feat: Add getIasToken() and getIasDestination() convenience functions#6431
feat: Add getIasToken() and getIasDestination() convenience functions#6431davidkna-sap wants to merge 7 commits intomainfrom
getIasToken() and getIasDestination() convenience functions#6431Conversation
davidkna-sap
force-pushed
the
davidkna-sap_ias-convenience
branch
from
b9f591b to
982d8e0
Compare
davidkna-sap
force-pushed
the
davidkna-sap_ias-convenience
branch
from
982d8e0 to
ec8ff90
Compare
KavithaSiva
left a comment
KavithaSiva
left a comment
There was a problem hiding this comment.
Initial round of comments.
| /** | ||
| * @internal | ||
| */ | ||
| async function resolveIdentityService( |
There was a problem hiding this comment.
[req] resolveIdentityService is unnecessarily async.
There was a problem hiding this comment.
resolveServiceBinding is async, I think this should stay as-is.
| /** | ||
| * Returns an IAS token from the Identity Authentication Service. | ||
| * Supports both technical user (OAuth2ClientCredentials) and business user (OAuth2JWTBearer) flows. | ||
| * @param service - Service credentials, a service type string (e.g., 'identity'), or a {@link Service} instance. |
There was a problem hiding this comment.
[q] Should we also add:
Passing raw ServiceCredentials, Service directly is only recommended for environments where service bindings are unavailable as they hardcode the credentials?
identity string is the best way as the SDK resolves the credentials from the environment automatically.
| * @returns An {@link IasTokenResult} containing the access token, expiration, and optional refresh token. | ||
| */ | ||
| export async function getIasToken( | ||
| service: ServiceCredentials | string | Service, |
There was a problem hiding this comment.
| service: ServiceCredentials | string | Service, | |
| service: ServiceCredentials | 'identity' | Service, |
[q] Can't we narrow the type?
Co-Authored-By: KavithaSiva <32287936+kavithasiva@users.noreply.github.com>
davidkna-sap
force-pushed
the
davidkna-sap_ias-convenience
branch
from
0d20ea3 to
1d0ce3f
Compare
| service: ServiceCredentials | 'identity' | Service = 'identity', | ||
| options?: IasTokenOptions |
There was a problem hiding this comment.
What do you think about putting IasTokenOptions first with service having a sane default?
2 participants
Closes https://github.com/SAP/cloud-sdk-backlog/issues/1291
Related https://github.com/SAP/ai-sdk-js-backlog/issues/466
This PR adds the convenience functions
getIasToken()(returning token, refresh token (if available) and expiration) andgetIasDestination()(returning a callable destination).Both accept a service
Service | string | ServiceCredentials, unliketransformIasBindingToDestinationthey allow bareServiceCredentials(e.g. justclientid,clientsecretandurl).Note:
getIasToken()only returns the token as a string, rather than a parsed jwt, because it may not be a jwt.To support this more flexible usage, existing convenience logic (e.g.
app_tidresolution) has been refactored out oftransformIasBindingToDestination.Token caching now relies on the cached token flows added three days ago to
@sap/xssec4.13.0 (getClientCredentialsToken/getJwtBearerToken) instead of the SDK-level IAS client credentials cache to allow for caching closer at lower levels of the implementation.This means business user tokens are now cached too (https://github.com/SAP/ai-sdk-js-backlog/issues/466).
The
useCachetoggle is still exposed, but it is currently not possible to change the cache size or implementation via SAP Cloud SDK APIs.