* Derives the cache key for a credential set. The client secret is included * only as a SHA-256 digest so plaintext secrets never persist in the * long-lived cache maps.
(params: VantaTokenParams)
| 163 | * long-lived cache maps. |
| 164 | */ |
| 165 | async function vantaTokenCacheKey(params: VantaTokenParams): Promise<string> { |
| 166 | const digest = await crypto.subtle.digest( |
| 167 | 'SHA-256', |
| 168 | new TextEncoder().encode(`${params.clientId}:${params.clientSecret}`) |
| 169 | ) |
| 170 | const secretHash = Array.from(new Uint8Array(digest)) |
| 171 | .map((byte) => byte.toString(16).padStart(2, '0')) |
| 172 | .join('') |
| 173 | return [params.region ?? 'us', params.scope, params.clientId, secretHash].join('|') |
| 174 | } |
| 175 | |
| 176 | async function exchangeVantaToken(params: VantaTokenParams, cacheKey: string): Promise<string> { |
| 177 | const response = await fetch(`${getVantaBaseUrl(params.region)}/oauth/token`, { |
no test coverage detected