From 8c7cb688c30b8472b63d077e4c01061fe9d4a904 Mon Sep 17 00:00:00 2001
From: Warren Parad <wparad@gmail.com>
Date: Thu, 4 Nov 2021 20:24:22 +0100
Subject: [PATCH] Add connections api.

---
 index.d.ts            | 63 +++++++++++++++++++++++++++++++++----------
 index.js              |  2 ++
 src/connectionsApi.js | 28 +++++++++++++++++++
 3 files changed, 79 insertions(+), 14 deletions(-)
 create mode 100644 src/connectionsApi.js

diff --git a/index.d.ts b/index.d.ts
index c0d673b..c20ec6f 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -1149,6 +1149,35 @@ export interface RolesApi {
   createRole(body: Role): Promise<Response<Role>>;
 }
 
+/**
+ * The user credentials for this connection which can be used to access the connection provider APIs.
+ * @export
+ * @interface UserConnectionCredentials
+ */
+export interface UserConnectionCredentials {
+  /**
+   * The access token.
+   * @type {string}
+   * @memberof UserConnectionCredentials
+   */
+  accessToken: string;
+}
+
+/**
+ * ConnectionsApi
+ * @export
+ */
+export interface ConnectionsApi {
+  /**
+   * Get the credentials for the user that were generated as part of the latest user login flow. Returns an access token that can be used with originating connection provider, based on the original scopes and approved permissions by that service.
+   * @summary Get the user credentials for this connection.
+   * @param {string} connectionId The connection to get the stored credentials.
+   * @param {string} [userId] The user to get the stored credentials, if not specified will automatically be populated by the token specified in the request to Authress.
+   * @throws {ArgumentRequiredError}
+   */
+   getConnectionCredentials(connectionId: string, userId?: string): Promise<Response<UserConnectionCredentials>>;
+}
+
 /**
  * ServiceClientsApi
  * @export
@@ -1224,46 +1253,46 @@ export interface UserPermissionsApi {
   /**
    * <i class=\"far fa-money-bill-alt text-primary\"></i> <span class=\"text-primary\">Billable</span> Permanently disable a token. To be used after the token has completed its use. Should be called on all tokens to ensure they are not active indefinitely.
    * @summary Disable a token
-   * @param {string} userId The user to create an impersonation token for.
+   * @param {string} [userId] The user to create an impersonation token for.
    * @param {string} tokenId The relevant token identifier
    * @throws {ArgumentRequiredError}
    */
-  disableUserToken(userId: string, tokenId: string): Promise<Response<void>>;
+  disableUserToken(userId?: string, tokenId: string): Promise<Response<void>>;
   /**
    * <i class=\"far fa-money-bill-alt text-primary\"></i> <span class=\"text-primary\">Billable</span> Get a summary of the permissions a user has to a particular resource.
    * @summary Get the permissions a user has to a resource.
-   * @param {string} userId The user to check permissions on
+   * @param {string} [userId] The user to check permissions on
    * @param {string} resourceUri The uri path of a resource to validate, must be URL encoded, uri segments are allowed.
    * @throws {ArgumentRequiredError}
    */
-  getUserPermissionsForResource(userId: string, resourceUri: string): Promise<Response<UserPermissions>>;
+  getUserPermissionsForResource(userId?: string, resourceUri: string): Promise<Response<UserPermissions>>;
   /**
    * <i class="far fa-money-bill-alt text-primary"></i> <span class="text-primary">Billable</span> Get a summary of the roles a user has to a particular resource. Users can be assigned roles from multiple access records, this may cause the same role to appear in the list more than once.<br><span class="badge badge-outline-secondary">READ: Authress:UserPermissions/{userId}</span>
    * @summary Get the roles a user has to a resource.
-   * @param {string} userId The user to get roles for.
+   * @param {string} [userId] The user to get roles for.
    * @param {string} resourceUri The uri path of a resource to get roles for, must be URL encoded. Checks for explicit resource roles, roles attached to parent resources are not returned.
    * @throws {ArgumentRequiredError}
    */
-   getUserRolesForResource(userId: string, resourceUri: string): Promise<Response<UserRoleCollection>>;
+   getUserRolesForResource(userId?: string, resourceUri: string): Promise<Response<UserRoleCollection>>;
   /**
    * <i class=\"far fa-money-bill-alt text-primary\"></i> <span class=\"text-primary\">Billable</span> Get the users resources. Get the users resources. This result is a list of resource uris that a user has an explicit permission to, a user with * access to all sub resources will return an empty list and {accessToAllSubResources} will be populated. To get a user's list of resources in these cases, it is recommended to also check explicit access to the collection resource, using the authorizeUser endpoint. In the case that the user only has access to a subset of resources in a collection, the list will be paginated.
    * @summary Get the resources a user has to permission to.
-   * @param {string} userId The user to check permissions on
+   * @param {string} [userId] The user to check permissions on
    * @param {string} [resourceUri] The top level uri path of a resource to query for. Will only match explicit or collection resource sub-resources. Will not partial match resource names.
    * @param {number} [limit] Max number of results to return
    * @param {string} [cursor] Continuation cursor for paging (will automatically be set)
    * @param {string} [permission] A required ALLOW action to check for. Resources a user does not have this permission will not be returned.
    * @throws {ArgumentRequiredError}
    */
-  getUserResources(userId: string, resourceUri?: string, limit?: number, cursor?: string, permission?: string): Promise<Response<UserResources>>;
+  getUserResources(userId?: string, resourceUri?: string, limit?: number, cursor?: string, permission?: string): Promise<Response<UserResources>>;
   /**
    * <i class=\"far fa-money-bill-alt text-primary\"></i> <span class=\"text-primary\">Billable</span> Get an Authress signed JWT access token using with userId as the sub. Additionally, can be configured to limit the permissions for this particular token and the length of time the token is valid. Token validation is real-time, so deleted tokens are restricted from being used as soon as they are deleted. This gives full control to the user and client creating the token. Client must have access to impersonating the user in order to generate tokens on their behalf.
    * @summary Request a user token with additional configuration
-   * @param {string} userId The user to create an impersonation token for.
+   * @param {string} [userId] The user to create an impersonation token for.
    * @param {TokenRequest} body The contents of the permission to set on the token. Will be used instead of the users or clients full permissions. Cannot include permissions that the user or client do not have.
    * @throws {ArgumentRequiredError}
    */
-  requestUserToken(userId: string, body: TokenRequest): Promise<Response<UserToken>>;
+  requestUserToken(userId?: string, body: TokenRequest): Promise<Response<UserToken>>;
 }
 
