ibm-cloud-sdk-core 5.0.1 → 5.1.0

package/es/auth/authenticators/token-request-based-authenticator-immutable.d.ts

@@ -0,0 +1,71 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/// <reference types="node" />
+import { OutgoingHttpHeaders } from 'http';
+import { JwtTokenManager } from '../token-managers/jwt-token-manager';
+import { Authenticator } from './authenticator';
+import { AuthenticateOptions } from './authenticator-interface';
+/** Configuration options for token-based authentication. */
+export type BaseOptions = {
+    /** Headers to be sent with every outbound HTTP requests to token services. */
+    headers?: OutgoingHttpHeaders;
+    /**
+     * A flag that indicates whether verification of the token server's SSL
+     * certificate should be disabled or not.
+     */
+    disableSslVerification?: boolean;
+    /** Endpoint for HTTP token requests. */
+    url?: string;
+    /** Allow additional request config parameters */
+    [propName: string]: any;
+};
+/**
+ * Class for common functionality shared by token-request authenticators.
+ * Token-request authenticators use token managers to retrieve, store,
+ * and refresh tokens. Not intended to be used as stand-alone authenticator,
+ * but as base class to authenticators that have their own token manager
+ * implementations.
+ *
+ * The token will be added as an Authorization header in the form:
+ *
+ *      Authorization: Bearer \<bearer-token\>
+ */
+export declare class TokenRequestBasedAuthenticatorImmutable extends Authenticator {
+    protected tokenManager: JwtTokenManager;
+    protected url: string;
+    protected headers: OutgoingHttpHeaders;
+    protected disableSslVerification: boolean;
+    /**
+     * Create a new TokenRequestBasedAuthenticatorImmutable instance with an internal JwtTokenManager.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     */
+    constructor(options: BaseOptions);
+    /**
+     * Adds bearer token information to "requestOptions". The bearer token information
+     * will be set in the Authorization property of "requestOptions.headers" in the form:
+     *
+     *     Authorization: Bearer \<bearer-token\>
+     *
+     * @param requestOptions - The request to augment with authentication information.
+     */
+    authenticate(requestOptions: AuthenticateOptions): Promise<void>;
+}

package/es/auth/authenticators/token-request-based-authenticator-immutable.js

@@ -0,0 +1,65 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import extend from 'extend';
+import { JwtTokenManager } from '../token-managers/jwt-token-manager';
+import { Authenticator } from './authenticator';
+import logger from '../../lib/logger';
+/**
+ * Class for common functionality shared by token-request authenticators.
+ * Token-request authenticators use token managers to retrieve, store,
+ * and refresh tokens. Not intended to be used as stand-alone authenticator,
+ * but as base class to authenticators that have their own token manager
+ * implementations.
+ *
+ * The token will be added as an Authorization header in the form:
+ *
+ *      Authorization: Bearer \<bearer-token\>
+ */
+export class TokenRequestBasedAuthenticatorImmutable extends Authenticator {
+    /**
+     * Create a new TokenRequestBasedAuthenticatorImmutable instance with an internal JwtTokenManager.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (optional) the endpoint URL for the token service
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     */
+    constructor(options) {
+        super();
+        this.disableSslVerification = Boolean(options.disableSslVerification);
+        this.url = options.url;
+        // default to empty object
+        this.headers = options.headers || {};
+        this.tokenManager = new JwtTokenManager(options);
+    }
+    /**
+     * Adds bearer token information to "requestOptions". The bearer token information
+     * will be set in the Authorization property of "requestOptions.headers" in the form:
+     *
+     *     Authorization: Bearer \<bearer-token\>
+     *
+     * @param requestOptions - The request to augment with authentication information.
+     */
+    authenticate(requestOptions) {
+        return this.tokenManager.getToken().then((token) => {
+            const authHeader = { Authorization: `Bearer ${token}` };
+            requestOptions.headers = extend(true, {}, requestOptions.headers, authHeader);
+            logger.debug(`Authenticated outbound request (type=${this.authenticationType()})`);
+        });
+    }
+}

