From 07bcfce562146c65f9b3ac76e2e8ed693b14afb8 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Thu, 24 Apr 2025 21:14:30 +0000 Subject: [PATCH 1/8] chore(core): add utility resolveAuthSchemes --- .../resolveAuthSchemes.ts | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts new file mode 100644 index 00000000000..dc5b56a9e7d --- /dev/null +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts @@ -0,0 +1,34 @@ +import { HttpAuthScheme } from "@smithy/types"; + +/** + * Resolves list of auth schemes based on the supported ones, vs the preference list. + * + * @param candidateAuthSchemes list of supported auth schemes selected by the standard + * resolution process (model-based, endpoints 2.0, etc.) + * @param authSchemePreference list of auth schemes preferred by user. + * @returns + */ +export const resolveAuthSchemes = (candidateAuthSchemes: HttpAuthScheme[], authSchemePreference: string[]) => { + if (!authSchemePreference || authSchemePreference.length === 0) { + // reprioritize candidates based on user's preference + const preferredAuthSchemes = []; + + for (const preferredSchemeName of authSchemePreference) { + for (const candidateAuthScheme of candidateAuthSchemes) { + const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1] + if (candidateAuthSchemeName === preferredSchemeName) { + preferredAuthSchemes.push(candidateAuthScheme); + } + } + } + + // add any remaining candidates that weren't in the preference list + for (const candidateAuthScheme of candidateAuthSchemes) { + if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { + preferredAuthSchemes.push(candidateAuthScheme); + } + } + } else { + return candidateAuthSchemes; + } + } \ No newline at end of file From 56bff6b827c7b3bcadf4f7bfe3d42cda2100acd1 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Thu, 24 Apr 2025 21:19:36 +0000 Subject: [PATCH 2/8] chore: yarn changeset --- .changeset/fluffy-ducks-grin.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/fluffy-ducks-grin.md diff --git a/.changeset/fluffy-ducks-grin.md b/.changeset/fluffy-ducks-grin.md new file mode 100644 index 00000000000..44f78383ef7 --- /dev/null +++ b/.changeset/fluffy-ducks-grin.md @@ -0,0 +1,5 @@ +--- +"@smithy/core": minor +--- + +Resolve auth schemes based on the preference list From a61d08715a062b778f7e2fe523f51968ca0e2578 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Thu, 24 Apr 2025 21:20:43 +0000 Subject: [PATCH 3/8] chore: format resolveAuthSchemes.ts --- .../resolveAuthSchemes.ts | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts index dc5b56a9e7d..6869139412f 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts @@ -2,33 +2,33 @@ import { HttpAuthScheme } from "@smithy/types"; /** * Resolves list of auth schemes based on the supported ones, vs the preference list. - * + * * @param candidateAuthSchemes list of supported auth schemes selected by the standard * resolution process (model-based, endpoints 2.0, etc.) * @param authSchemePreference list of auth schemes preferred by user. - * @returns + * @returns */ export const resolveAuthSchemes = (candidateAuthSchemes: HttpAuthScheme[], authSchemePreference: string[]) => { - if (!authSchemePreference || authSchemePreference.length === 0) { - // reprioritize candidates based on user's preference - const preferredAuthSchemes = []; - - for (const preferredSchemeName of authSchemePreference) { - for (const candidateAuthScheme of candidateAuthSchemes) { - const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1] - if (candidateAuthSchemeName === preferredSchemeName) { - preferredAuthSchemes.push(candidateAuthScheme); - } - } - } - - // add any remaining candidates that weren't in the preference list + if (!authSchemePreference || authSchemePreference.length === 0) { + // reprioritize candidates based on user's preference + const preferredAuthSchemes = []; + + for (const preferredSchemeName of authSchemePreference) { for (const candidateAuthScheme of candidateAuthSchemes) { - if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { + const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1]; + if (candidateAuthSchemeName === preferredSchemeName) { preferredAuthSchemes.push(candidateAuthScheme); } } - } else { - return candidateAuthSchemes; } - } \ No newline at end of file + + // add any remaining candidates that weren't in the preference list + for (const candidateAuthScheme of candidateAuthSchemes) { + if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { + preferredAuthSchemes.push(candidateAuthScheme); + } + } + } else { + return candidateAuthSchemes; + } +}; From 4e6fa23aeacc7236d611a9cb2207b9adf5d2ebd5 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Thu, 24 Apr 2025 21:44:54 +0000 Subject: [PATCH 4/8] test: resolveAuthSchemes.spec.ts --- .../resolveAuthSchemes.spec.ts | 41 +++++++++++++++++++ .../resolveAuthSchemes.ts | 30 +++++++------- 2 files changed, 57 insertions(+), 14 deletions(-) create mode 100644 packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts new file mode 100644 index 00000000000..cd96cd52652 --- /dev/null +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts @@ -0,0 +1,41 @@ +import { describe, it, expect } from "vitest"; +import { HttpAuthScheme } from "@smithy/types"; +import { resolveAuthSchemes } from "./resolveAuthSchemes"; + +describe("resolveAuthSchemes", () => { + const sigv4 = "sigv4"; + const sigv4a = "sigv4a"; + + const mockSigV4AuthScheme = { schemeId: `aws.auth#${sigv4}` } as HttpAuthScheme; + const mockSigV4aAuthScheme = { schemeId: `aws.auth#${sigv4a}` } as HttpAuthScheme; + + it("should return candidate auth schemes is preference list is not available", () => { + const candidateAuthSchemes = [mockSigV4AuthScheme, mockSigV4aAuthScheme]; + expect(resolveAuthSchemes(candidateAuthSchemes, [])).toEqual(candidateAuthSchemes); + + // @ts-expect-error case where callee incorrectly passes undefined + expect(resolveAuthSchemes(candidateAuthSchemes)).toEqual(candidateAuthSchemes); + }); + + it("should return auth scheme from preference if it's available", () => { + expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a])).toEqual([ + mockSigV4aAuthScheme, + mockSigV4AuthScheme, + ]); + + expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a, sigv4])).toEqual([ + mockSigV4aAuthScheme, + mockSigV4AuthScheme, + ]); + + expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4, sigv4a])).toEqual([ + mockSigV4AuthScheme, + mockSigV4aAuthScheme, + ]); + }); + + it("should ignore auth scheme from preference if it's not available", () => { + expect(resolveAuthSchemes([mockSigV4AuthScheme], [sigv4a])).toEqual([mockSigV4AuthScheme]); + expect(resolveAuthSchemes([mockSigV4AuthScheme], ["sigv3"])).toEqual([mockSigV4AuthScheme]); + }); +}); diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts index 6869139412f..d34308b6ade 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts @@ -10,25 +10,27 @@ import { HttpAuthScheme } from "@smithy/types"; */ export const resolveAuthSchemes = (candidateAuthSchemes: HttpAuthScheme[], authSchemePreference: string[]) => { if (!authSchemePreference || authSchemePreference.length === 0) { - // reprioritize candidates based on user's preference - const preferredAuthSchemes = []; + return candidateAuthSchemes; + } - for (const preferredSchemeName of authSchemePreference) { - for (const candidateAuthScheme of candidateAuthSchemes) { - const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1]; - if (candidateAuthSchemeName === preferredSchemeName) { - preferredAuthSchemes.push(candidateAuthScheme); - } - } - } + // reprioritize candidates based on user's preference + const preferredAuthSchemes = []; - // add any remaining candidates that weren't in the preference list + for (const preferredSchemeName of authSchemePreference) { for (const candidateAuthScheme of candidateAuthSchemes) { - if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { + const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1]; + if (candidateAuthSchemeName === preferredSchemeName) { preferredAuthSchemes.push(candidateAuthScheme); } } - } else { - return candidateAuthSchemes; } + + // add any remaining candidates that weren't in the preference list + for (const candidateAuthScheme of candidateAuthSchemes) { + if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { + preferredAuthSchemes.push(candidateAuthScheme); + } + } + + return preferredAuthSchemes; }; From 22ed5f0490640ed9c4465f1a04861c0aaeb62982 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Fri, 25 Apr 2025 03:47:47 +0000 Subject: [PATCH 5/8] feat: resolve auth schemes based on the preference list --- .../httpAuthSchemeMiddleware.ts | 30 +++++++++++-------- .../resolveAuthSchemes.spec.ts | 3 +- .../resolveAuthSchemes.ts | 5 +++- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts index 80251e7abfc..7664e643643 100644 --- a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts +++ b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts @@ -1,11 +1,13 @@ import { HandlerExecutionContext, + HttpAuthOption, HttpAuthScheme, HttpAuthSchemeId, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider, IdentityProviderConfig, + Provider, SelectedHttpAuthScheme, SerializeHandler, SerializeHandlerArguments, @@ -15,10 +17,13 @@ import { } from "@smithy/types"; import { getSmithyContext } from "@smithy/util-middleware"; +import { resolveAuthSchemes } from "./resolveAuthSchemes"; + /** * @internal */ export interface PreviouslyResolved { + authSchemePreference: Provider; httpAuthSchemes: HttpAuthScheme[]; httpAuthSchemeProvider: HttpAuthSchemeProvider; } @@ -52,12 +57,11 @@ interface HttpAuthSchemeMiddlewareHandlerExecutionContext extends HandlerExecuti /** * @internal - * Later HttpAuthSchemes with the same HttpAuthSchemeId will overwrite previous ones. */ -function convertHttpAuthSchemesToMap(httpAuthSchemes: HttpAuthScheme[]): Map { +function convertHttpAuthOptionsToMap(httpAuthOptions: HttpAuthOption[]): Map { const map = new Map(); - for (const scheme of httpAuthSchemes) { - map.set(scheme.schemeId, scheme); + for (const authOption of httpAuthOptions) { + map.set(authOption.schemeId, authOption); } return map; } @@ -84,18 +88,20 @@ export const httpAuthSchemeMiddleware = const options = config.httpAuthSchemeProvider( await mwOptions.httpAuthSchemeParametersProvider(config, context as TContext, args.input) ); - const authSchemes = convertHttpAuthSchemesToMap(config.httpAuthSchemes); + const optionsMap = convertHttpAuthOptionsToMap(options); + + const authSchemePreference = await config.authSchemePreference(); + const resolvedAuthSchemes = resolveAuthSchemes(config.httpAuthSchemes, authSchemePreference); + config.httpAuthSchemes = resolvedAuthSchemes; + const smithyContext: HttpAuthSchemeMiddlewareSmithyContext = getSmithyContext(context); const failureReasons = []; - for (const option of options) { - const scheme = authSchemes.get(option.schemeId); - if (!scheme) { - failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` was not enabled for this service.`); - continue; - } + + for (const scheme of resolvedAuthSchemes) { + const option = optionsMap.get(scheme.schemeId) as HttpAuthOption; const identityProvider = scheme.identityProvider(await mwOptions.identityProviderConfigProvider(config)); if (!identityProvider) { - failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` did not have an IdentityProvider configured.`); + failureReasons.push(`HttpAuthScheme \`${scheme.schemeId}\` did not have an IdentityProvider configured.`); continue; } const { identityProperties = {}, signingProperties = {} } = option.propertiesExtractor?.