 /**
@@ -1294,29 +1323,35 @@ export class AuthressClient {
   serviceClients: ServiceClientsApi;
 
   /**
-   * @summary The UserPermissionsApi api
+   * @summary The UserPermissions api
    * @type {UserPermissionsApi}
    */
   userPermissions: UserPermissionsApi;
 
   /**
-   * @summary The ResourcesApi api
+   * @summary The Resources api
    * @type {ResourcesApi}
    */
   resources: ResourcesApi;
 
   /**
-   * @summary The AccountsApi api
+   * @summary The Accounts api
    * @type {AccountsApi}
    */
   accounts: AccountsApi;
 
   /**
-   * @summary The RolesApi api
+   * @summary The Roles api
    * @type {RolesApi}
    */
   roles: RolesApi;
 
+  /**
+   * @summary The Connections api
+   * @type {ConnectionsApi}
+   */
+  connections: ConnectionsApi;
+
   /**
    * @summary Set the users token here, so that requests made with this Authress Client will have the user's permissions
    * @type {Function<void>}
diff --git a/index.js b/index.js
index 36aa991..a2d5c26 100644
--- a/index.js
+++ b/index.js
@@ -5,6 +5,7 @@ const ServiceClientsApi = require('./src/serviceClientsApi');
 const ResourcesApi = require('./src/resourcesApi');
 const AccountsApi = require('./src/accountsApi');
 const RolesApi = require('./src/rolesApi');
+const ConnectionsApi = require('./src/connectionsApi');
 
 class AuthressClient {
   constructor(settings, tokenProvider) {
@@ -18,6 +19,7 @@ class AuthressClient {
     this.resources = new ResourcesApi(this.httpClient);
     this.accounts = new AccountsApi(this.httpClient);
     this.roles = new RolesApi(this.httpClient);
+    this.connections = new ConnectionsApi(this.httpClient);
   }
 
   setToken(token) {
diff --git a/src/connectionsApi.js b/src/connectionsApi.js
new file mode 100644
index 0000000..8a8317f
--- /dev/null
+++ b/src/connectionsApi.js
@@ -0,0 +1,28 @@
+const ArgumentRequiredError = require('./argumentRequiredError');
+const jwtManager = require('./jwtManager');
+
+async function getFallbackUser(httpClient) {
+  const token = await httpClient.tokenProvider();
+  const decodedJwt = jwtManager.decode(token);
+  return decodedJwt.sub;
+}
+
+class ConnectionsApi {
+  constructor(client) {
+    this.client = client;
+  }
+
+  async getConnectionCredentials(connectionId, userId) {
+    if (!connectionId) {
+      throw new ArgumentRequiredError('connectionId', 'Required parameter connectionId was not specified when calling getRole.');
+    }
+
+    const requestUserId = userId || await getFallbackUser(this.client);
+
+    const url = `/v1/connections/${encodeURIComponent(String(connectionId))}/users/${encodeURIComponent(String(requestUserId))}/credentials`;
+    const response = await this.client.get(url);
+    return response;
+  }
+}
+
+module.exports = ConnectionsApi;