oauth2-cli 0.1.3 → 0.1.4

package/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [0.1.4](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.1.3...oauth2-cli/0.1.4) (2025-03-06)
+
+
+### Features
+
+* **oauth2-cli:** cache token in memory ([68ac632](https://github.com/battis/oauth2-cli/commit/68ac6323031cbcaa0dd7b444dcd6da62b4f9a48d))
+* **oauth2-cli:** Client.request() and Client.requestJSON() ([50c1198](https://github.com/battis/oauth2-cli/commit/50c11985c0ae8f135932d05bae2bf74ff1cd29df))
+* **oauth2-cli:** deprecate TokenManager (replaced by Client) ([991ac42](https://github.com/battis/oauth2-cli/commit/991ac42eb2cc83b4b31e60856faf192233cd35f3))
+
+
+### Bug Fixes
+
+* **oauth2-cli:** improve error window title ([97a4c1c](https://github.com/battis/oauth2-cli/commit/97a4c1c9f98aaacf7ce63fb05a64cfee5f4dd0ce))
+
 ## [0.1.3](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.1.2...oauth2-cli/0.1.3) (2025-03-06)
 
 ### Patch Changes

package/README.md

@@ -2,6 +2,9 @@
 
 Acquire API access tokens via OAuth 2.0 within CLI tools
 
+[![npm version](https://badge.fury.io/js/oauth2-cli.svg)](https://badge.fury.io/js/oauth2-cli)
+[![Module type: ESM](https://img.shields.io/badge/module%20type-esm-brightgreen)](https://nodejs.org/api/esm.html)
+
 ## Install
 
 ```sh

package/dist/{TokenManager.d.ts → Client.d.ts}

@@ -1,4 +1,5 @@
 import * as Configuration from '@battis/oauth2-configure';
+import * as OpenIDClient from 'openid-client';
 import { Token } from './Token.js';
 import { TokenStorage } from './TokenStorage.js';
 export type Options = Configuration.Options & {
@@ -7,12 +8,17 @@ export type Options = Configuration.Options & {
     parameters?: Record<string, string>;
     store?: TokenStorage | string;
 };
-export declare class TokenManager {
+export declare class Client {
     private options;
     private tokenMutex;
+    private config?;
+    private token?;
     private store?;
     constructor(options: Options);
     getToken(): Promise<Token | undefined>;
     private refreshToken;
+    private getConfiguration;
     private authorize;
+    request(url: URL | string, method?: string, body?: OpenIDClient.FetchBody, headers?: Record<string, string>, options?: OpenIDClient.DPoPOptions): Promise<Response>;
+    requestJSON(url: URL | string, method?: string, body?: OpenIDClient.FetchBody, headers?: Record<string, string>, options?: OpenIDClient.DPoPOptions): Promise<unknown>;
 }

package/dist/Client.js

@@ -0,0 +1,97 @@
+import * as Configuration from '@battis/oauth2-configure';
+import { Mutex } from 'async-mutex';
+import * as OpenIDClient from 'openid-client';
+import { FileStorage } from './FileStorage.js';
+import * as Localhost from './Localhost.js';
+import { Token } from './Token.js';
+export class Client {
+    options;
+    tokenMutex = new Mutex();
+    config;
+    token;
+    store;
+    constructor(options) {
+        this.options = options;
+        if (this.options.store) {
+            if (typeof this.options.store === 'string') {
+                this.store = new FileStorage(this.options.store);
+            }
+            else {
+                this.store = this.options.store;
+            }
+        }
+    }
+    async getToken() {
+        return await this.tokenMutex.runExclusive((async () => {
+            if (!this.token) {
+                this.token = await this.store?.load();
+            }
+            if (this.token?.hasExpired()) {
+                this.token = await this.refreshToken(this.token);
+            }
+            if (!this.token) {
+                this.token = await this.authorize();
+            }
+            return this.token;
+        }).bind(this));
+    }
+    async refreshToken(token) {
+        if (token.refresh_token) {
+            const { headers, parameters } = this.options;
+            let freshTokens;
+            if ((freshTokens = Token.fromResponse(await OpenIDClient.refreshTokenGrant(await Configuration.acquire(this.options), token.refresh_token, parameters, 
+            // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
+            { headers })))) {
+                return this.store?.save(freshTokens) || freshTokens;
+            }
+        }
+        return this.authorize();
+    }
+    async getConfiguration() {
+        if (!this.config) {
+            this.config = await Configuration.acquire(this.options);
+        }
+        return this.config;
+    }
+    async authorize() {
+        const { scope, redirect_uri, parameters: additionalParameters } = this.options;
+        return new Promise(async (resolve, reject) => {
+            const code_verifier = OpenIDClient.randomPKCECodeVerifier();
+            const code_challenge = await OpenIDClient.calculatePKCECodeChallenge(code_verifier);
+            let state = undefined;
+            const parameters = {
+                ...additionalParameters,
+                redirect_uri,
+                code_challenge,
+                code_challenge_method: 'S256' // TODO make code challenge method configurable?
