(
row: ConnectionRow,
)
| 1670 | // two distinct inputs yields one entry per variable. OAuth connections refresh |
| 1671 | // first (always single-input → `{ token: <access> }`). |
| 1672 | const resolveConnectionValues = ( |
| 1673 | row: ConnectionRow, |
| 1674 | ): Effect.Effect<Record<string, string | null>, StorageFailure | CredentialResolutionError> => |
| 1675 | Effect.gen(function* () { |
| 1676 | const provider = credentialProviders.get(row.provider); |
| 1677 | if (!provider) { |
| 1678 | return yield* new CredentialProviderNotRegisteredError({ |
| 1679 | provider: ProviderKey.make(row.provider), |
| 1680 | }); |
| 1681 | } |
| 1682 | // OAuth connections refresh their access token before resolving when |
| 1683 | // it has expired (or is within the skew window). |
| 1684 | const expiresAt = row.expires_at == null ? null : Number(row.expires_at); |
| 1685 | if (row.oauth_client != null && shouldRefreshToken({ expiresAt })) { |
| 1686 | const access = yield* refreshConnectionToken(row, provider); |
| 1687 | return { [PRIMARY_INPUT_VARIABLE]: access }; |
| 1688 | } |
| 1689 | const out: Record<string, string | null> = {}; |
| 1690 | for (const [variable, itemId] of Object.entries(connectionItemIds(row))) { |
| 1691 | out[variable] = yield* provider.get(ProviderItemId.make(itemId)); |
| 1692 | } |
| 1693 | return out; |
| 1694 | }).pipe( |
| 1695 | // CredentialProviderNotRegisteredError is part of CredentialResolution |
| 1696 | // for ctx.connections.resolveValue's StorageFailure channel — fold it. |
| 1697 | Effect.catchTag("CredentialProviderNotRegisteredError", (err) => |
| 1698 | Effect.fail( |
| 1699 | new StorageError({ |
| 1700 | message: `Credential provider "${err.provider}" is not registered.`, |
| 1701 | cause: err, |
| 1702 | }), |
| 1703 | ), |
| 1704 | ), |
| 1705 | ); |
| 1706 | |
| 1707 | /** The primary (`token`) value — the public seam for OAuth + single-input |
| 1708 | * callers that only ever need one value. */ |
no test coverage detected