Merge remote-tracking branch 'origin/release/1.2'

.vscode/settings.json

@@ -1,2 +1,5 @@
 {
+    "cSpell.words": [
+        "dtos"
+    ]
 }

CHANGELOG.md

@@ -6,6 +6,9 @@ This is the changelog for [Authress SDK](readme.md).
 * Add EdDSA support for `tokenVerifier()` class
 * Set the service client authorization request type to be `oauth-authz-req+jwt`
 * Handle malformed baseUrls in `httpClient`.
+* Allow specifying the authress custom domain for service client machine to machine authentication.
+* Add `users.getUser(userId)` api method.
+* Add `connections` API to the SDK.
 
 ## 1.1 ##
 * Migrated to Github Actions

README.md

@@ -30,14 +30,14 @@ const authressClient = new AuthressClient({ baseUrl: 'https://DOMAIN.api-REGION.
 
 // on api route
 [route('/resources/<resourceId>')]
-function getResource(resourceId) {
+async function getResource(resourceId) {
   // Get the user token and pass it to authress
   const authorizationToken = request.headers.get('authorization');
   authressClient.setToken(authorizationToken);
 
   // Check Authress to authorize the user
   try {
-    authressClient.userPermissions.authorizeUser(userId, `resources/${resourceId}`, 'READ');
+    await authressClient.userPermissions.authorizeUser(userId, `resources/${resourceId}`, 'READ');
   } catch (error) {
     // Will throw except if the user is not authorized to read the resource
     if (error.status === 404) {
@@ -64,10 +64,10 @@ const authressClient = new AuthressClient({ baseUrl: 'https://DOMAIN.api-REGION.
 
