oauth2-cli 0.2.0 → 0.2.2

package/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [0.2.2](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.2.1...oauth2-cli/0.2.2) (2025-12-23)
+
+## [0.2.1](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.2.0...oauth2-cli/0.2.1) (2025-09-11)
+
+
+### Bug Fixes
+
+* update dependencies to address transient openid-client config error ([f0ca9a8](https://github.com/battis/oauth2-cli/commit/f0ca9a8d2bb4551b80a49e48aa43df5ba66a5a9b))
+
 ## [0.2.0](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.1.6...oauth2-cli/0.2.0) (2025-03-09)
 
 ### Features

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oauth2-cli",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Acquire API access tokens via OAuth 2.0 within CLI tools",
   "homepage": "https://github.com/battis/oauth2-cli/tree/main/packages/oauth2-cli#readme",
   "repository": {
@@ -17,19 +17,19 @@
   "types": "./dist/index.d.ts",
   "dependencies": {
     "async-mutex": "^0.5.0",
-    "express": "^4.21.2",
-    "open": "^10.1.0",
-    "openid-client": "^6.3.3",
-    "@battis/oauth2-configure": "0.1.2"
+    "express": "^5.2.1",
+    "open": "^11.0.0",
+    "openid-client": "^6.8.1",
+    "@battis/oauth2-configure": "0.1.3"
   },
   "devDependencies": {
-    "@tsconfig/node20": "^20.1.4",
+    "@tsconfig/node20": "^20.1.8",
     "@types/ejs": "^3.1.5",
-    "@types/express": "^5.0.0",
-    "commit-and-tag-version": "^12.5.0",
+    "@types/express": "^5.0.6",
+    "commit-and-tag-version": "^12.6.1",
     "del-cli": "^6.0.0",
     "npm-run-all": "^4.1.5",
-    "typescript": "^5.8.2"
+    "typescript": "^5.9.3"
   },
   "peerDependencies": {
     "ejs": "*"

package/.versionrc.json

@@ -1,5 +0,0 @@
-{
-  "path": ".",
-  "tag-prefix": "oauth2-cli/",
-  "releaseCommitMessageFormat": "chore(oauth2-cli): oauth2-cli@{{currentTag}}"
-}

package/src/Client.ts

@@ -1,154 +0,0 @@
-import * as Configuration from '@battis/oauth2-configure';
-import { Mutex } from 'async-mutex';
-import * as OpenIDClient from 'openid-client';
-import { FileStorage } from './FileStorage.js';
-import * as Localhost from './Localhost.js';
-import { Token } from './Token.js';
-import { TokenStorage } from './TokenStorage.js';
-
-export type Options = Configuration.Options & {
-  scope?: string;
-  headers?: Record<string, string>;
-  parameters?: Record<string, string>;
-  store?: TokenStorage | string;
-};
-
-export class Client {
-  private tokenMutex = new Mutex();
-  private config?: OpenIDClient.Configuration;
-  private token?: Token;
-  private store?: TokenStorage;
-
-  public constructor(private options: Options) {
-    if (this.options.store) {
-      if (typeof this.options.store === 'string') {
-        this.store = new FileStorage(this.options.store);
-      } else {
-        this.store = this.options.store;
-      }
-    }
-  }
-
-  public async getToken() {
-    return await this.tokenMutex.runExclusive(
-      (async () => {
-        if (!this.token) {
-          this.token = await this.store?.load();
-        }
-        if (this.token?.hasExpired()) {
-          this.token = await this.refreshToken(this.token);
-        }
-        if (!this.token) {
-          this.token = await this.authorize();
-        }
-        return this.token;
-      }).bind(this)
-    );
-  }
-
-  private async refreshToken(token: Token): Promise<Token | undefined> {
-    if (token.refresh_token) {
-      const { headers, parameters } = this.options;
-      let freshTokens;
-      if (
-        (freshTokens = Token.fromResponse(
-          await OpenIDClient.refreshTokenGrant(
-            await Configuration.acquire(this.options),
-            token.refresh_token,
-            parameters,
-            // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
-            { headers }
-          ),
-          token.refresh_token
-        ))
-      ) {
-        return this.store?.save(freshTokens) || freshTokens;
-      }
-    }
-    return this.authorize();
-  }
-
-  private async getConfiguration() {
-    if (!this.config) {
-      this.config = await Configuration.acquire(this.options);
-    }
-    return this.config;
-  }
-
-  private async authorize(): Promise<Token | undefined> {
-    const {
-      scope,
-      redirect_uri,
-      parameters: additionalParameters
-    } = this.options;
-
-    return new Promise(async (resolve, reject) => {
-      const code_verifier = OpenIDClient.randomPKCECodeVerifier();
-      const code_challenge =
-        await OpenIDClient.calculatePKCECodeChallenge(code_verifier);
-      let state: string | undefined = undefined;
-      const parameters: Record<string, string> = {
-        ...additionalParameters,
-        redirect_uri,
-        code_challenge,
-        code_challenge_method: 'S256' // TODO make code challenge method configurable?
-      };
-
-      if (scope) {
-        parameters.scope = scope;
-      }
-      if (!(await this.getConfiguration()).serverMetadata().supportsPKCE()) {
-        state = OpenIDClient.randomState();
-        parameters.state = state;
-      }
-
-      await Localhost.redirectServer({
-        ...this.options,
-        authorization_url: OpenIDClient.buildAuthorizationUrl(
-          await this.getConfiguration(),
-          parameters
-        ).href,
-        code_verifier,
-        state,
-        resolve: (async (response?: OpenIDClient.TokenEndpointResponse) => {
-          this.token = Token.fromResponse(response);
-          if (this.token && this.store) {
-            await this.store.save(this.token);
-          }
-          resolve(this.token);
-        }).bind(this),
-        reject
-      });
-    });
-  }
-
-  public async request(
-    url: URL | string,
-    method: string = 'GET',
-    body?: OpenIDClient.FetchBody,
-    headers?: Record<string, string>,
-    options?: OpenIDClient.DPoPOptions
-  ) {
-    return await OpenIDClient.fetchProtectedResource(
-      await this.getConfiguration(),
-      (await this.getToken())!.access_token,
-      new URL(url),
-      method,
-      body,
-      new Headers({ ...this.options.headers, ...headers }),
-      options
-    );
-  }
-
-  public async requestJSON(
-    url: URL | string,
-    method: string = 'GET',
-    body?: OpenIDClient.FetchBody,
-    headers?: Record<string, string>,
-    options?: OpenIDClient.DPoPOptions
-  ) {
-    return await (
-      await this.request(url, method, body, headers, options)
-    ).json();
-  }
-}

