mirror of
https://github.com/mountain-loop/yaak.git
synced 2026-02-22 23:57:57 +01:00
88 lines
2.9 KiB
TypeScript
88 lines
2.9 KiB
TypeScript
import { readFileSync } from 'node:fs';
|
|
import type { Context, HttpRequest, HttpUrlParameter } from '@yaakapp/api';
|
|
import type { AccessTokenRawResponse } from './store';
|
|
|
|
export async function fetchAccessToken(
|
|
ctx: Context,
|
|
args: {
|
|
clientId: string;
|
|
grantType: string;
|
|
accessTokenUrl: string;
|
|
scope: string | null;
|
|
audience: string | null;
|
|
params: HttpUrlParameter[];
|
|
} & ({ clientAssertion: string } | { clientSecret: string; credentialsInBody: boolean }),
|
|
): Promise<AccessTokenRawResponse> {
|
|
const { clientId, grantType, accessTokenUrl, scope, audience, params } = args;
|
|
console.log('[oauth2] Getting access token', accessTokenUrl);
|
|
const httpRequest: Partial<HttpRequest> = {
|
|
method: 'POST',
|
|
url: accessTokenUrl,
|
|
bodyType: 'application/x-www-form-urlencoded',
|
|
body: {
|
|
form: [{ name: 'grant_type', value: grantType }, ...params],
|
|
},
|
|
headers: [
|
|
{ name: 'User-Agent', value: 'yaak' },
|
|
{
|
|
name: 'Accept',
|
|
value: 'application/x-www-form-urlencoded, application/json',
|
|
},
|
|
{ name: 'Content-Type', value: 'application/x-www-form-urlencoded' },
|
|
],
|
|
};
|
|
|
|
if (scope) httpRequest.body?.form.push({ name: 'scope', value: scope });
|
|
if (audience) httpRequest.body?.form.push({ name: 'audience', value: audience });
|
|
|
|
if ('clientAssertion' in args) {
|
|
httpRequest.body?.form.push({ name: 'client_id', value: clientId });
|
|
httpRequest.body?.form.push({
|
|
name: 'client_assertion_type',
|
|
value: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
|
|
});
|
|
httpRequest.body?.form.push({
|
|
name: 'client_assertion',
|
|
value: args.clientAssertion,
|
|
});
|
|
} else if (args.credentialsInBody) {
|
|
httpRequest.body?.form.push({ name: 'client_id', value: clientId });
|
|
httpRequest.body?.form.push({
|
|
name: 'client_secret',
|
|
value: args.clientSecret,
|
|
});
|
|
} else {
|
|
const value = `Basic ${Buffer.from(`${clientId}:${args.clientSecret}`).toString('base64')}`;
|
|
httpRequest.headers?.push({ name: 'Authorization', value });
|
|
}
|
|
|
|
httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
|
|
const resp = await ctx.httpRequest.send({ httpRequest });
|
|
|
|
console.log('[oauth2] Got access token response', resp.status);
|
|
|
|
if (resp.error) {
|
|
throw new Error(`Failed to fetch access token: ${resp.error}`);
|
|
}
|
|
|
|
const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
|
|
|
|
if (resp.status < 200 || resp.status >= 300) {
|
|
throw new Error(`Failed to fetch access token with status=${resp.status} and body=${body}`);
|
|
}
|
|
|
|
// biome-ignore lint/suspicious/noExplicitAny: none
|
|
let response: any;
|
|
try {
|
|
response = JSON.parse(body);
|
|
} catch {
|
|
response = Object.fromEntries(new URLSearchParams(body));
|
|
}
|
|
|
|
if (response.error) {
|
|
throw new Error(`Failed to fetch access token with ${response.error}`);
|
|
}
|
|
|
|
return response;
|
|
}
|