 // on api route
 [route('/resources/<resourceId>')]
-function getResource(resourceId) {
+async function getResource(resourceId) {
   // Check Authress to authorize the user
   try {
-    authressClient.userPermissions.authorizeUser(userId, `resources/${resourceId}`, 'READ');
+    await authressClient.userPermissions.authorizeUser(userId, `resources/${resourceId}`, 'READ');
   } catch (error) {
     // Will throw except if the user is not authorized to read the resource
     if (error.status === 404) {
@@ -113,3 +113,31 @@ try {
   return { statusCode: 401 };
 }
 ```
+
+#### Make direct API requests
+Authress supports extended functionality via the REST api, in specific cases it helps to make these direct calls. Each API call requires a URL and an access token. In the case you want use the access token for the user, directly pass it as the `bearer` in the `Authorization` header:
+```js
+const response = await client.get(url, { 'Authorization': `Bearer: ${userAccessToken}` });
+```
+
+In the case you want to make a request using the service client's secret key, use the `serviceClientTokenProvider` you've already configured:
+```js
+// Standard library configuration:
+const { AuthressClient, ServiceClientTokenProvider } = require('authress-sdk');
+const accessToken = 'eyJrZXlJ....';
+const serviceClientTokenProvider = new ServiceClientTokenProvider(accessToken);
+const authressClient = new AuthressClient({ baseUrl: 'https://DOMAIN.api-REGION.authress.io' }, serviceClientTokenProvider);
+
+// Get a temporary token and use it:
+const temporaryServiceClientAccessToken = await serviceClientTokenProvider.getToken();
+const response = await client.get(url, { 'Authorization': `Bearer: ${temporaryServiceClientAccessToken}` });
+```
+
+## Contributions
+
+### Adding new DTO and methods
+Auto generate the new code using this openapi generator, and merge the files into the appropriate locations:
+```bash
+curl -XPOST https://generator3.swagger.io/api/generate -H 'content-type: application/json' -d '{"specURL" : "https://api.authress.io/.well-known/openapi.json","lang" : "typescript-fetch","type" : "CLIENT","codegenVersion" : "V3"}'  --output generated_sdk.tar.gz
+
+```

index.d.ts

@@ -1,20 +1,20 @@
+/* eslint-disable node/no-missing-import */
 /* eslint-disable @typescript-eslint/no-empty-interface */
 /* eslint-disable no-shadow */
 
-export interface AuthressSettings {
-  //** Authress baseUrl => API Host: https://authress.io/app/#/api?route=overview */
-  baseUrl: string;
-}
+import { Response } from './src/response';
 
-export interface Response<ResponseType> {
-  /** Response data object on successful request */
-  data: ResponseType;
+import { ConnectionsApi } from './src/connections/api';
+export * from './src/connections/api';
+export * from './src/connections/dtos';
 
-  /** Response headers */
-  headers: Record<string, string>;
+import { TenantsApi } from './src/tenants/api';
+export * from './src/tenants/api';
+export * from './src/tenants/dtos';
 
-  /** HTTP response status code for success responses */
-  status: number;
+export interface AuthressSettings {
+  //** Authress baseUrl => API Host: https://authress.io/app/#/api?route=overview */
+  baseUrl: string;
 }
 
 /**
@@ -1185,35 +1185,6 @@ export interface RolesApi {
   createRole(body: Role): Promise<Response<Role>>;
 }
 
-/**
- * The user credentials for this connection which can be used to access the connection provider APIs.
- * @export
- * @interface UserConnectionCredentials
- */
-export interface UserConnectionCredentials {
-  /**
-   * The access token.
-   * @type {string}
-   * @memberof UserConnectionCredentials
-   */
-  accessToken: string;
-}
-
-/**
- * ConnectionsApi
- * @export
- */
-export interface ConnectionsApi {
-  /**
-   * Get the credentials for the user that were generated as part of the latest user login flow. Returns an access token that can be used with originating connection provider, based on the original scopes and approved permissions by that service.
-   * @summary Get the user credentials for this connection.
-   * @param {string} connectionId The connection to get the stored credentials.
-   * @param {string} [userId] The user to get the stored credentials, if not specified will automatically be populated by the token specified in the request to Authress.
-   * @throws {ArgumentRequiredError}
-   */
-   getConnectionCredentials(connectionId: string, userId?: string): Promise<Response<UserConnectionCredentials>>;
-}
-
 /**
  * ServiceClientsApi
  * @export
@@ -1336,6 +1307,20 @@ export interface UserPermissionsApi {
   requestUserToken(userId?: string, body: TokenRequest): Promise<Response<UserToken>>;
 }
 
+/**
+ * UsersApi
+ * @export
+ */
+export interface UsersApi {
+  /**
+   * Get an Authress user
+   * @summary Retrieve a user with user data.
+   * @param {string} [userId] The user te get.
+   * @throws {ArgumentRequiredError}
+   */
+  getUser(userId: string): Promise<Response<User>>;
+}
+
 /**
  * AuthressClient
  * @export
@@ -1369,6 +1354,12 @@ export class AuthressClient {
    */
   userPermissions: UserPermissionsApi;
 
+  /**
+   * @summary The Users api
+   * @type {UsersApi}
+   */
+  users: UsersApi;
+
   /**
    * @summary The Resources api
    * @type {ResourcesApi}
@@ -1393,6 +1384,12 @@ export class AuthressClient {
