fix(oauth): add client_id to exchangeCodeForToken + extend unit tests#12
Merged
Conversation
- Add client_id param to api_token grant in exchangeCodeForToken() to align with PHP SDK (RFC 6749 §4.4 / platform-specific requirement) - Add 14 new tests to upsun-client.test.ts covering: middleware retry logic (401/non-401/double-retry/bearer-only), getUserId caching, getToken bearer/throw paths, authenticate success/no-key, cloneHeaders (undefined/Headers/array/object) - Add 1 new test + update 1 existing test in oauth2-client.test.ts: assert client_id present in api_token grant body; add refresh-token missing guard coverage 618 unit tests passing, 0 failures Coverage: oauth-provider.ts 100%, upsun.ts 100%/96% branches
Upsun SDK checker reportDisplay raw output |
flovntp
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Align Node.js SDK with PHP SDK on the
api_tokengrant request and extend unit test coverage.Bug fix —
client_idmissing fromexchangeCodeForToken()The PHP SDK sends
client_idin both theapi_tokenandrefresh_tokengrants. The Node.js SDK was only sending it inrefresh_token. This addsclient_idto theURLSearchParamsof theapi_tokengrant insrc/core/oauth-provider.ts.Unit tests extended
tests/unit/core/oauth2-client.test.ts(+2 changes):client_idis present in theapi_tokengrant bodyrefreshAccessTokenthrows'No refresh token available'when called without a stored refresh token (covers the defensive guard on line 121)tests/unit/upsun-client.test.ts(+14 new tests):createAuthRetryMiddleware: non-401 pass-through, 401 triggersforceRefresh()+ retry,__upsunRetrydouble-retry guard, bearer-only mode (nothis.auth)getUserId: fetches and caches user IDgetToken: bearer path returns token, throws when no auth method availableauthenticate: throws without API key, returnstrueon successcloneHeaders: handlesundefined,Headersinstance, array pairs, plain objectCoverage
src/core/oauth-provider.tssrc/upsun.ts*96% branches:
init || {}defensive fallback on line 312 — unreachable through the generated API stack, acceptable.618 unit tests passing, 0 failures.