+            };
+            if (scope) {
+                parameters.scope = scope;
+            }
+            if (!(await this.getConfiguration()).serverMetadata().supportsPKCE()) {
+                state = OpenIDClient.randomState();
+                parameters.state = state;
+            }
+            await Localhost.redirectServer({
+                ...this.options,
+                authorization_url: OpenIDClient.buildAuthorizationUrl(await this.getConfiguration(), parameters).href,
+                code_verifier,
+                state,
+                resolve: (async (response) => {
+                    this.token = Token.fromResponse(response);
+                    if (this.token && this.store) {
+                        await this.store.save(this.token);
+                    }
+                    resolve(this.token);
+                }).bind(this),
+                reject
+            });
+        });
+    }
+    async request(url, method = 'GET', body, headers, options) {
+        return await OpenIDClient.fetchProtectedResource(await this.getConfiguration(), (await this.getToken()).access_token, new URL(url), method, body, new Headers({ ...this.options.headers, ...headers }), options);
+    }
+    async requestJSON(url, method = 'GET', body, headers, options) {
+        return await (await this.request(url, method, body, headers, options)).json();
+    }
+}

package/dist/Localhost.d.ts

@@ -1,12 +1,13 @@
 import * as Configuration from '@battis/oauth2-configure';
+import * as OpenIDClient from 'openid-client';
 type Options = Configuration.Options & {
     authorization_url: string;
     redirect_uri: string;
     headers?: Record<string, string>;
     code_verifier?: string;
     state?: string;
-    resolve: Function;
-    reject: Function;
+    resolve: (tokens?: OpenIDClient.TokenEndpointResponse) => void;
+    reject: (error: unknown) => void;
     views?: string;
 };
 export declare function redirectServer(options: Options): Promise<void>;

package/dist/Localhost.js

@@ -3,7 +3,7 @@ import express from 'express';
 import fs from 'node:fs';
 import path from 'node:path';
 import open from 'open';
-import * as client from 'openid-client';
+import * as OpenIDClient from 'openid-client';
 export async function redirectServer(options) {
     const { authorization_url, redirect_uri, code_verifier, state, headers, resolve, reject, views = '../views' } = options;
     const redirectUrl = new URL(redirect_uri);
@@ -16,7 +16,7 @@ export async function redirectServer(options) {
     let tokens = undefined;
     let error = undefined;
     app.get('/authorize', async (req, res) => {
-        let viewPath = path.resolve(import.meta.dirname, views, 'authorize');
+        const viewPath = path.resolve(import.meta.dirname, views, 'authorize');
         if (ejs && fs.existsSync(viewPath)) {
             res.send(await ejs.renderFile(viewPath));
         }
@@ -27,11 +27,11 @@ export async function redirectServer(options) {
     app.get(redirectUrl.pathname, async (req, res) => {
         try {
             const currentUrl = new URL(req.originalUrl, redirect_uri);
-            tokens = await client.authorizationCodeGrant(configuration, currentUrl, {
+            tokens = await OpenIDClient.authorizationCodeGrant(configuration, currentUrl, {
                 pkceCodeVerifier: code_verifier,
                 expectedState: state
             }, 
-            // @ts-ignore FIXME undocumented arg pass-through to oauth4webapi
+            // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
             { headers });
         }
         catch (e) {

package/dist/Token.d.ts

@@ -1,5 +1,5 @@
-import * as client from 'openid-client';
-interface TokenResponse extends client.TokenEndpointResponse {
+import * as OpenIDClient from 'openid-client';
+interface TokenResponse extends OpenIDClient.TokenEndpointResponse {
     [key: string]: any;
 }
 export declare class Token implements TokenResponse {
@@ -12,7 +12,7 @@ export declare class Token implements TokenResponse {
     readonly id_token?: string;
     readonly expires_in?: number;
     private constructor();
-    static fromResponse(response?: client.TokenEndpointResponse): Token | undefined;
+    static fromResponse(response?: OpenIDClient.TokenEndpointResponse): Token | undefined;
     hasExpired(): boolean;
 }
 export {};

package/dist/index.d.ts

@@ -1,4 +1,8 @@
+import { Client } from './Client.js';
+export { Client } from './Client.js';
