MCPcopy Index your code
hub / github.com/di-sukharev/opencommit / bearerTokenAuthenticationPolicy

Function bearerTokenAuthenticationPolicy

out/cli.cjs:77082–77143  ·  view source on GitHub ↗
(options)

Source from the content-addressed store, hash-verified

77080}
77081function getChallenge(response) {
77082 const challenge = response.headers.get("WWW-Authenticate");
77083 if (response.status === 401 && challenge) {
77084 return challenge;
77085 }
77086 return;
77087}
77088function bearerTokenAuthenticationPolicy(options) {
77089 var _a5;
77090 const { credential, scopes, challengeCallbacks } = options;
77091 const logger3 = options.logger || logger;
77092 const callbacks = Object.assign({ authorizeRequest: (_a5 = challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequest) !== null && _a5 !== void 0 ? _a5 : defaultAuthorizeRequest, authorizeRequestOnChallenge: challengeCallbacks === null || challengeCallbacks === void 0 ? void 0 : challengeCallbacks.authorizeRequestOnChallenge }, challengeCallbacks);
77093 const getAccessToken = credential ? createTokenCycler(
77094 credential
77095 /* , options */
77096 ) : () => Promise.resolve(null);
77097 return {
77098 name: bearerTokenAuthenticationPolicyName,
77099 /**
77100 * If there's no challenge parameter:
77101 * - It will try to retrieve the token using the cache, or the credential's getToken.
77102 * - Then it will try the next policy with or without the retrieved token.
77103 *
77104 * It uses the challenge parameters to:
77105 * - Skip a first attempt to get the token from the credential if there's no cached token,
77106 * since it expects the token to be retrievable only after the challenge.
77107 * - Prepare the outgoing request if the `prepareRequest` method has been provided.
77108 * - Send an initial request to receive the challenge if it fails.
77109 * - Process a challenge if the response contains it.
77110 * - Retrieve a token with the challenge information, then re-send the request.
77111 */
77112 async sendRequest(request3, next) {
77113 if (!request3.url.toLowerCase().startsWith("https://")) {
77114 throw new Error("Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.");
77115 }
77116 await callbacks.authorizeRequest({
77117 scopes: Array.isArray(scopes) ? scopes : [scopes],
77118 request: request3,
77119 getAccessToken,
77120 logger: logger3
77121 });
77122 let response;
77123 let error;
77124 try {
77125 response = await next(request3);
77126 } catch (err) {
77127 error = err;
77128 response = err.response;
77129 }
77130 if (callbacks.authorizeRequestOnChallenge && (response === null || response === void 0 ? void 0 : response.status) === 401 && getChallenge(response)) {
77131 const shouldSendRequest = await callbacks.authorizeRequestOnChallenge({
77132 scopes: Array.isArray(scopes) ? scopes : [scopes],
77133 request: request3,
77134 response,
77135 getAccessToken,
77136 logger: logger3
77137 });
77138 if (shouldSendRequest) {
77139 return next(request3);

Callers 1

Calls 1

createTokenCyclerFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…