package/es/auth/authenticators/token-request-based-authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,23 +15,9 @@
  */
 /// <reference types="node" />
 import { OutgoingHttpHeaders } from 'http';
-import { JwtTokenManager } from '../token-managers/jwt-token-manager';
-import { Authenticator } from './authenticator';
-import { AuthenticateOptions } from './authenticator-interface';
+import { TokenRequestBasedAuthenticatorImmutable } from './token-request-based-authenticator-immutable';
 /** Configuration options for token-based authentication. */
-export type BaseOptions = {
-    /** Headers to be sent with every outbound HTTP requests to token services. */
-    headers?: OutgoingHttpHeaders;
-    /**
-     * A flag that indicates whether verification of the token server's SSL
-     * certificate should be disabled or not.
-     */
-    disableSslVerification?: boolean;
-    /** Endpoint for HTTP token requests. */
-    url?: string;
-    /** Allow additional request config parameters */
-    [propName: string]: any;
-};
+export { BaseOptions } from './token-request-based-authenticator-immutable';
 /**
  * Class for common functionality shared by token-request authenticators.
  * TokenRequestBasedAuthenticators use token managers to retrieve, store,
@@ -43,22 +29,7 @@ export type BaseOptions = {
  *
  *      Authorization: Bearer \<bearer-token\>
  */
-export declare class TokenRequestBasedAuthenticator extends Authenticator {
-    protected tokenManager: JwtTokenManager;
-    protected url: string;
-    protected headers: OutgoingHttpHeaders;
-    protected disableSslVerification: boolean;
-    /**
-     * Create a new TokenRequestBasedAuthenticator instance with an internal JwtTokenManager.
-     *
-     * @param options - Configuration options.
-     * This should be an object containing these fields:
-     * - url: (optional) the endpoint URL for the token service
-     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
-     * should be disabled or not
-     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
-     */
-    constructor(options: BaseOptions);
+export declare class TokenRequestBasedAuthenticator extends TokenRequestBasedAuthenticatorImmutable {
     /**
      * Set the flag that indicates whether verification of the server's SSL
      * certificate should be disabled or not.
@@ -74,13 +45,4 @@ export declare class TokenRequestBasedAuthenticator extends Authenticator {
      * Overwrites previous default headers.
      */
     setHeaders(headers: OutgoingHttpHeaders): void;
-    /**
-     * Adds bearer token information to "requestOptions". The bearer token information
-     * will be set in the Authorization property of "requestOptions.headers" in the form:
-     *
-     *     Authorization: Bearer \<bearer-token\>
-     *
-     * @param requestOptions - The request to augment with authentication information.
-     */
-    authenticate(requestOptions: AuthenticateOptions): Promise<void>;
 }

package/es/auth/authenticators/token-request-based-authenticator.js

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,9 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import extend from 'extend';
-import { JwtTokenManager } from '../token-managers/jwt-token-manager';
-import { Authenticator } from './authenticator';
+import { TokenRequestBasedAuthenticatorImmutable } from './token-request-based-authenticator-immutable';
 /**
  * Class for common functionality shared by token-request authenticators.
  * TokenRequestBasedAuthenticators use token managers to retrieve, store,
@@ -27,25 +25,7 @@ import { Authenticator } from './authenticator';
  *
  *      Authorization: Bearer \<bearer-token\>
  */
-export class TokenRequestBasedAuthenticator extends Authenticator {
-    /**
-     * Create a new TokenRequestBasedAuthenticator instance with an internal JwtTokenManager.
-     *
-     * @param options - Configuration options.
-     * This should be an object containing these fields:
-     * - url: (optional) the endpoint URL for the token service
-     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
-     * should be disabled or not
-     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
-     */
-    constructor(options) {
-        super();
-        this.disableSslVerification = Boolean(options.disableSslVerification);
-        this.url = options.url;
-        // default to empty object
-        this.headers = options.headers || {};
-        this.tokenManager = new JwtTokenManager(options);
-    }
+export class TokenRequestBasedAuthenticator extends TokenRequestBasedAuthenticatorImmutable {
     /**
      * Set the flag that indicates whether verification of the server's SSL
      * certificate should be disabled or not.
@@ -73,18 +53,4 @@ export class TokenRequestBasedAuthenticator extends Authenticator {
         this.headers = headers;
         this.tokenManager.setHeaders(this.headers);
     }
-    /**
-     * Adds bearer token information to "requestOptions". The bearer token information
-     * will be set in the Authorization property of "requestOptions.headers" in the form:
-     *
-     *     Authorization: Bearer \<bearer-token\>
-     *
-     * @param requestOptions - The request to augment with authentication information.
-     */
-    authenticate(requestOptions) {
-        return this.tokenManager.getToken().then((token) => {
-            const authHeader = { Authorization: `Bearer ${token}` };
-            requestOptions.headers = extend(true, {}, requestOptions.headers, authHeader);
-        });
-    }
 }