 export { FileStorage } from './FileStorage.js';
 export { Token } from './Token.js';
-export { TokenManager } from './TokenManager.js';
 export { TokenStorage } from './TokenStorage.js';
+export { 
+/** @deprecated use Client */
+Client as TokenManager };

package/dist/index.js

@@ -1,3 +1,7 @@
+import { Client } from './Client.js';
+export { Client } from './Client.js';
 export { FileStorage } from './FileStorage.js';
 export { Token } from './Token.js';
-export { TokenManager } from './TokenManager.js';
+export { 
+/** @deprecated use Client */
+Client as TokenManager };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oauth2-cli",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "Acquire API access tokens via OAuth 2.0 within CLI tools",
   "homepage": "https://github.com/battis/oauth2-cli/tree/main/packages/oauth2-cli#readme",
   "repository": {
@@ -19,7 +19,7 @@
     "async-mutex": "^0.5.0",
     "express": "^4.21.2",
     "open": "^10.1.0",
-    "openid-client": "^6.1.7",
+    "openid-client": "^6.3.3",
     "@battis/oauth2-configure": "0.1.1"
   },
   "devDependencies": {
@@ -29,7 +29,7 @@
     "commit-and-tag-version": "^12.5.0",
     "del-cli": "^6.0.0",
     "npm-run-all": "^4.1.5",
-    "typescript": "^5.7.2"
+    "typescript": "^5.8.2"
   },
   "peerDependencies": {
     "ejs": "*"

package/src/{TokenManager.ts → Client.ts}

@@ -1,6 +1,6 @@
 import * as Configuration from '@battis/oauth2-configure';
 import { Mutex } from 'async-mutex';
-import * as client from 'openid-client';
+import * as OpenIDClient from 'openid-client';
 import { FileStorage } from './FileStorage.js';
 import * as Localhost from './Localhost.js';
 import { Token } from './Token.js';
@@ -13,8 +13,10 @@ export type Options = Configuration.Options & {
   store?: TokenStorage | string;
 };
 
-export class TokenManager {
+export class Client {
   private tokenMutex = new Mutex();
+  private config?: OpenIDClient.Configuration;
+  private token?: Token;
   private store?: TokenStorage;
 
   public constructor(private options: Options) {
@@ -30,11 +32,16 @@ export class TokenManager {
   public async getToken() {
     return await this.tokenMutex.runExclusive(
       (async () => {
-        let token = await this.store?.load();
-        if (token?.hasExpired()) {
-          token = await this.refreshToken(token);
+        if (!this.token) {
+          this.token = await this.store?.load();
         }
-        return token || (await this.authorize());
+        if (this.token?.hasExpired()) {
+          this.token = await this.refreshToken(this.token);
+        }
+        if (!this.token) {
+          this.token = await this.authorize();
+        }
+        return this.token;
       }).bind(this)
     );
   }
@@ -45,11 +52,11 @@ export class TokenManager {
       let freshTokens;
       if (
         (freshTokens = Token.fromResponse(
-          await client.refreshTokenGrant(
+          await OpenIDClient.refreshTokenGrant(
             await Configuration.acquire(this.options),
             token.refresh_token,
             parameters,
-            // @ts-ignore FIXME undocumented arg pass-through to oauth4webapi
+            // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
             { headers }
           )
         ))
@@ -60,6 +67,13 @@ export class TokenManager {
     return this.authorize();
   }
 
+  private async getConfiguration() {
+    if (!this.config) {
+      this.config = await Configuration.acquire(this.options);
+    }
+    return this.config;
+  }
+
   private async authorize(): Promise<Token | undefined> {
     const {
       scope,
@@ -68,10 +82,9 @@ export class TokenManager {
     } = this.options;
 
     return new Promise(async (resolve, reject) => {
-      const configuration = await Configuration.acquire(this.options);
-      const code_verifier = client.randomPKCECodeVerifier();
+      const code_verifier = OpenIDClient.randomPKCECodeVerifier();
       const code_challenge =
-        await client.calculatePKCECodeChallenge(code_verifier);
+        await OpenIDClient.calculatePKCECodeChallenge(code_verifier);
       let state: string | undefined = undefined;
       const parameters: Record<string, string> = {
         ...additionalParameters,
@@ -83,28 +96,58 @@ export class TokenManager {
       if (scope) {
         parameters.scope = scope;
       }
-      if (!configuration.serverMetadata().supportsPKCE()) {
-        state = client.randomState();
+      if (!(await this.getConfiguration()).serverMetadata().supportsPKCE()) {
