PyPI - salesforce-data-customcode - Versions diffs - 0.1.18__tar.gz → 0.1.19__tar.gz - Mend

salesforce-data-customcode 0.1.18tar.gz → 0.1.19tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

{salesforce_data_customcode-0.1.18 → salesforce_data_customcode-0.1.19}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: salesforce-data-customcode
-Version: 0.1.18
+Version: 0.1.19
 Summary: Data Cloud Custom Code SDK
 License-Expression: Apache-2.0
 License-File: LICENSE.txt
@@ -238,7 +238,7 @@ Instead of using `datacustomcode configure`, you can also set credentials via en
 |----------|-------------|
 | `SFDC_CLIENT_SECRET` | External Client App Client Secret |
 | `SFDC_REFRESH_TOKEN` | OAuth refresh token |
-| `SFDC_CORE_TOKEN` | (Optional) OAuth core/access token |
+| `SFDC_ACCESS_TOKEN` | (Optional) OAuth core/access token |
 Example usage:
 ```bash
@@ -391,68 +391,7 @@ You now have all fields necessary for the `datacustomcode configure` command.
 ### Obtaining Refresh Token and Core Token
-If you're using OAuth Tokens authentication (instead of Username/Password), follow these steps to obtain your refresh token and core token (access token).
-#### Step 1: Note External Client App Details
-From your External Client App, note down the following:
-- **Client ID**
-- **Client Secret**
-- **Callback URL** (e.g., `http://localhost:55555/callback`)
-#### Step 2: Obtain Authorization Code
-1. Open a browser and navigate to the following URL (replace placeholders with your values):
-   ```
-   <LOGIN_URL>/services/oauth2/authorize?response_type=code&client_id=<CLIENT_ID>&redirect_uri=<CALLBACK_URL>
-   ```
-2. After authenticating, you'll be redirected to your callback URL. The redirected URL will be in the form:
-   ```
-   <CALLBACK_URL>?code=<CODE>
-   ```
-3. Extract the `<CODE>` from the address bar. If the address bar doesn't show it, check the **Network tab** in your browser's developer tools.
-#### Step 3: Exchange Code for Tokens
-Make a POST request to exchange the authorization code for tokens. You can use `curl` or Postman:
-```bash
-curl --location --request POST '<LOGIN_URL>/services/oauth2/token' \
-  --header 'Content-Type: application/x-www-form-urlencoded' \
-  --data-urlencode 'grant_type=authorization_code' \
-  --data-urlencode 'code=<CODE>' \
-  --data-urlencode 'client_id=<CLIENT_ID>' \
-  --data-urlencode 'client_secret=<CLIENT_SECRET>' \
-  --data-urlencode 'redirect_uri=<CALLBACK_URL>'
-```
-The response will be a JSON object containing:
-```json
-{
-  "access_token": "<access_token>",
-  "refresh_token": "<refresh_token>",
-  "signature": "<signature>",
-  "scope": "refresh_token cdp_query_api api cdp_profile_api cdp_api full",
-  "id_token": "<id_token>",
-  "instance_url": "https://your-instance.my.salesforce.com",
-  "id": "https://login.salesforce.com/id/00DSB.../005SB...",
-  "token_type": "Bearer",
-  "issued_at": "1767743916187"
-}
-```
-The key fields you need are:
-| Field | Description |
-|-------|-------------|
-| `access_token` | The **core token** (also called access token) |
-| `refresh_token` | The **refresh token** for obtaining new access tokens |
-| `instance_url` | Your Salesforce instance URL |
-Use the `refresh_token` value when running `datacustomcode configure` with OAuth Tokens authentication.
+If you're using OAuth Tokens authentication, the initial configure will retrieve and store tokens. Run `datacustomcode auth` to refresh these when they expire.
 ## Other docs

{salesforce_data_customcode-0.1.18 → salesforce_data_customcode-0.1.19}/README.md RENAMED Viewed

@@ -214,7 +214,7 @@ Instead of using `datacustomcode configure`, you can also set credentials via en
 |----------|-------------|
 | `SFDC_CLIENT_SECRET` | External Client App Client Secret |
 | `SFDC_REFRESH_TOKEN` | OAuth refresh token |
-| `SFDC_CORE_TOKEN` | (Optional) OAuth core/access token |
+| `SFDC_ACCESS_TOKEN` | (Optional) OAuth core/access token |
 Example usage:
 ```bash
@@ -367,68 +367,7 @@ You now have all fields necessary for the `datacustomcode configure` command.
 ### Obtaining Refresh Token and Core Token
-If you're using OAuth Tokens authentication (instead of Username/Password), follow these steps to obtain your refresh token and core token (access token).
-#### Step 1: Note External Client App Details
-From your External Client App, note down the following:
-- **Client ID**
-- **Client Secret**
-- **Callback URL** (e.g., `http://localhost:55555/callback`)
-#### Step 2: Obtain Authorization Code
-1. Open a browser and navigate to the following URL (replace placeholders with your values):
-   ```
-   <LOGIN_URL>/services/oauth2/authorize?response_type=code&client_id=<CLIENT_ID>&redirect_uri=<CALLBACK_URL>
-   ```
-2. After authenticating, you'll be redirected to your callback URL. The redirected URL will be in the form:
-   ```
-   <CALLBACK_URL>?code=<CODE>
-   ```
-3. Extract the `<CODE>` from the address bar. If the address bar doesn't show it, check the **Network tab** in your browser's developer tools.
-#### Step 3: Exchange Code for Tokens
-Make a POST request to exchange the authorization code for tokens. You can use `curl` or Postman:
-```bash
-curl --location --request POST '<LOGIN_URL>/services/oauth2/token' \
-  --header 'Content-Type: application/x-www-form-urlencoded' \
-  --data-urlencode 'grant_type=authorization_code' \
-  --data-urlencode 'code=<CODE>' \
-  --data-urlencode 'client_id=<CLIENT_ID>' \
-  --data-urlencode 'client_secret=<CLIENT_SECRET>' \
-  --data-urlencode 'redirect_uri=<CALLBACK_URL>'
-```
-The response will be a JSON object containing:
-```json
-{
-  "access_token": "<access_token>",
-  "refresh_token": "<refresh_token>",
-  "signature": "<signature>",
-  "scope": "refresh_token cdp_query_api api cdp_profile_api cdp_api full",
-  "id_token": "<id_token>",
-  "instance_url": "https://your-instance.my.salesforce.com",
-  "id": "https://login.salesforce.com/id/00DSB.../005SB...",
-  "token_type": "Bearer",
-  "issued_at": "1767743916187"
-}
-```
-The key fields you need are:
-| Field | Description |
-|-------|-------------|
-| `access_token` | The **core token** (also called access token) |
-| `refresh_token` | The **refresh token** for obtaining new access tokens |
-| `instance_url` | Your Salesforce instance URL |
-Use the `refresh_token` value when running `datacustomcode configure` with OAuth Tokens authentication.
+If you're using OAuth Tokens authentication, the initial configure will retrieve and store tokens. Run `datacustomcode auth` to refresh these when they expire.
 ## Other docs