(config, context) || {}; diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts index cd96cd52652..5ce2d82032f 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts @@ -1,5 +1,6 @@ -import { describe, it, expect } from "vitest"; import { HttpAuthScheme } from "@smithy/types"; +import { describe, expect,it } from "vitest"; + import { resolveAuthSchemes } from "./resolveAuthSchemes"; describe("resolveAuthSchemes", () => { diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts index d34308b6ade..63ddf2d1037 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts @@ -8,7 +8,10 @@ import { HttpAuthScheme } from "@smithy/types"; * @param authSchemePreference list of auth schemes preferred by user. * @returns */ -export const resolveAuthSchemes = (candidateAuthSchemes: HttpAuthScheme[], authSchemePreference: string[]) => { +export const resolveAuthSchemes = ( + candidateAuthSchemes: HttpAuthScheme[], + authSchemePreference: string[] +): HttpAuthScheme[] => { if (!authSchemePreference || authSchemePreference.length === 0) { return candidateAuthSchemes; } From d0647d083eefd1730a1586491bf9815ed5a45881 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Fri, 25 Apr 2025 05:12:17 +0000 Subject: [PATCH 6/8] fix: formatting of resolveAuthSchemes.spec.ts --- .../src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts index 5ce2d82032f..7eb0dbc84d4 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts @@ -1,5 +1,5 @@ import { HttpAuthScheme } from "@smithy/types"; -import { describe, expect,it } from "vitest"; +import { describe, expect, it } from "vitest"; import { resolveAuthSchemes } from "./resolveAuthSchemes"; From 740779cf5e51c3d46b803daf61e7e8d798c0a0c1 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Thu, 24 Apr 2025 23:06:48 -0700 Subject: [PATCH 7/8] fix: set authSchemePreference to empty for backward compatibility --- .../src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts index 7664e643643..74bb1347145 100644 --- a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts +++ b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts @@ -90,7 +90,7 @@ export const httpAuthSchemeMiddleware = ); const optionsMap = convertHttpAuthOptionsToMap(options); - const authSchemePreference = await config.authSchemePreference(); + const authSchemePreference = config.authSchemePreference ? await config.authSchemePreference() : []; const resolvedAuthSchemes = resolveAuthSchemes(config.httpAuthSchemes, authSchemePreference); config.httpAuthSchemes = resolvedAuthSchemes; From ad8ab61eef213626d3b1c31221b0ba3d46db4848 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Fri, 25 Apr 2025 07:01:21 +0000 Subject: [PATCH 8/8] fix: resolve auth options instead of auth schemes --- .../httpAuthSchemeMiddleware.ts | 28 ++++++------- ...mes.spec.ts => resolveAuthOptions.spec.ts} | 22 +++++------ .../resolveAuthOptions.ts | 39 +++++++++++++++++++ .../resolveAuthSchemes.ts | 39 ------------------- 4 files changed, 65 insertions(+), 63 deletions(-) rename packages/core/src/middleware-http-auth-scheme/{resolveAuthSchemes.spec.ts => resolveAuthOptions.spec.ts} (64%) create mode 100644 packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.ts delete mode 100644 packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts diff --git a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts index 74bb1347145..b66024f1359 100644 --- a/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts +++ b/packages/core/src/middleware-http-auth-scheme/httpAuthSchemeMiddleware.ts @@ -1,6 +1,5 @@ import { HandlerExecutionContext, - HttpAuthOption, HttpAuthScheme, HttpAuthSchemeId, HttpAuthSchemeParameters, @@ -17,13 +16,13 @@ import { } from "@smithy/types"; import { getSmithyContext } from "@smithy/util-middleware"; -import { resolveAuthSchemes } from "./resolveAuthSchemes"; +import { resolveAuthOptions } from "./resolveAuthOptions"; /** * @internal */ export interface PreviouslyResolved { - authSchemePreference: Provider; + authSchemePreference?: Provider; httpAuthSchemes: HttpAuthScheme[]; httpAuthSchemeProvider: HttpAuthSchemeProvider; } @@ -57,11 +56,12 @@ interface HttpAuthSchemeMiddlewareHandlerExecutionContext extends HandlerExecuti /** * @internal + * Later HttpAuthSchemes with the same HttpAuthSchemeId will overwrite previous ones. */ -function convertHttpAuthOptionsToMap(httpAuthOptions: HttpAuthOption[]): Map { +function