1 | import { EventEmitter } from 'events';
|
2 | import { Gaxios, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios';
|
3 | import { Transporter } from '../transporters';
|
4 | import { Credentials } from './credentials';
|
5 | import { GetAccessTokenResponse, Headers } from './oauth2client';
|
6 | import { OriginalAndCamel } from '../util';
|
7 | /**
|
8 | * Base auth configurations (e.g. from JWT or `.json` files) with conventional
|
9 | * camelCased options.
|
10 | *
|
11 | * @privateRemarks
|
12 | *
|
13 | * This interface is purposely not exported so that it can be removed once
|
14 | * {@link https://github.com/microsoft/TypeScript/issues/50715} has been
|
15 | * resolved. Then, we can use {@link OriginalAndCamel} to shrink this interface.
|
16 | *
|
17 | * Tracking: {@link https://github.com/googleapis/google-auth-library-nodejs/issues/1686}
|
18 | */
|
19 | interface AuthJSONOptions {
|
20 | /**
|
21 | * The project ID corresponding to the current credentials if available.
|
22 | */
|
23 | project_id: string | null;
|
24 | /**
|
25 | * An alias for {@link AuthJSONOptions.project_id `project_id`}.
|
26 | */
|
27 | projectId: AuthJSONOptions['project_id'];
|
28 | /**
|
29 | * The quota project ID. The quota project can be used by client libraries for the billing purpose.
|
30 | * See {@link https://cloud.google.com/docs/quota Working with quotas}
|
31 | */
|
32 | quota_project_id: string;
|
33 | /**
|
34 | * An alias for {@link AuthJSONOptions.quota_project_id `quota_project_id`}.
|
35 | */
|
36 | quotaProjectId: AuthJSONOptions['quota_project_id'];
|
37 | /**
|
38 | * The default service domain for a given Cloud universe.
|
39 | */
|
40 | universe_domain: string;
|
41 | /**
|
42 | * An alias for {@link AuthJSONOptions.universe_domain `universe_domain`}.
|
43 | */
|
44 | universeDomain: AuthJSONOptions['universe_domain'];
|
45 | }
|
46 | /**
|
47 | * Base `AuthClient` configuration.
|
48 | *
|
49 | * The camelCased options are aliases of the snake_cased options, supporting both
|
50 | * JSON API and JS conventions.
|
51 | */
|
52 | export interface AuthClientOptions extends Partial<OriginalAndCamel<AuthJSONOptions>> {
|
53 | /**
|
54 | * An API key to use, optional.
|
55 | */
|
56 | apiKey?: string;
|
57 | credentials?: Credentials;
|
58 | /**
|
59 | * A `Gaxios` or `Transporter` instance to use for `AuthClient` requests.
|
60 | */
|
61 | transporter?: Gaxios | Transporter;
|
62 | /**
|
63 | * Provides default options to the transporter, such as {@link GaxiosOptions.agent `agent`} or
|
64 | * {@link GaxiosOptions.retryConfig `retryConfig`}.
|
65 | */
|
66 | transporterOptions?: GaxiosOptions;
|
67 | /**
|
68 | * The expiration threshold in milliseconds before forcing token refresh of
|
69 | * unexpired tokens.
|
70 | */
|
71 | eagerRefreshThresholdMillis?: number;
|
72 | /**
|
73 | * Whether to attempt to refresh tokens on status 401/403 responses
|
74 | * even if an attempt is made to refresh the token preemptively based
|
75 | * on the expiry_date.
|
76 | */
|
77 | forceRefreshOnFailure?: boolean;
|
78 | }
|
79 | /**
|
80 | * The default cloud universe
|
81 | *
|
82 | * @see {@link AuthJSONOptions.universe_domain}
|
83 | */
|
84 | export declare const DEFAULT_UNIVERSE = "googleapis.com";
|
85 | /**
|
86 | * The default {@link AuthClientOptions.eagerRefreshThresholdMillis}
|
87 | */
|
88 | export declare const DEFAULT_EAGER_REFRESH_THRESHOLD_MILLIS: number;
|
89 | /**
|
90 | * Defines the root interface for all clients that generate credentials
|
91 | * for calling Google APIs. All clients should implement this interface.
|
92 | */
|
93 | export interface CredentialsClient {
|
94 | projectId?: AuthClientOptions['projectId'];
|
95 | eagerRefreshThresholdMillis: NonNullable<AuthClientOptions['eagerRefreshThresholdMillis']>;
|
96 | forceRefreshOnFailure: NonNullable<AuthClientOptions['forceRefreshOnFailure']>;
|
97 | /**
|
98 | * @return A promise that resolves with the current GCP access token
|
99 | * response. If the current credential is expired, a new one is retrieved.