package/src/FileStorage.ts

@@ -1,40 +0,0 @@
-import { Mutex } from 'async-mutex';
-import fs from 'node:fs';
-import path from 'node:path';
-import { Token } from './Token.js';
-import { TokenStorage } from './TokenStorage.js';
-
-export class FileStorage implements TokenStorage {
-  private fileLock = new Mutex();
-  private readonly filePath: string;
-
-  public constructor(filePath: string) {
-    this.filePath = path.resolve(process.cwd(), filePath);
-  }
-
-  public async load() {
-    return await this.fileLock.runExclusive(
-      (async () => {
-        if (fs.existsSync(this.filePath)) {
-          return Token.fromResponse(
-            JSON.parse(fs.readFileSync(this.filePath).toString())
-          );
-        }
-        return undefined;
-      }).bind(this)
-    );
-  }
-
-  public async save(tokens: Token) {
-    await this.fileLock.runExclusive(
-      (async () => {
-        const dirPath = path.dirname(this.filePath);
-        if (!fs.existsSync(dirPath)) {
-          fs.mkdirSync(dirPath, { recursive: true });
-        }
-        fs.writeFileSync(this.filePath, JSON.stringify(tokens));
-      }).bind(this)
-    );
-    return tokens;
-  }
-}

package/src/Localhost.ts

@@ -1,119 +0,0 @@
-import * as Configuration from '@battis/oauth2-configure';
-import express from 'express';
-import fs from 'node:fs';
-import path from 'node:path';
-import open from 'open';
-import * as OpenIDClient from 'openid-client';
-
-const ejs = await import('ejs');
-
-const portRegistry: (number | string)[] = [];
-
-type Options = Configuration.Options & {
-  authorization_url: string;
-  redirect_uri: string;
-  headers?: Record<string, string>;
-  code_verifier?: string;
-  state?: string;
-  resolve: (tokens?: OpenIDClient.TokenEndpointResponse) => void;
-  reject: (error: unknown) => void;
-  views?: string;
-};
-
-export async function redirectServer(options: Options) {
-  const {
-    authorization_url,
-    redirect_uri,
-    code_verifier,
-    state,
-    headers,
-    resolve,
-    reject,
-    views = '../views'
-  } = options;
-  const redirectUrl = new URL(redirect_uri);
-
-  const configuration = await Configuration.acquire(options);
-
-  const app = express();
-  const port = redirectUrl.port !== '' ? redirectUrl.port : 80;
-  const server = app.listen(port);
-  let view = 'complete.ejs';
-  let tokens: OpenIDClient.TokenEndpointResponse | undefined = undefined;
-  let error: unknown = undefined;
-
-  /*
-   * FIXME Multiple clients with `redirect_uri` on the same localhost port
-   *   This seems to be some sort of an issue with Express (or node http?) in
-   *   which, despite a fresh invocation of express() for each redirect
-   *   listener, every listener subsequent to the first _on the same port_
-   *   retains the original routing stack of the first listener on that port.
-   *   I have tried:
-   *     - Setting a manual delay (up to 10 seconds) between the receipt of
-   *       the token and resolving it to allow the server to close.
-   *     - Using a mutex semaphore to ensure that no two instances of
-   *       Localhost are running simultaneously
-   *     - Separating the routing into a separate Router middleware
-   *     - Manually removing the routing stack (which does, at least, break
-   *       the routing of the subsequent instances, supporting the idea that
-   *       the app is getting reused by Express)
-   */
-  if (portRegistry.includes(port)) {
-    throw new Error(
