionality to support SDKs generated with IBM's OpenAPI SDK Generator.",
   "main": "index.js",
   "typings": "./es/index.d.ts",

package/temp/ibm-cloud-sdk-core.api.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "metadata": {
     "toolPackage": "@microsoft/api-extractor",
-    "toolVersion": "7.39.0",
+    "toolVersion": "7.41.0",
     "schemaVersion": 1011,
     "oldestForwardsCompatibleVersion": 1001,
     "tsdocConfig": {
@@ -4514,6 +4514,37 @@
               "isAbstract": false,
               "name": "getRefreshToken"
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!IamRequestBasedTokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.\n *\n * @returns true if the token has expired, false otherwise\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Property",
               "canonicalReference": "ibm-cloud-sdk-core!IamRequestBasedTokenManager#refreshToken:member",
@@ -6582,6 +6613,37 @@
               "isProtected": true,
               "isAbstract": false
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!TokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Checks if currently-stored token is expired\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!TokenManager#pacedRequestToken:member(1)",
@@ -8373,6 +8435,37 @@
                 }
               ]
             },
+            {
+              "kind": "Method",
+              "canonicalReference": "ibm-cloud-sdk-core!VpcInstanceTokenManager#isTokenExpired:member(1)",
+              "docComment": "/**\n * Returns true iff the currently-cached IAM access token is expired. We'll consider an access token as expired when we reach its IAM server-reported expiration time minus our expiration window (10 secs). We do this to avoid using an access token that might expire in the middle of a long-running transaction within an IBM Cloud service.\n *\n * @returns true if the token has expired, false otherwise\n */\n",
+              "excerptTokens": [
+                {
+                  "kind": "Content",
+                  "text": "protected isTokenExpired(): "
+                },
+                {
+                  "kind": "Content",
+                  "text": "boolean"
+                },
+                {
+                  "kind": "Content",
+                  "text": ";"
+                }
+              ],
+              "isStatic": false,
+              "returnTypeTokenRange": {
+                "startIndex": 1,
+                "endIndex": 2
+              },
+              "releaseTag": "Public",
+              "isProtected": true,
+              "overloadIndex": 1,
+              "parameters": [],
+              "isOptional": false,
+              "isAbstract": false,
+              "name": "isTokenExpired"
+            },
             {
               "kind": "Method",
               "canonicalReference": "ibm-cloud-sdk-core!VpcInstanceTokenManager#requestToken:member(1)",

package/temp/ibm-cloud-sdk-core.api.md CHANGED Viewed

@@ -276,6 +276,7 @@ export class IamRequestBasedTokenManager extends JwtTokenManager {
     // (undocumented)
     protected formData: any;
     getRefreshToken(): string;
+    protected isTokenExpired(): boolean;
     // (undocumented)
     protected refreshToken: string;
     protected requestToken(): Promise<any>;
@@ -411,6 +412,7 @@ export class TokenManager {
     getToken(): Promise<any>;
     // (undocumented)
     protected headers: OutgoingHttpHeaders;
+    protected isTokenExpired(): boolean;
     protected pacedRequestToken(): Promise<any>;
     // (undocumented)
     protected refreshTime: number;
@@ -501,6 +503,7 @@ export class VpcInstanceAuthenticator extends TokenRequestBasedAuthenticator {
 export class VpcInstanceTokenManager extends JwtTokenManager {
     // Warning: (ae-forgotten-export) The symbol "Options_9" needs to be exported by the entry point index.d.ts
     constructor(options: Options_9);
+    protected isTokenExpired(): boolean;
     // (undocumented)
     protected requestToken(): Promise<any>;
     setIamProfileCrn(iamProfileCrn: string): void;