{salesforce_data_customcode-0.1.18 → salesforce_data_customcode-0.1.19}/pyproject.toml RENAMED Viewed

@@ -18,7 +18,7 @@ license = "Apache-2.0"
 name = "salesforce-data-customcode"
 readme = "README.md"
 requires-python = ">=3.10,<3.12"
-version = "0.1.18"
+version = "0.1.19"
 [tool.black]
 exclude = '''

salesforce_data_customcode-0.1.19/src/datacustomcode/auth.py ADDED Viewed

@@ -0,0 +1,257 @@
+# Copyright (c) 2025, Salesforce, Inc.
+# SPDX-License-Identifier: Apache-2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import http.server
+import queue
+import socketserver
+import threading
+import time
+from typing import Any
+from urllib.parse import parse_qs, urlparse
+import webbrowser
+import click
+import requests
+class OAuthCallbackHandler(http.server.SimpleHTTPRequestHandler):
+    """HTTP request handler to capture OAuth callback."""
+    def __init__(self, *args, auth_code_queue=None, **kwargs):
+        self.auth_code_queue = auth_code_queue
+        super().__init__(*args, **kwargs)
+    def do_GET(self):
+        """Handle GET request from OAuth callback."""
+        parsed_path = urlparse(self.path)
+        query_params = parse_qs(parsed_path.query)
+        if "code" in query_params:
+            auth_code = query_params["code"][0]
+            self.auth_code_queue.put(auth_code)
+            self.send_response(200)
+            self.send_header("Content-type", "text/html")
+            self.end_headers()
+            self.wfile.write(
+                b"<html><body><h1>Authentication successful!</h1>"
+                b"<p>You can close this window and return to the terminal.</p>"
+                b"</body></html>"
+            )
+        elif "error" in query_params:
+            error = query_params["error"][0]
+            error_description = query_params.get("error_description", [""])[0]
+            self.auth_code_queue.put(f"ERROR:{error}:{error_description}")
+            self.send_response(400)
+            self.send_header("Content-type", "text/html")
+            self.end_headers()
+            self.wfile.write(
+                f"<html><body><h1>Authentication failed</h1>"
+                f"<p>Error: {error}</p>"
+                f"<p>{error_description}</p></body></html>".encode()
+            )
+        else:
+            self.send_response(400)
+            self.send_header("Content-type", "text/html")
+            self.end_headers()
+            self.wfile.write(b"<html><body><h1>Invalid callback</h1></body></html>")
+    def log_message(self, format, *args):
+        """Suppress default logging."""
+def _run_oauth_callback_server(
+    redirect_uri: str, auth_code_queue: "queue.Queue[str]"
+) -> tuple[socketserver.TCPServer, int]:
+    """Start a local HTTP server to catch OAuth callback.
+    Args:
+        redirect_uri: The redirect URI configured in the OAuth app
+        auth_code_queue: Queue to put the authorization code in
+    Returns:
+        Tuple of (server instance, actual port number)
+    """
+    parsed_uri = urlparse(redirect_uri)
+    host = parsed_uri.hostname
+    port = parsed_uri.port
+    if not host or not port:
+        raise ValueError(f"Invalid redirect URI: {redirect_uri}")
+    # Create a custom handler factory
+    def handler_factory(*args, **kwargs):
+        return OAuthCallbackHandler(*args, auth_code_queue=auth_code_queue, **kwargs)
+    server = socketserver.TCPServer((host, port), handler_factory)
+    server.allow_reuse_address = True
+    def serve():
+        server.serve_forever()
+    server_thread = threading.Thread(target=serve, daemon=True)
+    server_thread.start()
+    # Wait a moment for server to start
+    time.sleep(0.5)
+    return server, port
+def _exchange_code_for_tokens(
+    login_url: str,
+    client_id: str,
+    client_secret: str,
+    redirect_uri: str,
+    auth_code: str,
+) -> Any:
+    """Exchange authorization code for access and refresh tokens.
+    Args:
+        login_url: Salesforce login URL
+        client_id: OAuth client ID
+        client_secret: OAuth client secret
+        redirect_uri: Redirect URI used in authorization
+        auth_code: Authorization code from callback
