[GWS-3384] Implements automatic refresh and token management for system auth and company auth

.speakeasy/workflow.yaml

@@ -10,6 +10,7 @@ sources:
             - location: https://raw.githubusercontent.com/Gusto/Gusto-Partner-API/refs/heads/main/.speakeasy/speakeasy-modifications-overlay.yaml
               authHeader: Authorization
               authSecret: $openapi_doc_auth_token
+            - location: gusto_embedded/.speakeasy/speakeasy-modifications-overlay.yaml
         registry:
             location: registry.speakeasyapi.dev/gusto/ruby-sdk/gusto-embedded-oas
 targets:

gusto_embedded/.genignore

@@ -0,0 +1 @@
+/src/hooks/clientcredentials.ts

gusto_embedded/.speakeasy/speakeasy-modifications-overlay.yaml

@@ -0,0 +1,24 @@
+overlay: 1.0.0
+info:
+  title: Speakeasy Modifications
+  version: 0.0.2
+  x-speakeasy-metadata:
+    after: ""
+    before: ""
+    type: speakeasy-modifications
+actions:
+  - target: $["components"]["securitySchemes"]["SystemAccessAuth"]
+    update:
+      type: http
+      scheme: custom
+      x-speakeasy-custom-security-scheme:
+        schema:
+          type: object
+          properties:
+            clientId:
+              type: string
+            clientSecret:
+              type: string
+          required:
+            - clientId
+            - clientSecret

gusto_embedded/README.md

@@ -94,29 +94,92 @@ yarn add @tanstack/react-query react react-dom
 For supported JavaScript runtimes, please consult [RUNTIMES.md](RUNTIMES.md).
 <!-- End Requirements [requirements] -->
 
-<!-- Start SDK Example Usage [usage] -->
 ## SDK Example Usage
 
 ### Example
+Automatic token refresh using a persistent data store.
 
 ```typescript
 import { GustoEmbedded } from "@gusto/embedded-api";
+import { CompanyAuthenticatedClient } = "@gusto/embedded-api/CompanyAuthenticatedClient";
 
-const gustoEmbedded = new GustoEmbedded({
-  companyAccessAuth: process.env["GUSTOEMBEDDED_COMPANY_ACCESS_AUTH"] ?? "",
-});
+class PersistentTokenStore implements TokenStore {
+  constructor() {}
+
+  async get() {
+    const { token, expires, refreshToken } = retrieveToken();
+
+    return {
+      token,
+      expires,
+      refreshToken,
+    };
+  }
+
+  async set({
+    token,
+    expires,
+    refreshToken,
+  }: {
+    token: string;
+    expires: number;
+    refreshToken: string;
+  }) {
+    saveToken(token, refreshToken, expires);
+  }
+}
+
+const client = new GustoEmbedded();
+const clientId = process.env["GUSTOEMBEDDED_CLIENT_ID"]
+const clientSecret = process.env["GUSTOEMBEDDED_CLIENT_SECRET"];
 
 async function run() {
-  const result = await gustoEmbedded.introspection.getInfo({});
+  const response = await client.companies.createPartnerManaged(
+    {
+      clientId,
+      clientSecret,
+    },
+    {
+      requestBody: {
+        user: {
+          firstName: "Frank",
+          lastName: "Ocean",
+          email: "[email protected]",
+          phone: "2345558899",
+        },
+        company: {
+          name: "Frank's Ocean, LLC",
+          tradeName: "Frank’s Ocean",
+          ein: "123456789",
+          contractorOnly: false,
+        },
+      },
+    }
+  );
 
-  // Handle the result
-  console.log(result);
+  const { accessToken, refreshToken, companyUuid, expiresIn } = response.object;
+
+  const tokenStore = PersistentTokenStore();
+
+  const companyAuthClient = CompanyAuthenticatedClient({
+    clientId,
+    clientSecret,
+    accessToken,
+    refreshToken,
+    expiresIn,
+    options: {
+      server: "demo",
+      tokenStore,
+    },
+  });
+
+  await companyAuthClient.companies.get({ companyId: companyUuid });
 }
 
 run();
 
