* Resolves an access token for a connector based on its auth mode. * OAuth connectors refresh via the credential system; API key connectors * decrypt the key stored in the dedicated `encryptedApiKey` column.
(
connector: { credentialId: string | null; encryptedApiKey: string | null },
connectorConfig: { auth: ConnectorAuthConfig },
userId: string
)
| 345 | * decrypt the key stored in the dedicated `encryptedApiKey` column. |
| 346 | */ |
| 347 | async function resolveAccessToken( |
| 348 | connector: { credentialId: string | null; encryptedApiKey: string | null }, |
| 349 | connectorConfig: { auth: ConnectorAuthConfig }, |
| 350 | userId: string |
| 351 | ): Promise<string> { |
| 352 | if (connectorConfig.auth.mode === 'apiKey') { |
| 353 | if (!connector.encryptedApiKey) { |
| 354 | throw new Error('API key connector is missing encrypted API key') |
| 355 | } |
| 356 | const { decrypted } = await decryptApiKey(connector.encryptedApiKey) |
| 357 | return decrypted |
| 358 | } |
| 359 | |
| 360 | if (!connector.credentialId) { |
| 361 | throw new Error('OAuth connector is missing credential ID') |
| 362 | } |
| 363 | |
| 364 | const requestId = `sync-${connector.credentialId}` |
| 365 | const token = await refreshAccessTokenIfNeeded(connector.credentialId, userId, requestId) |
| 366 | |
| 367 | if (!token) { |
| 368 | logger.error(`[${requestId}] refreshAccessTokenIfNeeded returned null`, { |
| 369 | credentialId: connector.credentialId, |
| 370 | userId, |
| 371 | authMode: connectorConfig.auth.mode, |
| 372 | authProvider: connectorConfig.auth.provider, |
| 373 | }) |
| 374 | throw new Error( |
| 375 | `Failed to obtain access token for credential ${connector.credentialId} (provider: ${connectorConfig.auth.provider})` |
| 376 | ) |
| 377 | } |
| 378 | |
| 379 | return token |
| 380 | } |
| 381 | |
| 382 | /** |
| 383 | * Execute a sync for a given knowledge connector. |
no test coverage detected