feat: support ims compatible api params + fixes (#7)

* feat: support ims compatible api params

* fix: cache key, imsEnv input and validation as first step

* fix: scopes must be an array

* chore: tests

Author: moritzraho

src/AuthErrors.js src/errors.jssrc/AuthErrors.js renamed to src/errors.js

@@ -40,6 +40,8 @@ const E = ErrorWrapper(
 // Error codes
 E('IMS_TOKEN_ERROR', 'Error calling IMS to get access token: %s')
 E('MISSING_PARAMETERS', 'Missing required parameters: %s')
+E('BAD_CREDENTIALS_FORMAT', 'Credentials must be either an object or a stringified object')
+E('BAD_SCOPES_FORMAT', 'Scopes must be an array')
 E('GENERIC_ERROR', 'An unexpected error occurred: %s')
 
 export { codes, messages }

src/ims.js

@@ -9,7 +9,7 @@ OF ANY KIND, either express or implied. See the License for the specific languag
 governing permissions and limitations under the License.
 */
 
-import { codes } from './AuthErrors.js'
+import { codes } from './errors.js'
 
 /**
  * IMS Base URLs
@@ -21,36 +21,60 @@ const IMS_BASE_URL_STAGE = 'https://ims-na1-stg1.adobelogin.com'
  * Gets the IMS base URL based on the environment
  *
  * @private
- * @param {string} environment - The environment ('prod' or 'stage')
+ * @param {string} env - The environment ('prod' or 'stage')
  * @returns {string} The IMS base URL
  */
-function getImsUrl (environment) {
-  return environment === 'stage' ? IMS_BASE_URL_STAGE : IMS_BASE_URL_PROD
+function getImsUrl (env) {
+  return env === 'stage' ? IMS_BASE_URL_STAGE : IMS_BASE_URL_PROD
 }
 
 /**
  * Validates required parameters for client credentials flow
  *
  * @private
  * @param {object} params - Parameters to validate
- * @param {string} params.clientId - The client ID
- * @param {string} params.clientSecret - The client secret
- * @param {string} params.orgId - The organization ID
- * @param {string[]} params.scopes - Array of scopes
+ * @returns {object} Validated credentials object
  * @throws {Error} If any required parameters are missing
  */
-function validateClientCredentialsParams ({ clientId, clientSecret, orgId, scopes }) {
+export function getAndValidateCredentials (params) {
+  if (!(typeof params === 'object' && params !== null && !Array.isArray(params))) {
+    throw new codes.BAD_CREDENTIALS_FORMAT({
+      sdkDetails: { paramsType: typeof params }
+    })
+  }
+
+  if (params.scopes && !Array.isArray(params.scopes)) {
+    throw new codes.BAD_SCOPES_FORMAT({
+      sdkDetails: { scopesType: typeof params.scopes }
+    })
+  }
+
+  const credentials = {}
+  credentials.clientId = params.clientId || params.client_id
+  credentials.clientSecret = params.clientSecret || params.client_secret
+  credentials.orgId = params.orgId || params.org_id
+  credentials.scopes = params.scopes || []
+
+  const { clientId, clientSecret, orgId, scopes } = credentials
   const missingParams = []
-  if (!clientId) missingParams.push('clientId')
-  if (!clientSecret) missingParams.push('clientSecret')
-  if (!orgId) missingParams.push('orgId')
+  if (!clientId) {
+    missingParams.push('clientId')
+  }
+  if (!clientSecret) {
+    missingParams.push('clientSecret')
+  }
+  if (!orgId) {
+    missingParams.push('orgId')
+  }
 
   if (missingParams.length > 0) {
     throw new codes.MISSING_PARAMETERS({
       messageValues: missingParams.join(', '),
       sdkDetails: { clientId, orgId, scopes }
     })
   }
+
+  return credentials
 }
 
