Confidential client (#488)

.changeset/tame-rules-wash.md

@@ -0,0 +1,5 @@
+---
+"@osdk/oauth": minor
+---
+
+Adds createConfidentialOauthClient

docs/vite.md

@@ -0,0 +1,24 @@
+# Using OSDK with Vite
+
+## Fixing common problems
+
+### "ReferenceError: process is not defined"
+
+The OSDK related libraries leverage a long standing convention to use `process.env.NODE_ENV` to determine the level of verbosity for `console.log`/`console.warn`/`console.error` and to create optimized production code.
+
+Recent versions of Vite have begun pushing developers to use `import.meta.env` instead of `process.env` which is a noble change with good intentions but one that creates problems for library authors trying to support multiple bundling frameworks.
+
+Out of the box, Vite will not perform the required replacement to optimize the code which leads to `process` being undefined and a runtime error for you. This can be worked around by updating your Vite config to process the replacement:
+
+```ts
+// ...
+export default defineConfig(({ mode }) => {
+  // ...
+  return {
+    define: {
+      "process.env.NODE_ENV": JSON.stringify(mode)
+    },
+    // ...
+  }
+}
+```

etc/client.report.api.md

@@ -35,7 +35,7 @@ import type { QueryDefinition } from '@osdk/api';
 import type { QuerySignatureFromDef } from '@osdk/client.api';
 import { Result } from '@osdk/client.api';
 import type { SharedClient } from '@osdk/shared.client';
-import { SharedClientContext } from '@osdk/shared.client';
+import type { SharedClientContext } from '@osdk/shared.client';
 import type { VersionBound } from '@osdk/api';
 import { WhereClause } from '@osdk/client.api';
 
@@ -87,7 +87,7 @@ export const createClient: (baseUrl: string, ontologyRid: string | Promise<strin
 // Warning: (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 //
 // @public
-export function createPlatformClient(baseUrl: string, tokenProvider: () => Promise<string>, options?: undefined, fetchFn?: typeof globalThis.fetch): SharedClientContext;
+export function createPlatformClient(baseUrl: string, tokenProvider: () => Promise<string>, options?: undefined, fetchFn?: typeof globalThis.fetch): PlatformClient;
 
 export { InterfaceObjectSet }
 
@@ -107,6 +107,10 @@ export { PageResult }
 
 export { PalantirApiError }
 
+// @public (undocumented)
+export interface PlatformClient extends SharedClientContext {
+}
+
 export { Result }
 
 // @public (undocumented)

packages/client/src/createPlatformClient.ts

@@ -14,9 +14,12 @@
  * limitations under the License.
  */
 
+import type { SharedClientContext } from "@osdk/shared.client";
 import { createSharedClientContext } from "@osdk/shared.client.impl";
 import { USER_AGENT } from "./util/UserAgent.js";
 
+export interface PlatformClient extends SharedClientContext {}
+
 /**
  * Creates a client that can only be used with Platform APIs.
  *
@@ -34,7 +37,7 @@ export function createPlatformClient(
   tokenProvider: () => Promise<string>,
   options: undefined = undefined,
   fetchFn: typeof globalThis.fetch = fetch,
-) {
+): PlatformClient {
   return createSharedClientContext(
     baseUrl,
     tokenProvider,

packages/client/src/index.ts

@@ -34,12 +34,11 @@ export type {
 export { isOk } from "@osdk/client.api";
 export { PalantirApiError } from "@osdk/shared.net.errors";
 
+export { ActionValidationError } from "./actions/ActionValidationError.js";
 export type { Client } from "./Client.js";
+export { createAttachmentFromRid } from "./createAttachmentFromRid.js";
 export { createClient } from "./createClient.js";
 export { createPlatformClient } from "./createPlatformClient.js";
-
-export { createAttachmentFromRid } from "./createAttachmentFromRid.js";
+export type { PlatformClient } from "./createPlatformClient.js";
 export { createAttachmentUpload } from "./object/AttachmentUpload.js";
-
-export { ActionValidationError } from "./actions/ActionValidationError.js";
 export type { ResultOrError } from "./ResultOrError.js";

packages/e2e.sandbox.oauth/bin/testConfidentialClientNode.mjs

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+import { testConfidentialClientNode } from "../build/esm/index.js";
+
+testConfidentialClientNode();

packages/e2e.sandbox.oauth/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@osdk/e2e.sandbox.oauth",
+  "private": true,
+  "version": "0.0.0",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/palantir/osdk-ts.git"
+  },
+  "exports": {
+    ".": {
+      "require": "./build/cjs/index.cjs",
+      "browser": "./build/browser/index.js",
+      "import": "./build/esm/index.js"
+    },
+    "./*": {
+      "require": "./build/cjs/public/*.cjs",
+      "browser": "./build/browser/public/*.js",
+      "import": "./build/esm/public/*.js"
+    }
+  },
+  "scripts": {
+    "check-attw": "monorepo.tool.attw both",
+    "check-spelling": "cspell --quiet .",
+    "clean": "rm -rf lib dist types build tsconfig.tsbuildinfo",
+    "fix-lint": "eslint . --fix && dprint fmt --config $(find-up dprint.json)",
+    "lint": "eslint . && dprint check  --config $(find-up dprint.json)",
+    "transpile": "monorepo.tool.transpile",
+    "typecheck": "monorepo.tool.typecheck both"
+  },
+  "dependencies": {
+    "@osdk/client": "workspace:~",
+    "@osdk/oauth": "workspace:~",
+    "consola": "^3.2.3",
+    "tiny-invariant": "^1.3.3"
+  },
+  "devDependencies": {
+    "@osdk/monorepo.api-extractor": "workspace:~",
+    "@osdk/monorepo.tsconfig": "workspace:~",
+    "@osdk/monorepo.tsup": "workspace:~",
+    "typescript": "^5.5.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "build/cjs",
+    "build/esm",
+    "build/browser",
+    "CHANGELOG.md",
+    "package.json",
+    "templates",
+    "*.d.ts"
+  ],
+  "main": "./build/cjs/index.cjs",
+  "module": "./build/esm/index.js",
+  "types": "./build/cjs/index.d.cts",
+  "type": "module"
+}

