Skip to content

fix(oauth): add client_id to exchangeCodeForToken + extend unit tests#12

Merged
Theosakamg merged 1 commit into
mainfrom
fix/oauth-client-id-alignment
Jun 4, 2026
Merged

fix(oauth): add client_id to exchangeCodeForToken + extend unit tests#12
Theosakamg merged 1 commit into
mainfrom
fix/oauth-client-id-alignment

Conversation

@Theosakamg

Copy link
Copy Markdown
Collaborator

Summary

Align Node.js SDK with PHP SDK on the api_token grant request and extend unit test coverage.

Bug fix — client_id missing from exchangeCodeForToken()

The PHP SDK sends client_id in both the api_token and refresh_token grants. The Node.js SDK was only sending it in refresh_token. This adds client_id to the URLSearchParams of the api_token grant in src/core/oauth-provider.ts.

const params = new URLSearchParams({
  grant_type: 'api_token',
  api_token: this.clientSecret,
  client_id: this.clientId,  // ← added
});

Unit tests extended

tests/unit/core/oauth2-client.test.ts (+2 changes):

  • Updated existing test to assert client_id is present in the api_token grant body
  • Added new test: refreshAccessToken throws 'No refresh token available' when called without a stored refresh token (covers the defensive guard on line 121)

tests/unit/upsun-client.test.ts (+14 new tests):

  • createAuthRetryMiddleware: non-401 pass-through, 401 triggers forceRefresh() + retry, __upsunRetry double-retry guard, bearer-only mode (no this.auth)
  • getUserId: fetches and caches user ID
  • getToken: bearer path returns token, throws when no auth method available
  • authenticate: throws without API key, returns true on success
  • cloneHeaders: handles undefined, Headers instance, array pairs, plain object

Coverage

File Statements Branches Functions Lines
src/core/oauth-provider.ts 100% 100% 100% 100%
src/upsun.ts 100% 96%* 100% 100%

*96% branches: init || {} defensive fallback on line 312 — unreachable through the generated API stack, acceptable.

618 unit tests passing, 0 failures.

- Add client_id param to api_token grant in exchangeCodeForToken() to
  align with PHP SDK (RFC 6749 §4.4 / platform-specific requirement)
- Add 14 new tests to upsun-client.test.ts covering: middleware retry
  logic (401/non-401/double-retry/bearer-only), getUserId caching,
  getToken bearer/throw paths, authenticate success/no-key, cloneHeaders
  (undefined/Headers/array/object)
- Add 1 new test + update 1 existing test in oauth2-client.test.ts:
  assert client_id present in api_token grant body; add refresh-token
  missing guard coverage

618 unit tests passing, 0 failures
Coverage: oauth-provider.ts 100%, upsun.ts 100%/96% branches
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

Upsun SDK checker report

Display raw output

════════════════════════════════════════════════════════════════════════════════
  SDK Signature Comparison Report
════════════════════════════════════════════════════════════════════════════════


📦 Class: DomainsTask
   Languages: node, php
────────────────────────────────────────────────────────────────────────────────

  ⚠️  Signature Differences:

     Method: add()
       node: (projectId: string, domain: string)
       php: (projectId: string, domainCreateInput: DomainCreateInput)

📦 Class: EnvironmentsTask
   Languages: node, php
────────────────────────────────────────────────────────────────────────────────

  ⚠️  Signature Differences:

     Method: init()
       node: (projectId: string, environmentId: string, profile: string, repository: string, files: FilesInner[])
       php: (projectId: string, environmentId: string, profile: string, repository: string, fileMode: string, filePath: string, fileContents: string)

     Method: addDomain()
       node: (projectId: string, environmentId: string, domainName: string)
       php: (projectId: string, domainCreateInput: DomainCreateInput)

📦 Class: IntegrationsTask
   Languages: node, php
────────────────────────────────────────────────────────────────────────────────

  ⚠️  Signature Differences:

     Method: createIntegration()
       node: (projectId: string, type: string, params: IntegrationCreateData)
       php: (projectId: string, integrationCreateInput: IntegrationCreateCreateInput)

     Method: updateIntegration()
       node: (projectId: string, integrationId: string, type: string, params: IntegrationCreateData)
       php: (projectId: string, integrationId: string, integrationUpdateInput: IntegrationPatch)

📦 Class: MetricsTask
   Languages: node, php
────────────────────────────────────────────────────────────────────────────────

  ⚠️  Missing Methods:
     php:
       - fetchMetrics()

📦 Class: ProjectsTask
   Languages: node, php
────────────────────────────────────────────────────────────────────────────────

  ⚠️  Signature Differences:

     Method: updateSettings()
       node: (projectId: string, settings: ProjectSettings)
       php: (projectId: string)

════════════════════════════════════════════════════════════════════════════════
  Summary
────────────────────────────────────────────────────────────────────────────────
  Total classes analyzed: 26
  ⚠️  Found 7 issue(s)
════════════════════════════════════════════════════════════════════════════════


@Theosakamg Theosakamg merged commit 251eb5b into main Jun 4, 2026
8 checks passed
@Theosakamg Theosakamg deleted the fix/oauth-client-id-alignment branch June 4, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants