UNPKG

@adobe/aio-commerce-lib-auth

Version:

Authentication utilities for Adobe Commerce apps deployed in Adobe App Builder.

github.com/adobe/aio-commerce-sdk

adobe/aio-commerce-sdk

100 lines (99 loc) 6.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/** * @license * * Copyright 2025 Adobe. All rights reserved. * This file is licensed to you under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. You may obtain a copy * of the License at http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software distributed under * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS * OF ANY KIND, either express or implied. See the License for the specific language * governing permissions and limitations under the License. */ var __create = Object.create, __defProp = Object.defineProperty, __getOwnPropDesc = Object.getOwnPropertyDescriptor, __getOwnPropNames = Object.getOwnPropertyNames, __getProtoOf = Object.getPrototypeOf, __hasOwnProp = Object.prototype.hasOwnProperty, __copyProps = (to, from, except, desc) => { if (from && typeof from == "object" || typeof from == "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) key = keys[i], !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: ((k) => from[k]).bind(null, key), enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); return to; }, __toESM = (mod, isNodeMode, target) => (target = mod == null ? {} : __create(__getProtoOf(mod)), __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: !0 }) : target, mod)); const __adobe_aio_commerce_lib_core_error = __toESM(require("@adobe/aio-commerce-lib-core/error")), __adobe_aio_lib_ims = __toESM(require("@adobe/aio-lib-ims")), valibot = __toESM(require("valibot")), crypto = __toESM(require("crypto")), oauth_1_0a = __toESM(require("oauth-1.0a")), imsAuthParameter = (name) => (0, valibot.pipe)((0, valibot.string)(`Expected a string value for the IMS auth parameter ${name}`), (0, valibot.nonEmpty)(`Expected a non-empty string value for the IMS auth parameter ${name}`)), stringArray = (name) => (0, valibot.pipe)((0, valibot.array)((0, valibot.string)(), `Expected a string array value for the IMS auth parameter ${name}`)), IMS_AUTH_ENV = { PROD: "prod", STAGE: "stage" }, ImsAuthEnvSchema = (0, valibot.enum)(IMS_AUTH_ENV), ImsAuthParamsSchema = (0, valibot.object)({ clientId: imsAuthParameter("clientId"), clientSecrets: (0, valibot.pipe)(stringArray("clientSecrets"), (0, valibot.minLength)(1, "Expected at least one client secret for IMS auth")), technicalAccountId: imsAuthParameter("technicalAccountId"), technicalAccountEmail: (0, valibot.pipe)((0, valibot.string)("Expected a string value for the IMS auth parameter technicalAccountEmail"), (0, valibot.email)("Expected a valid email format for technicalAccountEmail")), imsOrgId: imsAuthParameter("imsOrgId"), environment: (0, valibot.pipe)((0, valibot.optional)(ImsAuthEnvSchema, IMS_AUTH_ENV.PROD)), context: (0, valibot.pipe)((0, valibot.optional)((0, valibot.string)())), scopes: (0, valibot.pipe)(stringArray("scopes"), (0, valibot.minLength)(1, "Expected at least one scope for IMS auth")) }), { context, getToken } = __adobe_aio_lib_ims.default; function toImsAuthConfig(config) { return { scopes: config.scopes, env: config?.environment ?? "prod", context: config.context ?? "aio-commerce-lib-auth-creds", client_id: config.clientId, client_secrets: config.clientSecrets, technical_account_id: config.technicalAccountId, technical_account_email: config.technicalAccountEmail, ims_org_id: config.imsOrgId }; } function assertImsAuthParams(config) { let result = (0, valibot.safeParse)(ImsAuthParamsSchema, config); if (!result.success) throw new __adobe_aio_commerce_lib_core_error.CommerceSdkValidationError("Invalid ImsAuthProvider configuration", { issues: result.issues }); } function getImsAuthProvider(authParams) { let getAccessToken = async () => { let imsAuthConfig = toImsAuthConfig(authParams); return await context.set(imsAuthConfig.context, imsAuthConfig), getToken(imsAuthConfig.context, {}); }, getHeaders = async () => { let accessToken = await getAccessToken(); return { Authorization: `Bearer ${accessToken}`, "x-api-key": authParams.clientId }; }; return { getAccessToken, getHeaders }; } const integrationAuthParameter = (name) => (0, valibot.pipe)((0, valibot.string)(`Expected a string value for the Commerce Integration parameter ${name}`), (0, valibot.nonEmpty)(`Expected a non-empty string value for the Commerce Integration parameter ${name}`)), BaseUrlSchema = (0, valibot.pipe)((0, valibot.string)("Expected a string for the Adobe Commerce endpoint"), (0, valibot.nonEmpty)("Expected a non-empty string for the Adobe Commerce endpoint"), (0, valibot.url)("Expected a valid url for the Adobe Commerce endpoint")), UrlSchema = (0, valibot.pipe)((0, valibot.union)([BaseUrlSchema, (0, valibot.instance)(URL)]), (0, valibot.transform)((url) => url instanceof URL ? url.toString() : url)), IntegrationAuthParamsSchema = (0, valibot.nonOptional)((0, valibot.object)({ consumerKey: integrationAuthParameter("consumerKey"), consumerSecret: integrationAuthParameter("consumerSecret"), accessToken: integrationAuthParameter("accessToken"), accessTokenSecret: integrationAuthParameter("accessTokenSecret") })); function assertIntegrationAuthParams(config) { let result = (0, valibot.safeParse)(IntegrationAuthParamsSchema, config); if (!result.success) throw new __adobe_aio_commerce_lib_core_error.CommerceSdkValidationError("Invalid IntegrationAuthProvider configuration", { issues: result.issues }); } function getIntegrationAuthProvider(authParams) { let oauth = new oauth_1_0a.default({ consumer: { key: authParams.consumerKey, secret: authParams.consumerSecret }, signature_method: "HMAC-SHA256", hash_function: (baseString, key) => crypto.default.createHmac("sha256", key).update(baseString).digest("base64") }), oauthToken = { key: authParams.accessToken, secret: authParams.accessTokenSecret }; return { getHeaders: (method, url) => { let urlString = url instanceof URL ? url.toString() : url; return oauth.toHeader(oauth.authorize({ url: urlString, method }, oauthToken)); } }; } exports.IMS_AUTH_ENV = IMS_AUTH_ENV, exports.assertImsAuthParams = assertImsAuthParams, exports.assertIntegrationAuthParams = assertIntegrationAuthParams, exports.getImsAuthProvider = getImsAuthProvider, exports.getIntegrationAuthProvider = getIntegrationAuthProvider;