convertHttpAuthSchemesToMap(httpAuthSchemes: HttpAuthScheme[]): Map { const map = new Map(); - for (const authOption of httpAuthOptions) { - map.set(authOption.schemeId, authOption); + for (const scheme of httpAuthSchemes) { + map.set(scheme.schemeId, scheme); } return map; } @@ -88,20 +88,22 @@ export const httpAuthSchemeMiddleware = const options = config.httpAuthSchemeProvider( await mwOptions.httpAuthSchemeParametersProvider(config, context as TContext, args.input) ); - const optionsMap = convertHttpAuthOptionsToMap(options); const authSchemePreference = config.authSchemePreference ? await config.authSchemePreference() : []; - const resolvedAuthSchemes = resolveAuthSchemes(config.httpAuthSchemes, authSchemePreference); - config.httpAuthSchemes = resolvedAuthSchemes; + const resolvedOptions = resolveAuthOptions(options, authSchemePreference); + const authSchemes = convertHttpAuthSchemesToMap(config.httpAuthSchemes); const smithyContext: HttpAuthSchemeMiddlewareSmithyContext = getSmithyContext(context); const failureReasons = []; - - for (const scheme of resolvedAuthSchemes) { - const option = optionsMap.get(scheme.schemeId) as HttpAuthOption; + for (const option of resolvedOptions) { + const scheme = authSchemes.get(option.schemeId); + if (!scheme) { + failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` was not enabled for this service.`); + continue; + } const identityProvider = scheme.identityProvider(await mwOptions.identityProviderConfigProvider(config)); if (!identityProvider) { - failureReasons.push(`HttpAuthScheme \`${scheme.schemeId}\` did not have an IdentityProvider configured.`); + failureReasons.push(`HttpAuthScheme \`${option.schemeId}\` did not have an IdentityProvider configured.`); continue; } const { identityProperties = {}, signingProperties = {} } = option.propertiesExtractor?.(config, context) || {}; diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.spec.ts similarity index 64% rename from packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts rename to packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.spec.ts index 7eb0dbc84d4..4dd5f8f7ba1 100644 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.spec.ts +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.spec.ts @@ -1,42 +1,42 @@ -import { HttpAuthScheme } from "@smithy/types"; +import { HttpAuthOption } from "@smithy/types"; import { describe, expect, it } from "vitest"; -import { resolveAuthSchemes } from "./resolveAuthSchemes"; +import { resolveAuthOptions } from "./resolveAuthOptions"; describe("resolveAuthSchemes", () => { const sigv4 = "sigv4"; const sigv4a = "sigv4a"; - const mockSigV4AuthScheme = { schemeId: `aws.auth#${sigv4}` } as HttpAuthScheme; - const mockSigV4aAuthScheme = { schemeId: `aws.auth#${sigv4a}` } as HttpAuthScheme; + const mockSigV4AuthScheme = { schemeId: `aws.auth#${sigv4}` } as HttpAuthOption; + const mockSigV4aAuthScheme = { schemeId: `aws.auth#${sigv4a}` } as HttpAuthOption; it("should return candidate auth schemes is preference list is not available", () => { const candidateAuthSchemes = [mockSigV4AuthScheme, mockSigV4aAuthScheme]; - expect(resolveAuthSchemes(candidateAuthSchemes, [])).toEqual(candidateAuthSchemes); + expect(resolveAuthOptions(candidateAuthSchemes, [])).toEqual(candidateAuthSchemes); // @ts-expect-error case where callee incorrectly passes undefined - expect(resolveAuthSchemes(candidateAuthSchemes)).toEqual(candidateAuthSchemes); + expect(resolveAuthOptions(candidateAuthSchemes)).toEqual(candidateAuthSchemes); }); it("should return auth scheme from preference if it's available", () => { - expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a])).toEqual([ + expect(resolveAuthOptions([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a])).toEqual([ mockSigV4aAuthScheme, mockSigV4AuthScheme, ]); - expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a, sigv4])).toEqual([ + expect(resolveAuthOptions([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4a, sigv4])).toEqual([ mockSigV4aAuthScheme, mockSigV4AuthScheme, ]); - expect(resolveAuthSchemes([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4, sigv4a])).toEqual([ + expect(resolveAuthOptions([mockSigV4AuthScheme, mockSigV4aAuthScheme], [sigv4, sigv4a])).toEqual([ mockSigV4AuthScheme, mockSigV4aAuthScheme, ]); }); it("should ignore auth scheme from preference if it's not available", () => { - expect(resolveAuthSchemes([mockSigV4AuthScheme], [sigv4a])).toEqual([mockSigV4AuthScheme]); - expect(resolveAuthSchemes([mockSigV4AuthScheme], ["sigv3"])).toEqual([mockSigV4AuthScheme]); + expect(resolveAuthOptions([mockSigV4AuthScheme], [sigv4a])).toEqual([mockSigV4AuthScheme]); + expect(resolveAuthOptions([mockSigV4AuthScheme], ["sigv3"])).toEqual([mockSigV4AuthScheme]); }); }); diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.ts new file mode 100644 index 00000000000..1fd3d88e129 --- /dev/null +++ b/packages/core/src/middleware-http-auth-scheme/resolveAuthOptions.ts @@ -0,0 +1,39 @@ +import { HttpAuthOption } from "@smithy/types"; + +/** + * Resolves list of auth options based on the supported ones, vs the preference list. + * + * @param candidateAuthOptions list of supported auth options selected by the standard + * resolution process (model-based, endpoints 2.0, etc.) + * @param authSchemePreference list of auth schemes preferred by user. + * @returns + */ +export const resolveAuthOptions = ( + candidateAuthOptions: HttpAuthOption[], + authSchemePreference: string[] +): HttpAuthOption[] => { + if (!authSchemePreference || authSchemePreference.length === 0) { + return candidateAuthOptions; + } + + // reprioritize candidates based on user's preference + const preferredAuthOptions = []; + + for (const preferredSchemeName of authSchemePreference) { + for (const candidateAuthOption of candidateAuthOptions) { + const candidateAuthSchemeName = candidateAuthOption.schemeId.split("#")[1]; + if (candidateAuthSchemeName === preferredSchemeName) { + preferredAuthOptions.push(candidateAuthOption); + } + } + } + + // add any remaining candidates that weren't in the preference list + for (const candidateAuthOption of candidateAuthOptions) { + if (!preferredAuthOptions.find(({ schemeId }) => schemeId === candidateAuthOption.schemeId)) { + preferredAuthOptions.push(candidateAuthOption); + } + } + + return preferredAuthOptions; +}; diff --git a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts b/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts deleted file mode 100644 index 63ddf2d1037..00000000000 --- a/packages/core/src/middleware-http-auth-scheme/resolveAuthSchemes.ts +++ /dev/null @@ -1,39 +0,0 @@ -import { HttpAuthScheme } from "@smithy/types"; - -/** - * Resolves list of auth schemes based on the supported ones, vs the preference list. - * - * @param candidateAuthSchemes list of supported auth schemes selected by the standard - * resolution process (model-based, endpoints 2.0, etc.) - * @param authSchemePreference list of auth schemes preferred by user. - * @returns - */ -export const resolveAuthSchemes = ( - candidateAuthSchemes: HttpAuthScheme[], - authSchemePreference: string[] -): HttpAuthScheme[] => { - if (!authSchemePreference || authSchemePreference.length === 0) { - return candidateAuthSchemes; - } - - // reprioritize candidates based on user's preference - const preferredAuthSchemes = []; - - for (const preferredSchemeName of authSchemePreference) { - for (const candidateAuthScheme of candidateAuthSchemes) { - const candidateAuthSchemeName = candidateAuthScheme.schemeId.split("#")[1]; - if (candidateAuthSchemeName === preferredSchemeName) { - preferredAuthSchemes.push(candidateAuthScheme); - } - } - } - - // add any remaining candidates that weren't in the preference list - for (const candidateAuthScheme of candidateAuthSchemes) { - if (!preferredAuthSchemes.find(({ schemeId }) => schemeId === candidateAuthScheme.schemeId)) { - preferredAuthSchemes.push(candidateAuthScheme); - } - } - - return preferredAuthSchemes; -};