package/es/auth/token-managers/container-token-manager.d.ts

@@ -65,6 +65,12 @@ export declare class ContainerTokenManager extends IamRequestBasedTokenManager {
      * @param iamProfileId - the ID of the IAM trusted profile
      */
     setIamProfileId(iamProfileId: string): void;
+    /**
+     * Returns the most recently stored refresh token.
+     *
+     * @returns the refresh token
+     */
+    getRefreshToken(): string;
     /**
      * Request an IAM token using a compute resource token.
      */

package/es/auth/token-managers/container-token-manager.js

@@ -13,15 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 import { atLeastOne } from '../utils/helpers';
 import { readCrTokenFile } from '../utils/file-reading-helpers';
 import { buildUserAgent } from '../../lib/build-user-agent';
@@ -95,25 +86,28 @@ export class ContainerTokenManager extends IamRequestBasedTokenManager {
     setIamProfileId(iamProfileId) {
         this.iamProfileId = iamProfileId;
     }
+    /**
+     * Returns the most recently stored refresh token.
+     *
+     * @returns the refresh token
+     */
+    getRefreshToken() {
+        return this.refreshToken;
+    }
     /**
      * Request an IAM token using a compute resource token.
      */
     requestToken() {
-        const _super = Object.create(null, {
-            requestToken: { get: () => super.requestToken }
-        });
-        return __awaiter(this, void 0, void 0, function* () {
-            this.formData.cr_token = this.getCrToken();
-            // these member variables can be reset, set them in the form data right
-            // before making the request to ensure they're up to date
-            if (this.iamProfileName) {
-                this.formData.profile_name = this.iamProfileName;
-            }
-            if (this.iamProfileId) {
-                this.formData.profile_id = this.iamProfileId;
-            }
-            return _super.requestToken.call(this);
-        });
+        this.formData.cr_token = this.getCrToken();
+        // these member variables can be reset, set them in the form data right
+        // before making the request to ensure they're up to date
+        if (this.iamProfileName) {
+            this.formData.profile_name = this.iamProfileName;
+        }
+        if (this.iamProfileId) {
+            this.formData.profile_id = this.iamProfileId;
+        }
+        return super.requestToken();
     }
     /**
      * Retrieves the CR token from a file using this search order:

package/es/auth/token-managers/cp4d-token-manager.js

@@ -17,6 +17,7 @@ import extend from 'extend';
 import { validateInput } from '../utils/helpers';
 import { buildUserAgent } from '../../lib/build-user-agent';
 import { JwtTokenManager } from './jwt-token-manager';
+import logger from '../../lib/logger';
 /**
  * Token Manager of CloudPak for data.
  *
@@ -76,6 +77,10 @@ export class Cp4dTokenManager extends JwtTokenManager {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger.debug(`Invoking CP4D token service operation: ${parameters.options.url}`);
+        return this.requestWrapperInstance.sendRequest(parameters).then((response) => {
+            logger.debug('Returned from CP4D token service operation');
+            return response;
+        });
     }
 }