+        state = OpenIDClient.randomState();
         parameters.state = state;
       }
 
       await Localhost.redirectServer({
         ...this.options,
-        authorization_url: client.buildAuthorizationUrl(
-          configuration,
+        authorization_url: OpenIDClient.buildAuthorizationUrl(
+          await this.getConfiguration(),
           parameters
         ).href,
         code_verifier,
         state,
-        resolve: (async (response: client.TokenEndpointResponse) => {
-          const token = Token.fromResponse(response);
-          if (token && this.store) {
-            await this.store.save(token);
+        resolve: (async (response?: OpenIDClient.TokenEndpointResponse) => {
+          this.token = Token.fromResponse(response);
+          if (this.token && this.store) {
+            await this.store.save(this.token);
           }
-          resolve(token);
+          resolve(this.token);
         }).bind(this),
         reject
       });
     });
   }
+
+  public async request(
+    url: URL | string,
+    method: string = 'GET',
+    body?: OpenIDClient.FetchBody,
+    headers?: Record<string, string>,
+    options?: OpenIDClient.DPoPOptions
+  ) {
+    return await OpenIDClient.fetchProtectedResource(
+      await this.getConfiguration(),
+      (await this.getToken())!.access_token,
+      new URL(url),
+      method,
+      body,
+      new Headers({ ...this.options.headers, ...headers }),
+      options
+    );
+  }
+
+  public async requestJSON(
+    url: URL | string,
+    method: string = 'GET',
+    body?: OpenIDClient.FetchBody,
+    headers?: Record<string, string>,
+    options?: OpenIDClient.DPoPOptions
+  ) {
+    return await (
+      await this.request(url, method, body, headers, options)
+    ).json();
+  }
 }

package/src/Localhost.ts

@@ -3,7 +3,7 @@ import express from 'express';
 import fs from 'node:fs';
 import path from 'node:path';
 import open from 'open';
-import * as client from 'openid-client';
+import * as OpenIDClient from 'openid-client';
 
 type Options = Configuration.Options & {
   authorization_url: string;
@@ -11,8 +11,8 @@ type Options = Configuration.Options & {
   headers?: Record<string, string>;
   code_verifier?: string;
   state?: string;
-  resolve: Function;
-  reject: Function;
+  resolve: (tokens?: OpenIDClient.TokenEndpointResponse) => void;
+  reject: (error: unknown) => void;
   views?: string;
 };
 
@@ -36,11 +36,11 @@ export async function redirectServer(options: Options) {
   const server = app.listen(port);
   const ejs = await import('ejs');
   let view = 'complete.ejs';
-  let tokens: client.TokenEndpointResponse | undefined = undefined;
-  let error: any = undefined;
+  let tokens: OpenIDClient.TokenEndpointResponse | undefined = undefined;
+  let error: unknown = undefined;
 
   app.get('/authorize', async (req, res) => {
-    let viewPath = path.resolve(import.meta.dirname, views, 'authorize');
+    const viewPath = path.resolve(import.meta.dirname, views, 'authorize');
     if (ejs && fs.existsSync(viewPath)) {
       res.send(await ejs.renderFile(viewPath));
     } else {
@@ -50,14 +50,14 @@ export async function redirectServer(options: Options) {
   app.get(redirectUrl.pathname, async (req, res) => {
     try {
       const currentUrl = new URL(req.originalUrl, redirect_uri);
-      tokens = await client.authorizationCodeGrant(
+      tokens = await OpenIDClient.authorizationCodeGrant(
         configuration,
         currentUrl,
         {
           pkceCodeVerifier: code_verifier,
           expectedState: state
         },
-        // @ts-ignore FIXME undocumented arg pass-through to oauth4webapi
+        // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
         { headers }
       );
     } catch (e) {

package/src/Token.ts

@@ -1,6 +1,6 @@
-import * as client from 'openid-client';
+import * as OpenIDClient from 'openid-client';
 
-interface TokenResponse extends client.TokenEndpointResponse {
+interface TokenResponse extends OpenIDClient.TokenEndpointResponse {
   [key: string]: any;
 }
 
@@ -14,14 +14,14 @@ export class Token implements TokenResponse {
   public readonly id_token?: string;
   public readonly expires_in?: number;
 
-  private constructor(response: client.TokenEndpointResponse) {
+  private constructor(response: OpenIDClient.TokenEndpointResponse) {
     this.access_token = response.access_token;
     this.token_type = response.token_type;
     this.timestamp = response.timestamp;
