Add Support for Token-Based Authentication in CometServer #2
Description
Description
Currently, the CometServer class in the comet-js-sdk requires both a username and password to initialize and authenticate API requests. While this works for many use cases, there doesn't appear to be functionality for token-based authentication, such as using a SessionKey or other token types, directly within the SDK.
For some scenarios, especially when impersonating users or working with specific user sessions (AdminAccountSessionStartAsUser), it would be highly beneficial to allow CometServer to be initialized with a token instead of a password.
Proposed Feature
- Add support for token-based authentication alongside the existing username/password mechanism.
- Extend the
CometServerConfiginterface to include atokenfield. - Modify the
_requestPmethod to prioritize the token for authentication if provided:- If
tokenexists in the config, include it in theSessionKeyparameter for all API requests. - If
tokenis not provided, fallback to the current username/password mechanism.
- If
Example Usage:
const comet = new CometServer({
url: "https://comet.example.com",
username: "asdf",
token: "your-session-token",
});
// Example API call using the token
const jobs = await comet.UserWebGetJobsP();Benefits
- Simplifies API usage for user impersonation flows.
- Reduces the need for storing sensitive username/password combinations when a session token can be used.
- Aligns with best practices for API security by allowing short-lived tokens for authentication.
Workarounds Tried
Currently, I'm testing an extended CometServer class to include token support manually. For example:
type ExtendedCometServerConfig = Partial<CometServerConfig> & {
token?: string;
};
class ExtendedCometServer extends CometServer {
private token?: string;
constructor(config: ExtendedCometServerConfig) {
super({
url: config.url || "",
username: config.username || "",
password: config.password || "",
});
// Assign the session token if provided
if (config.token) {
this.token = config.token;
}
}
// Extended _requestP to support SessionKey
async _requestP(call: string, params: { [key: string]: string }): Promise<any> {
const requestBody = new URLSearchParams();
if (this.token) {
requestBody.append("Username", params["Username"]);
requestBody.append("AuthType", "SessionKey");
requestBody.append("SessionKey", this.token);
} else {
requestBody.append("AuthType", "Password");
requestBody.append("Username", params["Username"] || "");
requestBody.append("Password", params["Password"] || "");
}
for (const key in params) {
if (key !== "Password" && key !== "SessionKey") {
requestBody.append(key, params[key]);
}
}
...Request
Would it be acceptable to add built-in support for token-based authentication in the CometServer class or is there an alternative method for handling session tokens directly?
Environment
- SDK Version: v3.3.0
- Node.js Version: 20.0.0
- API Server: 24.11.0 "Dione"
Thank you for considering this feature request! Please let me know if additional details are required or if there's a different recommended approach to achieve this.