package/es/auth/token-managers/iam-assume-token-manager.d.ts

@@ -0,0 +1,101 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/// <reference types="node" />
+import { OutgoingHttpHeaders } from 'http';
+import { IamRequestBasedTokenManager, IamRequestOptions } from './iam-request-based-token-manager';
+/** Configuration options for IAM Assume token retrieval. */
+interface Options extends IamRequestOptions {
+    apikey: string;
+    iamProfileId?: string;
+    iamProfileCrn?: string;
+    iamProfileName?: string;
+    iamAccountId?: string;
+}
+/**
+ * The IamAssumeTokenManager takes an api key, along with trusted profile information, and performs
+ * the necessary interactions with the IAM token service to obtain and store a suitable bearer token
+ * that "assumes" the identify of the trusted profile.
+ */
+export declare class IamAssumeTokenManager extends IamRequestBasedTokenManager {
+    protected requiredOptions: string[];
+    private iamProfileId;
+    private iamProfileCrn;
+    private iamProfileName;
+    private iamAccountId;
+    private iamDelegate;
+    /**
+     *
+     * Create a new IamAssumeTokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - apikey: (required) the IAM api key
+     * - iamProfileId: (optional) the ID of the trusted profile to use
+     * - iamProfileCrn: (optional) the CRN of the trusted profile to use
+     * - iamProfileName: (optional) the name of the trusted profile to use (must be specified with iamAccountId)
+     * - iamAccountId: (optional) the ID of the account the trusted profile is in (must be specified with iamProfileName)
+     * - url: (optional) the endpoint URL for the IAM token service (default value: "https://iam.cloud.ibm.com")
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    constructor(options: Options);
+    /**
+     * Request an IAM token using a standard access token and a trusted profile.
+     */
+    protected requestToken(): Promise<any>;
+    /**
+     * Extend this method from the parent class to erase the refresh token from
+     * the class - we do not want to expose it for IAM Assume authentication.
+     *
+     * @param tokenResponse - the response object from JWT service request
+     */
+    protected saveTokenInfo(tokenResponse: any): void;
+    /**
+     * Sets the IAM "scope" value.
+     * This value is sent as the "scope" form parameter in the IAM delegate request.
+     *
+     * @param scope - a space-separated string that contains one or more scope names
+     */
+    setScope(scope: string): void;
+    /**
+     * Sets the IAM "clientId" and "clientSecret" values for the IAM delegate.
+     *
+     * @param clientId - the client id.
+     * @param clientSecret - the client secret.
+     */
+    setClientIdAndSecret(clientId: string, clientSecret: string): void;
+    /**
+     * Sets the "disableSslVerification" property for the IAM delegate.
+     *
+     * @param value - the new value for the disableSslVerification property
+     */
+    setDisableSslVerification(value: boolean): void;
+    /**
+     * Sets the headers to be included in the IAM delegate's requests.
+     *
+     * @param headers - the set of headers to send with each request to the token server
+     */
+    setHeaders(headers: OutgoingHttpHeaders): void;
+}
+export {};