-      `Multiple OAuth clients are attempting to redirect to port ${port}. This will result in failure. Please reconfigure your credentials so that each client is redirecting to a distinct port on http://localhost (e.g. 3000, 3001, 3002)`
-    );
-  } else {
-    portRegistry.push(port);
-  }
-
-  app.get('/authorize', async (req, res) => {
-    const viewPath = path.resolve(import.meta.dirname, views, 'authorize');
-    if (ejs && fs.existsSync(viewPath)) {
-      res.send(await ejs.renderFile(viewPath));
-    } else {
-      res.redirect(authorization_url);
-    }
-  });
-  app.get(redirectUrl.pathname, async (req, res) => {
-    try {
-      const currentUrl = new URL(req.originalUrl, redirect_uri);
-      tokens = await OpenIDClient.authorizationCodeGrant(
-        configuration,
-        currentUrl,
-        {
-          pkceCodeVerifier: code_verifier,
-          expectedState: state
-        },
-        // @ts-expect-error 2322 undocumented arg pass-through to oauth4webapi
-        { headers }
-      );
-    } catch (e) {
-      error = e;
-      view = 'error.ejs';
-    }
-    if (!tokens && !error) {
-      error = 'No tokens received in response to authorization code';
-    }
-    if (ejs) {
-      res.send(
-        await ejs.renderFile(path.resolve(import.meta.dirname, views, view), {
-          tokens,
-          error
-        })
-      );
-    } else {
-      res.send(error || 'You may close this window.');
-    }
-    server.close();
-    if (error) {
-      reject(error);
-    } else {
-      resolve(tokens);
-    }
-  });
-  app.get('*', (_, res) => {
-    res.status(404).send();
-  });
-
-  open(`http://localhost:${port}/authorize`);
-}

package/src/Token.ts

@@ -1,40 +0,0 @@
-import * as OpenIDClient from 'openid-client';
-
-interface TokenResponse extends OpenIDClient.TokenEndpointResponse {
-  [key: string]: any;
-}
-
-export class Token implements TokenResponse {
-  public readonly access_token: string;
-  public readonly token_type: Lowercase<string>;
-  public readonly timestamp?: any;
-  public readonly refresh_token?: string;
-  public readonly refresh_token_expires_in?: number;
-  public readonly scope?: string;
-  public readonly id_token?: string;
-  public readonly expires_in?: number;
-
-  private constructor(response: OpenIDClient.TokenEndpointResponse) {
-    this.access_token = response.access_token;
-    this.token_type = response.token_type;
-    this.timestamp = response.timestamp;
-    Object.assign(this, response);
-  }
-
-  public static fromResponse(
-    response?: OpenIDClient.TokenEndpointResponse,
-    refresh_token?: string
-  ) {
-    if (response) {
-      return new Token({ refresh_token, timestamp: Date.now(), ...response });
-    }
-    return undefined;
-  }
-
-  public hasExpired() {
-    return (
-      this.expires_in === undefined ||
-      Date.now() > this.timestamp + this.expires_in
-    );
-  }
-}

package/src/TokenStorage.ts

@@ -1,6 +0,0 @@
-import { Token } from './Token.js';
-
-export interface TokenStorage {
-  load(): Promise<Token | undefined>;
-  save(tokens: Token): Promise<Token>;
-}

package/src/index.ts

@@ -1,11 +0,0 @@
-import { Client } from './Client.js';
-
-export { Client, Options as Credentials } from './Client.js';
-export { FileStorage } from './FileStorage.js';
-export { Token } from './Token.js';
-export { TokenStorage } from './TokenStorage.js';
-
-export {
-  /** @deprecated use Client */
-  Client as TokenManager
-};

package/tsconfig.json

@@ -1,8 +0,0 @@
-{
-  "extends": "@tsconfig/node20/tsconfig.json",
-  "compilerOptions": {
-    "outDir": "./dist",
-    "declaration": true
-  },
-  "include": ["./src"]
-}