    */
   connections: ConnectionsApi;
 
+  /**
+   * @summary The Tenants api
+   * @type {TenantsApi}
+   */
+  tenants: TenantsApi;
+
   /**
    * @summary Set the users token here, so that requests made with this Authress Client will have the user's permissions
    * @type {Function<void>}
@@ -1411,9 +1408,10 @@ export class ServiceClientTokenProvider {
    * @constructor
    * @summary Create an instance of the service client token provider. Used to call the Authress API, when the user's token does not contain the necessary permissions.
    * @param {string} accessKey The service client access key, can be generated from https://authress.io/app/#/manage?focus=clients
+   * @param {string} authressCustomDomain The custom domain specified in your account under domain settings. What should my url be? => https://authress.io/app/#/setup?focus=domain
    */
   // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
-  constructor(accessKey: string);
+  constructor(accessKey: string, authressCustomDomain: string);
 
   /**
    * @summary Generate a token from this token provider. In most cases should only be used by this library itself

index.js

@@ -1,11 +1,13 @@
 const httpClient = require('./src/httpClient');
 const AccessRecordsApi = require('./src/accessRecordsApi');
 const UserPermissionsApi = require('./src/userPermissionsApi');
+const UsersApi = require('./src/usersApi');
 const ServiceClientsApi = require('./src/serviceClientsApi');
 const ResourcesApi = require('./src/resourcesApi');
 const AccountsApi = require('./src/accountsApi');
 const RolesApi = require('./src/rolesApi');
 const ConnectionsApi = require('./src/connectionsApi');
+const TenantsApi = require('./src/tenantsApi');
 
 class AuthressClient {
   constructor(settings, tokenProvider) {
@@ -16,10 +18,12 @@ class AuthressClient {
     this.accessRecords = new AccessRecordsApi(this.httpClient);
     this.serviceClients = new ServiceClientsApi(this.httpClient);
     this.userPermissions = new UserPermissionsApi(this.httpClient);
+    this.users = new UsersApi(this.httpClient);
     this.resources = new ResourcesApi(this.httpClient);
     this.accounts = new AccountsApi(this.httpClient);
     this.roles = new RolesApi(this.httpClient);
     this.connections = new ConnectionsApi(this.httpClient);
+    this.tenants = new TenantsApi(this.httpClient);
   }
 
   setToken(token) {

package.json

@@ -25,11 +25,12 @@
     "check-dts": "^0.4.4",
     "ci-build-tools": "^1.0.13",
     "commander": "^4.0.1",
-    "eslint": "^8.3.0",
+    "eslint": "^8.14.0",
     "eslint-config-cimpress-atsquad": "^1.0.67",
     "eslint-plugin-import": "^2.20.2",
     "eslint-plugin-mocha": "^7.0.1",
     "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-promise": "^6.0.0",
     "fs-extra": "^8.1.0",
     "glob": "^7.1.6",
     "mocha": "^9.2.0",

src/connections/api.ts

@@ -0,0 +1,58 @@
+/* eslint-disable node/no-missing-import */
+import { Response } from '../response';
+import { Connection, UserConnectionCredentials, ConnectionCollection } from './dtos';
+
+/**
+ * ConnectionsApi
+ * @export
+ */
+export interface ConnectionsApi {
+  /**
+   * Specify identity connection details for Authress identity aggregation.
+   * @summary Create SSO connection
+   * @param {Connection} body
+   * @throws {RequiredError}
+   */
+  createConnection(body: Connection): Promise<Response<Connection>>;
+
+  /**
+   * Delete an identity connection details for Authress identity aggregation.
+   * @summary Delete SSO connection
+   * @param {string} connectionId The connection identifier.
+   * @throws {RequiredError}
+   */
+  deleteConnection(connectionId: string): Promise<Response<void>>;
+
+  /**
+  * Specify identity connection details for Authress identity aggregation.
+  * @summary Update SSO connection
+  * @param {Connection} body
+  * @param {string} connectionId The connection identifier.
+  * @throws {RequiredError}
+  */
+  updateConnection(connectionId: string, body: Connection): Promise<Response<Connection>>;
+
+  /**
+   * Get the identity connection details for Authress identity aggregation.
+   * @summary Retrieve SSO connection
+   * @param {string} connectionId The connection identifier.
+   * @throws {RequiredError}
+   */
+  getConnection(connectionId: string): Promise<Response<Connection>>;
+
+  /**
+   * Returns a paginated connection list for the account. Only connections the user has access to are returned.
+   * @summary List SSO connections
+   * @throws {RequiredError}
+   */
+  getConnections(): Promise<Response<ConnectionCollection>>;
+
+  /**
+   * Get the credentials for the user that were generated as part of the latest user login flow. Returns an access token that can be used with originating connection provider, based on the original scopes and approved permissions by that service.
+   * @summary Get the user credentials for this connection.
+   * @param {string} connectionId The connection to get the stored credentials.
+   * @param {string} [userId] The user to get the stored credentials, if not specified will automatically be populated by the token specified in the request to Authress.
+   * @throws {ArgumentRequiredError}
+   */
+   getConnectionCredentials(connectionId: string, userId?: string): Promise<Response<UserConnectionCredentials>>;
+}