package/es/auth/token-managers/iam-assume-token-manager.js

@@ -0,0 +1,164 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { onlyOne, validateInput } from '../utils/helpers';
+import { buildUserAgent } from '../../lib/build-user-agent';
+import { IamRequestBasedTokenManager } from './iam-request-based-token-manager';
+import { IamTokenManager } from './iam-token-manager';
+/**
+ * The IamAssumeTokenManager takes an api key, along with trusted profile information, and performs
+ * the necessary interactions with the IAM token service to obtain and store a suitable bearer token
+ * that "assumes" the identify of the trusted profile.
+ */
+export class IamAssumeTokenManager extends IamRequestBasedTokenManager {
+    /**
+     *
+     * Create a new IamAssumeTokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - apikey: (required) the IAM api key
+     * - iamProfileId: (optional) the ID of the trusted profile to use
+     * - iamProfileCrn: (optional) the CRN of the trusted profile to use
+     * - iamProfileName: (optional) the name of the trusted profile to use (must be specified with iamAccountId)
+     * - iamAccountId: (optional) the ID of the account the trusted profile is in (must be specified with iamProfileName)
+     * - url: (optional) the endpoint URL for the IAM token service (default value: "https://iam.cloud.ibm.com")
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    constructor(options) {
+        super(options);
+        this.requiredOptions = ['apikey'];
+        // This just verifies that the API key is provided and is free of common issues.
+        validateInput(options, this.requiredOptions);
+        // This validates the assume-specific fields.
+        // Only one of the following three options may be specified.
+        if (!onlyOne(options.iamProfileId, options.iamProfileCrn, options.iamProfileName)) {
+            throw new Error('Exactly one of `iamProfileName`, `iamProfileCrn`, or `iamProfileId` must be specified.');
+        }
+        // `iamAccountId` may only be specified if `iamProfileName` is also specified.
+        if (Boolean(options.iamProfileName) !== Boolean(options.iamAccountId)) {
+            throw new Error('`iamProfileName` and `iamAccountId` must be provided together, or not at all.');
+        }
+        // Set class variables from options. If they are 'undefined' in options,
+        // they won't be changed, as they are 'undefined' to begin with.
+        this.iamProfileId = options.iamProfileId;
+        this.iamProfileCrn = options.iamProfileCrn;
+        this.iamProfileName = options.iamProfileName;
+        this.iamAccountId = options.iamAccountId;
+        this.iamDelegate = options.iamDelegate;
+        // Create an instance of the IamTokenManager, which will be used to obtain
+        // an IAM access token for use in the "assume" token exchange. Most option
+        // names are shared between these token manager, and extraneous options will
+        // be ignored, so we can pass the options structure to that constructor as-is.
+        this.iamDelegate = new IamTokenManager(options);
+        // These options are used by the delegate token manager
+        // but they are not supported by this token manager.
+        this.clientId = undefined;
+        this.clientSecret = undefined;
+        this.scope = undefined;
+        // Set the grant type and user agent for this flavor of authentication.
+        this.formData.grant_type = 'urn:ibm:params:oauth:grant-type:assume';
+        this.userAgent = buildUserAgent('iam-assume-authenticator');
+    }
+    /**
+     * Request an IAM token using a standard access token and a trusted profile.
+     */
+    requestToken() {
+        const _super = Object.create(null, {
+            requestToken: { get: () => super.requestToken }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            // First, retrieve a standard IAM access token from the delegate and set it in the form data.
+            this.formData.access_token = yield this.iamDelegate.getToken();
+            if (this.iamProfileCrn) {
+                this.formData.profile_crn = this.iamProfileCrn;
+            }
+            else if (this.iamProfileId) {
+                this.formData.profile_id = this.iamProfileId;
+            }
+            else {
+                this.formData.profile_name = this.iamProfileName;
+                this.formData.account = this.iamAccountId;
+            }
+            return _super.requestToken.call(this);
+        });
+    }
+    /**
+     * Extend this method from the parent class to erase the refresh token from
+     * the class - we do not want to expose it for IAM Assume authentication.
+     *
+     * @param tokenResponse - the response object from JWT service request
+     */
+    saveTokenInfo(tokenResponse) {
+        super.saveTokenInfo(tokenResponse);
+        this.refreshToken = undefined;
+    }
+    // Override the inherited "setters". This token manager does not store these options
+    // but they can adjust properties on the stored IAM delegate.
+    /**
+     * Sets the IAM "scope" value.
+     * This value is sent as the "scope" form parameter in the IAM delegate request.
+     *
+     * @param scope - a space-separated string that contains one or more scope names
+     */
+    setScope(scope) {
+        this.iamDelegate.setScope(scope);
+    }
+    /**
+     * Sets the IAM "clientId" and "clientSecret" values for the IAM delegate.
+     *
+     * @param clientId - the client id.
+     * @param clientSecret - the client secret.
+     */
+    setClientIdAndSecret(clientId, clientSecret) {
+        this.iamDelegate.setClientIdAndSecret(clientId, clientSecret);
+    }
+    /**
+     * Sets the "disableSslVerification" property for the IAM delegate.
+     *
+     * @param value - the new value for the disableSslVerification property
+     */
+    setDisableSslVerification(value) {
+        super.setDisableSslVerification(value);
+        this.iamDelegate.setDisableSslVerification(value);
+    }
+    /**
+     * Sets the headers to be included in the IAM delegate's requests.
+     *
+     * @param headers - the set of headers to send with each request to the token server
+     */
+    setHeaders(headers) {
+        super.setHeaders(headers);
+        this.iamDelegate.setHeaders(headers);
+    }
+}

package/es/auth/token-managers/iam-request-based-token-manager.d.ts

@@ -28,9 +28,9 @@ export interface IamRequestOptions extends JwtTokenManagerOptions {
  * class be extended with specific implementations.
  */
 export declare class IamRequestBasedTokenManager extends JwtTokenManager {
-    private clientId;
-    private clientSecret;
-    private scope;
+    protected clientId: string;
+    protected clientSecret: string;
+    protected scope: string;
     protected refreshToken: string;
     protected formData: any;
     /**
@@ -70,12 +70,6 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager {
      * @param clientSecret - the client secret.
      */
     setClientIdAndSecret(clientId: string, clientSecret: string): void;
-    /**
-     * Returns the most recently stored refresh token.
-     *
-     * @returns the refresh token
-     */
-    getRefreshToken(): string;
     /**
      * Extend this method from the parent class to extract the refresh token from
      * the request and save it.