     Object.assign(this, response);
   }
 
-  public static fromResponse(response?: client.TokenEndpointResponse) {
+  public static fromResponse(response?: OpenIDClient.TokenEndpointResponse) {
     if (response) {
       return new Token({ timestamp: Date.now(), ...response });
     }

package/src/index.ts

@@ -1,4 +1,11 @@
+import { Client } from './Client.js';
+
+export { Client } from './Client.js';
 export { FileStorage } from './FileStorage.js';
 export { Token } from './Token.js';
-export { TokenManager } from './TokenManager.js';
 export { TokenStorage } from './TokenStorage.js';
+
+export {
+  /** @deprecated use Client */
+  Client as TokenManager
+};

package/views/error.ejs

@@ -3,7 +3,7 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>Authorization Complete</title>
+    <title>Authorization Error</title>
     <link
       href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
       rel="stylesheet"
@@ -30,7 +30,7 @@
   <body>
     <div class="wrapper">
       <div class="center container">
-        <h1>Error Authorizing</h1>
+        <h1>Authorization Error</h1>
         <div class="alert alert-danger" role="alert">
           <% if (typeof error === 'string') { %><%= error %><<% } else { %>
           <pre><%= JSON.stringify(error,null,2) %></pre>

package/dist/TokenManager.js

@@ -1,79 +0,0 @@
-import * as Configuration from '@battis/oauth2-configure';
-import { Mutex } from 'async-mutex';
-import * as client from 'openid-client';
-import { FileStorage } from './FileStorage.js';
-import * as Localhost from './Localhost.js';
-import { Token } from './Token.js';
-export class TokenManager {
-    options;
-    tokenMutex = new Mutex();
-    store;
-    constructor(options) {
-        this.options = options;
-        if (this.options.store) {
-            if (typeof this.options.store === 'string') {
-                this.store = new FileStorage(this.options.store);
-            }
-            else {
-                this.store = this.options.store;
-            }
-        }
-    }
-    async getToken() {
-        return await this.tokenMutex.runExclusive((async () => {
-            let token = await this.store?.load();
-            if (token?.hasExpired()) {
-                token = await this.refreshToken(token);
-            }
-            return token || (await this.authorize());
-        }).bind(this));
-    }
-    async refreshToken(token) {
-        if (token.refresh_token) {
-            const { headers, parameters } = this.options;
-            let freshTokens;
-            if ((freshTokens = Token.fromResponse(await client.refreshTokenGrant(await Configuration.acquire(this.options), token.refresh_token, parameters, 
-            // @ts-ignore FIXME undocumented arg pass-through to oauth4webapi
-            { headers })))) {
-                return this.store?.save(freshTokens) || freshTokens;
-            }
-        }
-        return this.authorize();
-    }
-    async authorize() {
-        const { scope, redirect_uri, parameters: additionalParameters } = this.options;
-        return new Promise(async (resolve, reject) => {
-            const configuration = await Configuration.acquire(this.options);
-            const code_verifier = client.randomPKCECodeVerifier();
-            const code_challenge = await client.calculatePKCECodeChallenge(code_verifier);
-            let state = undefined;
-            const parameters = {
-                ...additionalParameters,
-                redirect_uri,
-                code_challenge,
-                code_challenge_method: 'S256' // TODO make code challenge method configurable?
-            };
-            if (scope) {
-                parameters.scope = scope;
-            }
-            if (!configuration.serverMetadata().supportsPKCE()) {
-                state = client.randomState();
-                parameters.state = state;
-            }
-            await Localhost.redirectServer({
-                ...this.options,
-                authorization_url: client.buildAuthorizationUrl(configuration, parameters).href,
-                code_verifier,
-                state,
-                resolve: (async (response) => {
-                    const token = Token.fromResponse(response);
-                    if (token && this.store) {
-                        await this.store.save(token);
-                    }
-                    resolve(token);
-                }).bind(this),
-                reject
-            });
-        });
-    }
-}