UNPKG

@dataroadinc/setup-auth

Version:

CLI tool and programmatic API for automated OAuth setup across cloud platforms

github.com/dataroadinc/dr-ts-setup-auth

dataroadinc/dr-ts-setup-auth

163 lines (112 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# Vercel Integration ## Vercel CLI Integration (July 2025) ### ✅ **Authentication Validation Fixed** - **Problem**: CLI `vercel whoami` returns username instead of full email, causing validation failures - **Solution**: Switched to Vercel REST API `/v2/user` endpoint to get user email and `defaultTeamId` - **Result**: Authentication validation now works perfectly using API approach - **Validation**: Compares `VERCEL_TEAM_ID` with user's `defaultTeamId` for exact match ### ✅ **Deployment API Integration** - **Problem**: Need to get deployment URLs for OAuth redirect configuration - **Solution**: Using Vercel REST API `/v1/deployments` endpoint - **Result**: Can automatically fetch all deployment URLs for a project - **Implementation**: Added `getDeploymentUrls()` function to Vercel API client ### ✅ **Project Configuration** - **Problem**: Need to validate project exists and get project details - **Solution**: Using Vercel REST API `/v1/projects` endpoint - **Result**: Can validate project exists and get project configuration - **Implementation**: Added project validation and configuration retrieval ## Vercel Integration Strategy (July 2025) ### Overview The Vercel integration provides automatic redirect URL management for OAuth clients. When deployments are created or updated, the system automatically updates the OAuth client's redirect URLs to include the new deployment URLs. ### Key Components #### **Authentication** - Uses Vercel REST API for authentication validation - Validates team ID against user's default team - Supports both personal and team accounts #### **Deployment Management** - Automatically fetches deployment URLs from Vercel API - Filters deployments by project and environment - Supports multiple deployment environments (production, preview, development) #### **OAuth Integration** - Updates OAuth client redirect URLs automatically - Supports multiple OAuth providers (Google, GitHub, Azure) - Maintains existing redirect URLs while adding new ones ### API Endpoints Used #### **Authentication** ```typescript GET / v2 / user ``` Returns user information including: - `email`: User's email address - `defaultTeamId`: User's default team ID - `username`: User's username #### **Projects** ```typescript GET / v1 / projects ``` Returns list of projects for the authenticated user/team. #### **Deployments** ```typescript GET / v1 / deployments ``` Returns list of deployments with parameters: - `projectId`: Filter by project ID - `limit`: Number of deployments to return - `since`: Only return deployments after this timestamp ### Implementation Details #### **Vercel API Client** The `VercelApiClient` class provides a wrapper around the Vercel REST API: ```typescript class VercelApiClient { constructor(private accessToken: string) {} async getUser(): Promise<VercelUser> async getProjects(): Promise<VercelProject[]> async getDeployments(projectId: string): Promise<VercelDeployment[]> } ``` #### **Authentication Validation** ```typescript async validateVercelAuth(): Promise<boolean> { const user = await this.vercelClient.getUser() return user.defaultTeamId === process.env.VERCEL_TEAM_ID } ``` #### **Deployment URL Extraction** ```typescript async getDeploymentUrls(projectId: string): Promise<string[]> { const deployments = await this.vercelClient.getDeployments(projectId) return deployments.map(deployment => deployment.url) } ``` ### Configuration #### **Environment Variables** - `VERCEL_ACCESS_TOKEN`: Vercel API access token - `VERCEL_TEAM_ID`: Team ID for the project - `VERCEL_PROJECT_ID`: Project ID for the deployment - `VERCEL_PROJECT_NAME`: Project name for display #### **OAuth Integration** The Vercel integration works with the OAuth setup commands: - `gcp-setup-oauth`: Updates Google OAuth client redirect URLs - `github-setup-oauth`: Updates GitHub OAuth client redirect URLs - `azure-setup-oauth`: Updates Azure OAuth client redirect URLs ### Workflow 1. **Authentication**: Validate Vercel credentials and team access 2. **Project Validation**: Verify project exists and is accessible 3. **Deployment Discovery**: Fetch all deployment URLs for the project 4. **OAuth Update**: Update OAuth client redirect URLs with deployment URLs 5. **Verification**: Confirm OAuth client was updated successfully ### Error Handling - **Authentication Errors**: Clear error messages for invalid tokens - **Project Errors**: Validation of project existence and access - **API Errors**: Retry logic for transient API failures - **OAuth Errors**: Detailed error messages for OAuth client updates ### Future Enhancements - **Webhook Integration**: Automatic updates when deployments are created - **Environment Filtering**: Filter deployments by environment (prod, preview) - **Custom Domains**: Support for custom domain deployments - **Batch Updates**: Update multiple OAuth clients simultaneously