 /**
@@ -65,10 +89,8 @@ function validateClientCredentialsParams ({ clientId, clientSecret, orgId, scope
  * @returns {Promise<object>} Promise that resolves with the token response
  * @throws {Error} If there's an error getting the access token
  */
-export async function getAccessTokenByClientCredentials ({ clientId, clientSecret, orgId, scopes = [], environment = 'prod' }) {
-  validateClientCredentialsParams({ clientId, clientSecret, orgId, scopes })
-
-  const imsBaseUrl = getImsUrl(environment)
+export async function getAccessTokenByClientCredentials ({ clientId, clientSecret, orgId, scopes = [], env } ) {
+  const imsBaseUrl = getImsUrl(env)
 
   // Prepare form data using URLSearchParams (native Node.js)
   const formData = new URLSearchParams()

src/index.js

@@ -9,26 +9,28 @@ OF ANY KIND, either express or implied. See the License for the specific languag
 governing permissions and limitations under the License.
 */
 
-import { getAccessTokenByClientCredentials } from './ims.js'
+import { getAccessTokenByClientCredentials, getAndValidateCredentials } from './ims.js'
 import TTLCache from '@isaacs/ttlcache'
+import crypto from 'crypto'
 
 // Token cache with TTL
-// Opinionated for now, we could make it confiurable in the future if needed -mg
+// Opinionated for now, we could make it configurable in the future if needed -mg
 const tokenCache = new TTLCache({ ttl: 5 * 60 * 1000 }) // 5 minutes in milliseconds
 
 /**
  * Generates a cache key for token storage
  *
  * @private
- * @param {string} clientId - The client ID
- * @param {string} orgId - The organization ID
- * @param {string} environment - The environment
- * @param {string[]} scopes - Array of scopes
+ * @param {object} credentials - The credentials object
+ * @param {string} credentials.clientId - The client ID
+ * @param {string} credentials.orgId - The organization ID
+ * @param {string} credentials.env - The env
+ * @param {string[]} credentials.scopes - Array of scopes
  * @returns {string} The cache key
  */
-function getCacheKey (clientId, orgId, environment, scopes) {
+function getCacheKey ({clientId, orgId, env, scopes, clientSecret}) {
   const scopeKey = scopes.length > 0 ? scopes.sort().join(',') : 'none'
-  return `${clientId}:${orgId}:${environment}:${scopeKey}`
+  return crypto.createHash('sha1').update(`${clientId}:${orgId}:${scopeKey}:${clientSecret}:${env}`).digest('hex')
 }
 
 /**
@@ -48,20 +50,24 @@ export function invalidateCache () {
  * @param {string} params.clientSecret - The client secret
  * @param {string} params.orgId - The organization ID
  * @param {string[]} [params.scopes=[]] - Array of scopes to request
- * @param {string} [params.environment='prod'] - The IMS environment ('prod' or 'stage')
+ * @param {string} [imsEnv='prod'] - The IMS environment ('prod' or 'stage')
  * @returns {Promise<object>} Promise that resolves with the token response
  * @throws {Error} If there's an error getting the access token
  */
-export async function generateAccessToken ({ clientId, clientSecret, orgId, scopes = [], environment = 'prod' }) {
+export async function generateAccessToken (params, imsEnv = 'prod' ) {
+  const credentials = getAndValidateCredentials(params)
+
+  const credAndEnv = { ...credentials, env: imsEnv }
+
   // Check cache first
-  const cacheKey = getCacheKey(clientId, orgId, environment, scopes)
+  const cacheKey = getCacheKey(credAndEnv)
   const cachedToken = tokenCache.get(cacheKey)
   if (cachedToken) {
     return cachedToken
   }
 
   // Get token from IMS
-  const token = await getAccessTokenByClientCredentials({ clientId, clientSecret, orgId, scopes, environment })
+  const token = await getAccessTokenByClientCredentials(credAndEnv)
 
   // Cache the token
   tokenCache.set(cacheKey, token)

test/AuthErrors.test.js

@@ -10,7 +10,7 @@ governing permissions and limitations under the License.
 */
 
 import { describe, test, expect } from 'vitest'
-import { codes, messages } from '../src/AuthErrors.js'
+import { codes, messages } from '../src/errors.js'
 
 describe('AuthErrors', () => {
   test('codes object is defined', () => {