feat(EAV-243): add oauth token path option for a broader support

nrkno · Jun 17, 2024 · 76592f2 · 76592f2
1 parent e2ee7cf
commit 76592f2
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 11 deletions.
diff --git a/packages/timeline-state-resolver-types/src/generated/httpSend.ts b/packages/timeline-state-resolver-types/src/generated/httpSend.ts
@@ -16,6 +16,7 @@ export interface HTTPSendOptions {
 	resendTime?: number
 	makeReadyCommands?: HTTPSendCommandContent[]
 	oauthTokenHost?: string
+	oauthTokenPath?: string
 	oauthClientId?: string
 	oauthClientSecret?: string
 	oauthAudience?: string

diff --git a/packages/timeline-state-resolver/src/integrations/httpSend/$schemas/options.json b/packages/timeline-state-resolver/src/integrations/httpSend/$schemas/options.json
@@ -75,7 +75,12 @@
 		"oauthTokenHost": {
 			"type": "string",
 			"ui:title": "OAuth 2.0 Token Host",
-			"ui:description": "Base URL used to obtain access tokens. To use Client Credentials Flow, provide: OAuth 2.0 Token Host, OAuth 2.0 Client ID, OAuth 2.0 Client Secret, and optionally OAuth 2.0 Audience, to exchange them for a Bearer token that will be added to EVERY outgoing request made through this device"
+			"ui:description": "Base URL of the authorization server. To use Client Credentials Flow, provide: OAuth 2.0 Token Host, OAuth 2.0 Client ID, OAuth 2.0 Client Secret, and optionally: OAuth 2.0 Token Path, OAuth 2.0 Audience, to exchange the credentials for a Bearer token that will be added to EVERY outgoing request made through this device. Example: 'https://auth.example.com'"
+		},
+		"oauthTokenPath": {
+			"type": "string",
+			"ui:title": "OAuth 2.0 Token Path",
+			"ui:description": "Path of the Token endpoint. Example: '/oauth/token' (default)"
 		},
 		"oauthClientId": {
 			"type": "string",

diff --git a/packages/timeline-state-resolver/src/integrations/httpSend/AuthenticatedHTTPSendDevice.ts b/packages/timeline-state-resolver/src/integrations/httpSend/AuthenticatedHTTPSendDevice.ts
@@ -4,24 +4,28 @@ import { AccessToken, ClientCredentials } from 'simple-oauth2'
 
 const TOKEN_REQUEST_RETRY_TIMEOUT_MS = 1000
 const TOKEN_EXPIRATION_WINDOW_SEC = 60
+const DEFAULT_TOKEN_PATH = '/oauth/token'
+
 const enum AuthMethod {
 	BEARER_TOKEN,
 	CLIENT_CREDENTIALS,
 }
+type AuthOptions =
+	| {
+			method: AuthMethod.CLIENT_CREDENTIALS
+			clientId: string
+			clientSecret: string
+			tokenHost: string
+			tokenPath: string
+			audience?: string
+	  }
+	| { method: AuthMethod.BEARER_TOKEN; bearerToken: string }
+	| undefined
 
 export class AuthenticatedHTTPSendDevice extends HTTPSendDevice {
 	private tokenPromise: Promise<AccessToken> | undefined
 	private tokenRequestPending = false
-	private authOptions:
-		| {
-				method: AuthMethod.CLIENT_CREDENTIALS
-				clientId: string
-				clientSecret: string
-				tokenHost: string
-				audience?: string
-		  }
-		| { method: AuthMethod.BEARER_TOKEN; bearerToken: string }
-		| undefined
+	private authOptions: AuthOptions
 	private tokenRefreshTimeout: NodeJS.Timeout | undefined
 
 	async init(options: HTTPSendOptions): Promise<boolean> {
@@ -37,6 +41,7 @@ export class AuthenticatedHTTPSendDevice extends HTTPSendDevice {
 				clientSecret: options.oauthClientSecret,
 				audience: options.oauthAudience,
 				tokenHost: options.oauthTokenHost,
+				tokenPath: options.oauthTokenPath ?? DEFAULT_TOKEN_PATH,
 			}
 			this.requestAccessToken()
 		}
@@ -101,6 +106,7 @@ export class AuthenticatedHTTPSendDevice extends HTTPSendDevice {
 			},
 			auth: {
 				tokenHost: this.authOptions.tokenHost,
+				tokenPath: this.authOptions.tokenPath,
 			},
 		}).getToken({
 			audience: this.authOptions.audience,