@sap/xssec/src/v3/requestsV3.js

XS Advanced Container Security API for node.js

const IdentityService = require("../service/IdentityService");
const XsuaaService = require("../service/XsuaaService");

async function requestClientCredentialsToken(subdomain, config, additionalAttributes, zoneId, cb) {
    //make it backward-compatible (where zoneId is not provided at all)
    if (typeof zoneId === 'function') {
        cb = zoneId;
        zoneId = null;
    }

    const credentials = config.credentials ?? config;
    const service = config.type?.toUpperCase() === "IAS" ? new IdentityService(credentials) : new XsuaaService(credentials);

    const options = {
        authorities: additionalAttributes,
        correlationId: config.correlationId,
        resource: config.resource,
        scope: config.scopes,
        tenant: subdomain,
        timeout: config.timeout,
        app_tid: zoneId
    };

    try {
        const response = await service.fetchClientCredentialsToken(options);
        return cb(null, response.access_token, response);
    } catch (e) {
        return cb(e);
    }
}

async function requestPasswordUserToken(subdomain, config, additionalAttributes, cb) {
    const credentials = config.credentials ?? config;
    const service = config.type?.toUpperCase() === "IAS" ? new IdentityService(credentials) : new XsuaaService(credentials);

    const options = {
        authorities: additionalAttributes,
        correlationId: config.correlationId,
        resource: config.resource,
        scope: config.scopes,
        tenant: subdomain,
        timeout: config.timeout
    };

    try {
        const response = await service.fetchPasswordToken(config.username, config.password, options);
        return cb(null, config.type?.toUpperCase() === "IAS" ? response.id_token : response.access_token, response);
    } catch (e) {
        return cb(e);
    }
}

async function requestUserToken(appToken, config, additionalAttributes, scopes, subdomain, zoneId, cb) {
    //make it backward-compatible (where zoneId is not provided at all)
    if (typeof zoneId === 'function') {
        cb = zoneId;
        zoneId = null;
    }

    const credentials = config.credentials ?? config;
    const service = config.type?.toUpperCase() === "IAS" ? new IdentityService(credentials) : new XsuaaService(credentials);

    const options = {
        authorities: additionalAttributes,
        correlationId: config.correlationId,
        resource: config.resource,
        scope: scopes ?? config.scopes,
        tenant: subdomain,
        timeout: config.timeout,
        app_tid: zoneId,
        zid: zoneId
    };

    try {
        const response = await service.fetchJwtBearerToken(appToken, options);
        return cb(null, config.type?.toUpperCase() === "IAS" ? response.id_token : response.access_token, response);
    } catch (e) {
        return cb(e);
    }
}


module.exports = {
    requestClientCredentialsToken,
    requestPasswordUserToken,
    requestUserToken
}