+    Returns:
+        Dictionary containing access_token and refresh_token
+    Raises:
+        click.ClickException: If token exchange fails
+    """
+    token_url = f"{login_url.rstrip('/')}/services/oauth2/token"
+    data = {
+        "grant_type": "authorization_code",
+        "code": auth_code,
+        "client_id": client_id,
+        "client_secret": client_secret,
+        "redirect_uri": redirect_uri,
+    }
+    try:
+        response = requests.post(token_url, data=data, timeout=30)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.RequestException as e:
+        raise click.ClickException(
+            f"Failed to exchange authorization code for tokens: {e}"
+        ) from e
+def do_oauth_browser_flow(
+    login_url: str, client_id: str, client_secret: str, redirect_uri: str
+) -> tuple[str, str]:
+    """Perform OAuth browser flow to obtain tokens.
+    Args:
+        login_url: Salesforce login URL
+        client_id: OAuth client ID
+        client_secret: OAuth client secret
+        redirect_uri: Redirect URI configured in OAuth app
+    Returns:
+        Tuple of (refresh_token, access_token)
+    Raises:
+        click.ClickException: If OAuth flow fails
+    """
+    # Create queue for communication between server and main thread
+    auth_code_queue: queue.Queue[str] = queue.Queue()
+    # Start callback server
+    click.echo(f"\nStarting local callback server on {redirect_uri}...")
+    server, actual_port = _run_oauth_callback_server(redirect_uri, auth_code_queue)
+    # Build authorization URL with final redirect_uri
+    auth_url = (
+        f"{login_url.rstrip('/')}/services/oauth2/authorize"
+        f"?response_type=code"
+        f"&client_id={client_id}"
+        f"&redirect_uri={redirect_uri}"
+    )
+    # Open browser
+    click.echo("Opening browser for authentication...")
+    click.echo(f"If the browser doesn't open automatically, visit:\n{auth_url}\n")
+    webbrowser.open(auth_url)
+    # Wait for callback (with timeout)
+    click.echo("Waiting for authentication...")
+    try:
+        result = auth_code_queue.get(timeout=60)  # 1 minute timeout
+    except queue.Empty:
+        server.shutdown()
+        raise click.ClickException(
+            "Authentication timeout. Please try again."
+        ) from None
+    # Shutdown server
+    server.shutdown()
+    # Check for errors
+    if result.startswith("ERROR:"):
+        _, error, error_description = result.split(":", 2)
+        raise click.ClickException(f"OAuth error: {error}. {error_description}")
+    auth_code = result
+    # Exchange code for tokens
+    click.echo("Exchanging authorization code for tokens...")
+    token_response = _exchange_code_for_tokens(
+        login_url, client_id, client_secret, redirect_uri, auth_code
+    )
+    refresh_token = token_response.get("refresh_token")
+    access_token = token_response.get("access_token")
+    if not refresh_token:
+        raise click.ClickException(
+            "No refresh_token in response. Please check your OAuth app configuration."
+        )
+    return refresh_token, access_token
+def configure_oauth_tokens(
+    login_url: str,
+    client_id: str,
+    client_secret: str,
+    redirect_uri: str,
+    profile: str,
+) -> None:
+    """Configure credentials for OAuth Tokens authentication."""
+    from datacustomcode.credentials import AuthType, Credentials
+    # Perform OAuth browser flow
+    try:
+        refresh_token, access_token = do_oauth_browser_flow(
+            login_url, client_id, client_secret, redirect_uri
+        )
+    except click.ClickException as e:
+        click.secho(f"Error: {e}", fg="red")
+        raise click.Abort() from None
+    credentials = Credentials(
+        login_url=login_url,
+        client_id=client_id,
+        auth_type=AuthType.OAUTH_TOKENS,
+        client_secret=client_secret,
+        refresh_token=refresh_token,
+        access_token=access_token,
+        redirect_uri=redirect_uri,
+    )
+    credentials.update_ini(profile=profile)
+    click.secho(
+        f"OAuth Tokens credentials saved to profile '{profile}' successfully",
+        fg="green",
+    )