 ```
-<!-- End SDK Example Usage [usage] -->
+<!-- No SDK Example Usage [usage] -->
 
 <!-- Start Authentication [security] -->
 ## Authentication
@@ -158,7 +221,8 @@ const gustoEmbedded = new GustoEmbedded();
 
 async function run() {
   const result = await gustoEmbedded.companies.createPartnerManaged({
-    systemAccessAuth: process.env["GUSTOEMBEDDED_SYSTEM_ACCESS_AUTH"] ?? "",
+    clientId: process.env["GUSTOEMBEDDED_CLIENT_ID"] ?? "",
+    clientSecret: process.env["GUSTOEMBEDDED_CLIENT_SECRET"] ?? "",
   }, {
     requestBody: {
       user: {
@@ -1262,7 +1326,8 @@ async function run() {
   let result;
   try {
     result = await gustoEmbedded.companies.createPartnerManaged({
-      systemAccessAuth: process.env["GUSTOEMBEDDED_SYSTEM_ACCESS_AUTH"] ?? "",
+      clientId: process.env["GUSTOEMBEDDED_CLIENT_ID"] ?? "",
+      clientSecret: process.env["GUSTOEMBEDDED_CLIENT_SECRET"] ?? "",
     }, {
       requestBody: {
         user: {
@@ -1458,7 +1523,7 @@ looking for the latest version.
 
 ## Contributions
 
-While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. 
-We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release. 
+While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation.
+We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.
 
 ### SDK Created by [Speakeasy](https://www.speakeasy.com/?utm_source=gusto-embedded&utm_campaign=typescript)

gusto_embedded/src/CompanyAuthenticatedClient.ts

@@ -0,0 +1,78 @@
+import { HTTPClient } from "./lib/http.js";
+import {
+  InMemoryTokenStore,
+  refreshAndSaveAuthToken,
+  TokenRefreshOptions,
+  withTokenRefresh,
+} from "./companyAuth.js";
+import { GustoEmbedded } from "./sdk/sdk.js";
+import { SDKOptions, ServerDemo, ServerList } from "./lib/config.js";
+
+type ClientArguments = {
+  clientId: string;
+  clientSecret: string;
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+  options?: TokenRefreshOptions & SDKOptions;
+};
+
+export function CompanyAuthenticatedClient({
+  clientId,
+  clientSecret,
+  accessToken,
+  refreshToken,
+  expiresIn,
+  options = {},
+}: ClientArguments) {
+  const authUrl = constructAuthUrl(options);
+  const tokenStore = new InMemoryTokenStore();
+
+  const httpClientWithTokenRefresh = options.httpClient ?? new HTTPClient();
+
+  httpClientWithTokenRefresh.addHook("response", async (res) => {
+    if (res.status === 401) {
+      console.log("Unauthorized, attempting to refresh token");
+
+      await refreshAndSaveAuthToken(
+        authUrl,
+        { clientId, clientSecret, refreshToken },
+        tokenStore
+      );
+    }
+  });
+
+  return new GustoEmbedded({
+    ...options,
+    httpClient: httpClientWithTokenRefresh,
+    companyAccessAuth: withTokenRefresh(
+      clientId,
+      clientSecret,
+      accessToken,
+      refreshToken,
+      expiresIn,
+      {
+        tokenStore,
+        ...options,
+        url: authUrl,
+      }
+    ),
+  });
+}
+
+function constructAuthUrl(
+  options: TokenRefreshOptions & Pick<SDKOptions, "server" | "serverURL">
+) {
+  const { server, serverURL } = options;
+
+  if (server) {
+    const baseUrl = ServerList[server] || "";
+    return `${baseUrl}/oauth/token`;
+  }
+
+  if (serverURL) {
+    return `${serverURL}/oauth/token`;
+  }
+
+  return `${ServerList[ServerDemo]}/oauth/token`;
+}