(options: {
session: CliSessionRecord;
flags: CliFlags;
env: EnvMap;
io?: AuthIo;
})
| 368 | } |
| 369 | |
| 370 | async function refreshAgentToken(options: { |
| 371 | session: CliSessionRecord; |
| 372 | flags: CliFlags; |
| 373 | env: EnvMap; |
| 374 | io?: AuthIo; |
| 375 | }): Promise<{ accessToken: string; expiresAt?: string }> { |
| 376 | const cloudBaseUrl = resolveCloudBaseUrl(options.env, options.session.cloudBaseUrl); |
| 377 | const response = await postJson<CliSessionRefreshResponse>({ |
| 378 | baseUrl: cloudBaseUrl, |
| 379 | pathName: CLI_SESSION_REFRESH_PATH, |
| 380 | body: { |
| 381 | refreshCredential: options.session.refreshCredential, |
| 382 | tenant: options.flags.tenant, |
| 383 | runId: options.flags.runId, |
| 384 | daemonBaseUrl: options.flags.daemonBaseUrl, |
| 385 | session: options.flags.session, |
| 386 | }, |
| 387 | fetchImpl: options.io?.fetch, |
| 388 | }); |
| 389 | if (hasToken(response.accessToken)) { |
| 390 | return { accessToken: response.accessToken, expiresAt: response.expiresAt }; |
| 391 | } |
| 392 | if (response.status === 'revoked' || response.error === 'revoked') { |
| 393 | throw new AppError('UNAUTHORIZED', 'Stored cloud CLI session was revoked.', { |
| 394 | hint: 'Run agent-device auth login again, or set AGENT_DEVICE_DAEMON_AUTH_TOKEN.', |
| 395 | status: response.status, |
| 396 | error: response.error, |
| 397 | }); |
| 398 | } |
| 399 | throw new AppError('UNAUTHORIZED', 'Failed to refresh CLI session.', { |
| 400 | hint: 'Run agent-device auth login again, or set AGENT_DEVICE_DAEMON_AUTH_TOKEN.', |
| 401 | status: response.status, |
| 402 | error: response.error, |
| 403 | }); |
| 404 | } |
| 405 | |
| 406 | async function pollDeviceAuth(options: { |
| 407 | cloudBaseUrl: string; |
no test coverage detected