{salesforce_data_customcode-0.1.18 → salesforce_data_customcode-0.1.19}/src/datacustomcode/cli.py RENAMED Viewed

@@ -21,6 +21,8 @@ from typing import List, Union
 import click
 from loguru import logger
+from datacustomcode import AuthType
+from datacustomcode.auth import configure_oauth_tokens
 from datacustomcode.scan import find_base_directory, get_package_type
@@ -45,37 +47,6 @@ def version():
         click.echo("Version information not available")
-def _configure_oauth_tokens(
-    login_url: str,
-    client_id: str,
-    profile: str,
-) -> None:
-    """Configure credentials for OAuth Tokens authentication."""
-    from datacustomcode.credentials import AuthType, Credentials
-    client_secret = click.prompt("Client Secret")
-    refresh_token = click.prompt("Refresh Token")
-    core_token = click.prompt(
-        "Core Token (optional, press Enter to skip)",
-        default="",
-        show_default=False,
-    )
-    credentials = Credentials(
-        login_url=login_url,
-        client_id=client_id,
-        auth_type=AuthType.OAUTH_TOKENS,
-        client_secret=client_secret,
-        refresh_token=refresh_token,
-        core_token=core_token if core_token else None,
-    )
-    credentials.update_ini(profile=profile)
-    click.secho(
-        f"OAuth Tokens credentials saved to profile '{profile}' successfully",
-        fg="green",
-    )
 def _configure_client_credentials(
     login_url: str,
     client_id: str,
@@ -123,11 +94,37 @@ def configure(profile: str, auth_type: str) -> None:
     # Route to appropriate handler based on auth type
     if auth_type == AuthType.OAUTH_TOKENS.value:
-        _configure_oauth_tokens(login_url, client_id, profile)
+        client_secret = click.prompt("Client Secret", hide_input=True)
+        redirect_uri = click.prompt("Redirect URI")
+        configure_oauth_tokens(
+            login_url, client_id, client_secret, redirect_uri, profile
+        )
     elif auth_type == AuthType.CLIENT_CREDENTIALS.value:
         _configure_client_credentials(login_url, client_id, profile)
+@cli.command()
+@click.option("--profile", default="default", help="Credential profile name")
+def auth(profile: str):
+    from datacustomcode.credentials import Credentials
+    credentials = Credentials.from_available(profile=profile)
+    if not credentials.redirect_uri:
+        click.secho(
+            "Error: Redirect URI is required for OAuth Tokens authentication",
+            fg="red",
+        )
+        raise click.Abort()
+    if credentials.auth_type == AuthType.OAUTH_TOKENS:
+        configure_oauth_tokens(
+            login_url=credentials.login_url,
+            client_id=credentials.client_id,
+            client_secret=credentials.client_secret,
+            redirect_uri=credentials.redirect_uri,
+            profile=profile,
+        )
 @cli.command()
 @click.argument("path", default="payload")
 @click.option("--network", default="default")

{salesforce_data_customcode-0.1.18 → salesforce_data_customcode-0.1.19}/src/datacustomcode/credentials.py RENAMED Viewed

