( credentialId: string )
| 65 | * Otherwise assumes `credentialId` is already a raw `account.id` (legacy). |
| 66 | */ |
| 67 | export async function resolveOAuthAccountId( |
| 68 | credentialId: string |
| 69 | ): Promise<ResolvedCredential | null> { |
| 70 | const [credentialRow] = await db |
| 71 | .select({ |
| 72 | id: credential.id, |
| 73 | type: credential.type, |
| 74 | accountId: credential.accountId, |
| 75 | workspaceId: credential.workspaceId, |
| 76 | providerId: credential.providerId, |
| 77 | }) |
| 78 | .from(credential) |
| 79 | .where(eq(credential.id, credentialId)) |
| 80 | .limit(1) |
| 81 | |
| 82 | if (credentialRow) { |
| 83 | if (credentialRow.type === 'service_account') { |
| 84 | return { |
| 85 | accountId: '', |
| 86 | credentialId: credentialRow.id, |
| 87 | credentialType: 'service_account', |
| 88 | workspaceId: credentialRow.workspaceId, |
| 89 | providerId: credentialRow.providerId ?? undefined, |
| 90 | usedCredentialTable: true, |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | if (credentialRow.type !== 'oauth' || !credentialRow.accountId) { |
| 95 | return null |
| 96 | } |
| 97 | return { |
| 98 | accountId: credentialRow.accountId, |
| 99 | workspaceId: credentialRow.workspaceId, |
| 100 | usedCredentialTable: true, |
| 101 | } |
| 102 | } |
| 103 | |
| 104 | return { accountId: credentialId, usedCredentialTable: false } |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * Userinfo scopes are excluded because service accounts don't represent a user |
no test coverage detected