|
100 | */
|
101 | getAccessToken(): Promise<GetAccessTokenResponse>;
|
102 | /**
|
103 | * The main authentication interface. It takes an optional url which when
|
104 | * present is the endpoint being accessed, and returns a Promise which
|
105 | * resolves with authorization header fields.
|
106 | *
|
107 | * The result has the form:
|
108 | * { Authorization: 'Bearer <access_token_value>' }
|
109 | * @param url The URI being authorized.
|
110 | */
|
111 | getRequestHeaders(url?: string): Promise<Headers>;
|
112 | /**
|
113 | * Provides an alternative Gaxios request implementation with auth credentials
|
114 | */
|
115 | request<T>(opts: GaxiosOptions): GaxiosPromise<T>;
|
116 | /**
|
117 | * Sets the auth credentials.
|
118 | */
|
119 | setCredentials(credentials: Credentials): void;
|
120 | /**
|
121 | * Subscribes a listener to the tokens event triggered when a token is
|
122 | * generated.
|
123 | *
|
124 | * @param event The tokens event to subscribe to.
|
125 | * @param listener The listener that triggers on event trigger.
|
126 | * @return The current client instance.
|
127 | */
|
128 | on(event: 'tokens', listener: (tokens: Credentials) => void): this;
|
129 | }
|
130 | export declare interface AuthClient {
|
131 | on(event: 'tokens', listener: (tokens: Credentials) => void): this;
|
132 | }
|
133 | export declare abstract class AuthClient extends EventEmitter implements CredentialsClient {
|
134 | apiKey?: string;
|
135 | projectId?: string | null;
|
136 | /**
|
137 | * The quota project ID. The quota project can be used by client libraries for the billing purpose.
|
138 | * See {@link https://cloud.google.com/docs/quota Working with quotas}
|
139 | */
|
140 | quotaProjectId?: string;
|
141 | transporter: Transporter;
|
142 | credentials: Credentials;
|
143 | eagerRefreshThresholdMillis: number;
|
144 | forceRefreshOnFailure: boolean;
|
145 | universeDomain: string;
|
146 | constructor(opts?: AuthClientOptions);
|
147 | /**
|
148 | * Return the {`Gaxios`} instance from the { AuthClient.transporter}.
Gaxios |
149 | *
|
150 | *
|
151 | */
|
152 | get gaxios(): Gaxios | null;
|
153 | /**
|
154 | * Provides an alternative Gaxios request implementation with auth credentials
|
155 | */
|
156 | abstract request<T>(opts: GaxiosOptions): GaxiosPromise<T>;
|
157 | /**
|
158 | * The main authentication interface. It takes an optional url which when
|
159 | * present is the endpoint being accessed, and returns a Promise which
|
160 | * resolves with authorization header fields.
|
161 | *
|
162 | * The result has the form:
|
163 | * { Authorization: 'Bearer <access_token_value>' }
|
164 | * @param url The URI being authorized.
|
165 | */
|
166 | abstract getRequestHeaders(url?: string): Promise<Headers>;
|
167 | /**
|
168 | * @return A promise that resolves with the current GCP access token
|
169 | * response. If the current credential is expired, a new one is retrieved.
|
170 | */
|
171 | abstract getAccessToken(): Promise<{
|
172 | token?: string | null;
|
173 | res?: GaxiosResponse | null;
|
174 | }>;
|
175 | /**
|
176 | * Sets the auth credentials.
|
177 | */
|
178 | setCredentials(credentials: Credentials): void;
|
179 | /**
|
180 | * Append additional headers, e.g., x-goog-user-project, shared across the
|
181 | * classes inheriting AuthClient. This method should be used by any method
|
182 | * that overrides getRequestMetadataAsync(), which is a shared helper for
|
183 | * setting request information in both gRPC and HTTP API calls.
|
184 | *
|
185 | * @param headers object to append additional headers to.
|
186 | */
|
187 | protected addSharedMetadataHeaders(headers: Headers): Headers;
|
188 | /**
|
189 | * Retry config for Auth-related requests.
|
190 | *
|
191 | * @remarks
|
192 | *
|
193 | * This is not a part of the default {@link AuthClient.transporter transporter/gaxios}
|
194 | * config as some downstream APIs would prefer if customers explicitly enable retries,
|
195 | * such as GCS.
|
196 | */
|
197 | protected static get RETRY_CONFIG(): GaxiosOptions;
|
198 | }
|
199 | export {};
|