@@ -32,23 +32,6 @@ class AuthType(str, Enum):
     CLIENT_CREDENTIALS = "client_credentials"
-# Environment variable mappings for each auth type
-ENV_CREDENTIALS_COMMON = {
-    "login_url": "SFDC_LOGIN_URL",
-    "client_id": "SFDC_CLIENT_ID",
-}
-ENV_CREDENTIALS_OAUTH_TOKENS = {
-    "client_secret": "SFDC_CLIENT_SECRET",
-    "refresh_token": "SFDC_REFRESH_TOKEN",
-    "core_token": "SFDC_CORE_TOKEN",
-}
-ENV_CREDENTIALS_CLIENT_CREDENTIALS = {
-    "client_secret": "SFDC_CLIENT_SECRET",
-}
 @dataclass
 class Credentials:
     """Flexible credentials supporting multiple authentication methods.
@@ -61,14 +44,13 @@ class Credentials:
     # Required for all auth types
     login_url: str
     client_id: str
+    client_secret: str
     auth_type: AuthType = field(default=AuthType.OAUTH_TOKENS)
-    # Common field
-    client_secret: Optional[str] = None
     # OAuth Tokens flow fields
-    core_token: Optional[str] = None
+    access_token: Optional[str] = None
     refresh_token: Optional[str] = None
+    redirect_uri: Optional[str] = None
     def __post_init__(self):
         """Validate credentials based on auth_type."""
@@ -135,10 +117,11 @@ class Credentials:
             login_url=section["login_url"],
             client_id=section["client_id"],
             auth_type=auth_type,
-            client_secret=section.get("client_secret"),
+            client_secret=section["client_secret"],
             # OAuth Tokens fields
-            core_token=section.get("core_token"),
+            access_token=section.get("access_token"),
             refresh_token=section.get("refresh_token"),
+            redirect_uri=section.get("redirect_uri"),
         )
     @classmethod
@@ -154,7 +137,7 @@ class Credentials:
             For oauth_tokens (default):
                 SFDC_CLIENT_SECRET: External Client App client secret
                 SFDC_REFRESH_TOKEN: OAuth refresh token
-                SFDC_CORE_TOKEN: OAuth core/access token (optional)
+                SFDC_ACCESS_TOKEN: OAuth access token (optional)
         Returns:
             Credentials instance loaded from environment variables
@@ -185,10 +168,11 @@ class Credentials:
             login_url=login_url,
             client_id=client_id,
             auth_type=auth_type,
-            client_secret=os.environ.get("SFDC_CLIENT_SECRET"),
+            client_secret=os.environ["SFDC_CLIENT_SECRET"],
             # OAuth Tokens fields
-            core_token=os.environ.get("SFDC_CORE_TOKEN"),
+            access_token=os.environ.get("SFDC_ACCESS_TOKEN"),
             refresh_token=os.environ.get("SFDC_REFRESH_TOKEN"),
+            redirect_uri=os.environ.get("SFDC_REDIRECT_URI"),
         )
     @classmethod
@@ -245,24 +229,36 @@ class Credentials:
         config[profile]["auth_type"] = self.auth_type.value
         config[profile]["login_url"] = self.login_url
         config[profile]["client_id"] = self.client_id
+        config[profile]["client_secret"] = self.client_secret
         # Save fields based on auth type
         if self.auth_type == AuthType.OAUTH_TOKENS:
-            config[profile]["client_secret"] = self.client_secret or ""
             config[profile]["refresh_token"] = self.refresh_token or ""
-            if self.core_token:
-                config[profile]["core_token"] = self.core_token
+            config[profile]["redirect_uri"] = self.redirect_uri or ""
+            if self.access_token:
+                config[profile]["access_token"] = self.access_token
             # Remove fields from other auth types
             for key in ["username", "password"]:
                 config[profile].pop(key, None)
         elif self.auth_type == AuthType.CLIENT_CREDENTIALS:
-            config[profile]["client_secret"] = self.client_secret or ""
             # Remove fields from other auth types
-            for key in ["username", "password", "refresh_token", "core_token"]:
+            for key in [
+                "username",
+                "password",
+                "refresh_token",
+                "access_token",
+                "redirect_uri",
+            ]:
                 config[profile].pop(key, None)
         with open(expanded_ini_file, "w") as f:
             config.write(f)
+        # Set secure file permissions (0o600 - readable/writable by owner only)
+        try:
+            os.chmod(expanded_ini_file, 0o600)
+        except OSError:
+            # Ignore errors if we can't set file permissions (e.g., on Windows)
+            pass
         logger.debug(f"Saved credentials to {expanded_ini_file} [{profile}]")