feat(arcgis-rest-developer-credentials)!: support updated API keys

* feat(arcgis-rest-developer-credentials)!: support updated API keys

* chore: remove demo

* chore: update package lock

* chore: update package lock

Author: patrickarlt

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@esri/arcgis-rest-developer-credentials",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "Developer Credentials for @esri/arcgis-rest-js",
   "license": "Apache-2.0",
   "keywords": [

packages/arcgis-rest-developer-credentials/package.json

@@ -5,7 +5,8 @@ import {
   ICreateItemOptions,
   createItem,
   getItem,
-  IItemAdd
+  IItemAdd,
+  updateItem
 } from "@esri/arcgis-rest-portal";
 import {
   IApiKeyResponse,
@@ -18,8 +19,11 @@ import {
   appToApiKeyProperties,
   filterKeys,
   extractBaseRequestOptions,
-  arePrivilegesValid
+  generateApiKeyTokens,
+  generateOptionsToSlots,
+  buildExpirationDateParams
 } from "./shared/helpers.js";
+import { getRegisteredAppInfo } from "./shared/getRegisteredAppInfo.js";
 
 /**
  * Used to register an API key. See the [security and authentication](https://developers.arcgis.com/documentation/mapping-apis-and-services/security/api-keys/) for more information about API key.
@@ -37,7 +41,7 @@ import {
  *   title: "xyz_title",
  *   description: "xyz_desc",
  *   tags: ["xyz_tag1", "xyz_tag2"],
- *   privileges: [Privileges.Geocode, Privileges.FeatureReport],
+ *   privileges: ["premium:user:networkanalysis:routing"],
  *   authentication: authSession
  * }).then((registeredAPIKey: IApiKeyResponse) => {
  *   // => {apiKey: "xyz_key", item: {tags: ["xyz_tag1", "xyz_tag2"], ...}, ...}
@@ -52,14 +56,9 @@ import {
 export async function createApiKey(
   requestOptions: ICreateApiKeyOptions
 ): Promise<IApiKeyResponse> {
-  if (!arePrivilegesValid(requestOptions.privileges)) {
-    throw new Error("The `privileges` option contains invalid privileges.");
-  }
-
   requestOptions.httpMethod = "POST";
 
   // filter param buckets:
-
   const baseRequestOptions = extractBaseRequestOptions(requestOptions); // snapshot of basic IRequestOptions before customized params being built into it
 
   const itemAddProperties: Array<keyof IItemAdd> = [
@@ -79,11 +78,13 @@ export async function createApiKey(
     "url"
   ];
 
-  // step 1: add item
+  /**
+   * step 1: create item
+   */
   const createItemOption: ICreateItemOptions = {
     item: {
       ...filterKeys(requestOptions as any, itemAddProperties),
-      type: "API Key"
+      type: "Application"
     },
     ...baseRequestOptions,
     authentication: requestOptions.authentication,
@@ -94,26 +95,71 @@ export async function createApiKey(
 
   const createItemResponse = await createItem(createItemOption);
 
-  // step 2: register app
-  const registerAppOption: IRegisterAppOptions = {
+  /**
+   * getRegisteredAppInfoRoute
+   */
+  const registerAppOptions: IRegisterAppOptions = {
     itemId: createItemResponse.id,
-    appType: "apikey",
-    redirect_uris: [],
+    appType: "multiple",
+    redirect_uris: ["urn:ietf:wg:oauth:2.0:oob"],
     httpReferrers: requestOptions.httpReferrers || [],
     privileges: requestOptions.privileges,
     ...baseRequestOptions,
     authentication: requestOptions.authentication
   };
 
-  const registeredAppResponse = await registerApp(registerAppOption);
+  const registeredAppResponse = await registerApp(registerAppOptions);
+
+  /**
+   * step 3: update item with desired expiration dates
+   * you cannot set the expiration date propierties until you
+   * regiester the app so this has to be a seperate step
+   */
+  await updateItem({
+    ...baseRequestOptions,
+    item: {
+      id: createItemResponse.id,
+      ...buildExpirationDateParams(requestOptions, true)
+    },
+    authentication: requestOptions.authentication
+  });
+
+  /*
+   * step 4: get item info
+   */
   const itemInfo = await getItem(registeredAppResponse.itemId, {
     ...baseRequestOptions,
     authentication: requestOptions.authentication,
     params: { f: "json" }
   });
 
+  /**
+   * step 5: generate tokens if requested
+   */
+  const generatedTokens = await generateApiKeyTokens(
+    itemInfo.id,
+    generateOptionsToSlots(
+      requestOptions.generateToken1,
+      requestOptions.generateToken2
+    ),
+    {
+      ...baseRequestOptions,
+      authentication: requestOptions.authentication
+    }
+  );
+
+  /**
+   * step 6: get registered app info to get updated active key status
+   */
+  const updatedRegisteredAppResponse = await getRegisteredAppInfo({
+    ...baseRequestOptions,
+    itemId: itemInfo.id,
+    authentication: requestOptions.authentication
+  });
+
   return {
-    ...appToApiKeyProperties(registeredAppResponse),
+    ...generatedTokens,
+    ...appToApiKeyProperties(updatedRegisteredAppResponse),
     item: itemInfo
   };
 }

packages/arcgis-rest-developer-credentials/src/createApiKey.ts

@@ -4,8 +4,6 @@
 export * from "./createApiKey.js";
 export * from "./updateApiKey.js";
 export * from "./getApiKey.js";
-export * from "./deleteApiKey.js";
-export * from "./deleteOAuthApp.js";
 export * from "./getOAuthApp.js";
 export * from "./updateOAuthApp.js";
 export * from "./createOAuthApp.js";

packages/arcgis-rest-developer-credentials/src/deleteApiKey.ts

@@ -1,25 +1,4 @@
 /**
- * Used to describe privilege list of an app.
+ * Used to describe privilege list of an app. For a comlete list of privileges, see the [list of privileges in the security and authentication guide](https://developers.arcgis.com/documentation/security-and-authentication/reference/privileges/#list-of-privileges).
  */
-export enum Privileges {
-  Basemaps = "portal:apikey:basemaps",
-  Demographics = "premium:user:demographics",
-  Elevation = "premium:user:elevation",
-  FeatureReport = "premium:user:featurereport",
-  Geocode = "premium:user:geocode",
-  GeocodeStored = "premium:user:geocode:stored",
-  GeocodeTemporary = "premium:user:geocode:temporary",
-  GeoEnrichment = "premium:user:geoenrichment",
-  NetworkAnalysis = "premium:user:networkanalysis",
-  NetworkAnalysisRouting = "premium:user:networkanalysis:routing",
-  NetworkAnalysisOptimizedRouting = "premium:user:networkanalysis:optimizedrouting",
-  NetworkAnalysisClosestFacility = "premium:user:networkanalysis:closestfacility",
-  NetworkAnalysisServiceArea = "premium:user:networkanalysis:servicearea",
-  NetworkAnalysisLocationalLocation = "premium:user:networkanalysis:locationallocation",
-  NetworkAnalysisVehicleRouting = "premium:user:networkanalysis:vehiclerouting",
-  NetworkAnalysisOriginDestinationCostMatrix = "premium:user:networkanalysis:origindestinationcostmatrix",
-  Places = "premium:user:places",
-  SpatialAnalysis = "premium:user:spatialanalysis",
-  GeoAnalytics = "premium:publisher:geoanalytics",
-  RasterAnalysis = "premium:publisher:rasteranalysis"
-}
+export type Privileges = string[];

packages/arcgis-rest-developer-credentials/src/deleteOAuthApp.ts

@@ -0,0 +1,39 @@
+import {
+  request,
+  IRequestOptions,
+  IAuthenticationManager
+} from "@esri/arcgis-rest-request";
+import { getRegisteredAppInfo } from "./getRegisteredAppInfo.js";
+import { getPortalUrl } from "@esri/arcgis-rest-portal";
+
+export interface IGenerateApiKeyTokenOptions extends IRequestOptions {
+  itemId: string;
+  apiKey: 1 | 2;
+  portal?: string;
+  authentication: IAuthenticationManager;
+}
+
+export async function generateApiKeyToken(
+  options: IGenerateApiKeyTokenOptions
+): Promise<{ access_token: string; expires_in: number }> {
+  const portal = getPortalUrl(options);
+  const url = `${portal}/oauth2/token`;
+
+  const appInfo = await getRegisteredAppInfo({
+    itemId: options.itemId,
+    authentication: options.authentication
+  });
+
+  const params = {
+    client_id: appInfo.client_id,
+    client_secret: appInfo.client_secret,
+    apiToken: options.apiKey,
+    regenerateApiToken: true,
+    grant_type: "client_credentials"
+  };
+
+  return request(url, {
+    authentication: options.authentication,
+    params
+  });
+}