packages/e2e.sandbox.oauth/src/index.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2024 Palantir Technologies, Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export { testConfidentialClientNode } from "./testConfidentialClientNode.js";

packages/e2e.sandbox.oauth/src/testConfidentialClientNode.ts

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 Palantir Technologies, Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { createConfidentialOauthClient } from "@osdk/oauth";
+import consola from "consola";
+import invariant from "tiny-invariant";
+
+declare const process: {
+  env: Record<string, string | undefined>;
+};
+
+export async function testConfidentialClientNode() {
+  const prefix = "TS_OSDK_E2E_OAUTH_CONFIDENTIAL_";
+  const FOUNDRY_CLIENT_ID = process.env[`${prefix}FOUNDRY_CLIENT_ID`];
+  const FOUNDRY_URL = process.env[`${prefix}FOUNDRY_URL`];
+  const FOUNDRY_CLIENT_SECRET = process.env[`${prefix}FOUNDRY_CLIENT_SECRET`];
+
+  invariant(
+    FOUNDRY_CLIENT_ID != null,
+    `${prefix}FOUNDRY_CLIENT_ID is required`,
+  );
+  invariant(
+    FOUNDRY_URL != null,
+    `${prefix}FOUNDRY_URL is required`,
+  );
+  invariant(
+    FOUNDRY_CLIENT_SECRET != null,
+    `${prefix}FOUNDRY_URL is required`,
+  );
+
+  const auth = createConfidentialOauthClient(
+    FOUNDRY_CLIENT_ID,
+    FOUNDRY_CLIENT_SECRET,
+    FOUNDRY_URL,
+  );
+
+  const token = await auth();
+  invariant(
+    token != null && token.length > 0,
+    "token should have been received",
+  );
+  consola.log(token);
+}

packages/e2e.sandbox.oauth/tsconfig.cjs.json

@@ -0,0 +1,14 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "module": "CommonJS",
+    "moduleResolution": "Node",
+    "target": "ES6",
+    "rootDir": "src",
+    "outDir": "build/cjs"
+  },
+  "include": [
+    "./src/**/*"
+  ],
+  "references": []
+}

packages/e2e.sandbox.oauth/tsconfig.json

@@ -0,0 +1,11 @@
+{
+  "extends": "@osdk/monorepo.tsconfig/base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "build/esm"
+  },
+  "include": [
+    "./src/**/*"
+  ],
+  "references": []
+}

packages/e2e.sandbox.oauth/tsup.config.js

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2023 Palantir Technologies, Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { defineConfig } from "tsup";
+
+export default defineConfig(async (options) =>
+  (await import("@osdk/monorepo.tsup")).default(options, {})
+);

packages/e2e.sandbox.todoapp/vite.config.mts

@@ -9,6 +9,9 @@ export default defineConfig(({ mode }) => {
   const env = loadEnv(mode, process.cwd(), "");
 
   return {
+    define: {
+      "process.env.NODE_ENV": JSON.stringify(mode),
+    },
     plugins: [
       react(),
       visualizer({
@@ -25,6 +28,12 @@ export default defineConfig(({ mode }) => {
         "/object-set-service": `${env.VITE_FOUNDRY_URL}`,
       },
     },
+    optimizeDeps: {
+      // shared.client is a mixed package that needs to be properly processed by vite
+      // but normally linked packages do not get that treatment so we have to explicitly add it here
+      // and in the `commonjsOptions` below
+      include: ["@osdk/client > @osdk/shared.client"],
+    },
     build: {
       outDir: "build/site/",
     },

packages/oauth/package.json

@@ -36,7 +36,6 @@
     "@osdk/monorepo.tsconfig": "workspace:~",
     "@osdk/monorepo.tsup": "workspace:~",
     "jest-extended": "^4.0.2",
-    "ts-expect": "^1.3.0",
     "typescript": "^5.5.2"
   },
   "publishConfig": {

packages/oauth/src/BaseOauthClient.ts

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 Palantir Technologies, Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import type { Token } from "./Token.js";
+
+export type Events = {
+  signIn: CustomEvent<Token>;
+  signOut: Event;
+  refresh: CustomEvent<Token>;
+};
+
+export interface BaseOauthClient<K extends keyof Events & string> {
+  (): Promise<string>;
+
+  signIn: () => Promise<Token>;
+  signOut: () => Promise<void>;
+
+  addEventListener: <T extends K>(
+    type: T,
+    listener: ((evt: Events[T]) => void) | null,
+    options?: boolean | AddEventListenerOptions,
+  ) => void;
+
+  removeEventListener: <T extends K>(
+    type: T,
+    callback: ((evt: Events[T]) => void) | null,
+    options?: EventListenerOptions | boolean,
+  ) => void;
+}

packages/oauth/src/ConfidentialOauthClient.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2024 Palantir Technologies, Inc. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import type { BaseOauthClient } from "./BaseOauthClient.js";
+
+export interface ConfidentialOauthClient
+  extends BaseOauthClient<"signIn" | "signOut">
+{
+}