PipedreamHQ · jsendo · Jun 25, 2025 · Jun 26, 2025 · Jul 3, 2025 · Jul 3, 2025
diff --git a/components/bitget/bitget.app.mjs b/components/bitget/bitget.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/explorium/explorium.app.mjs b/components/explorium/explorium.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/hana/hana.app.mjs b/components/hana/hana.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/indiefunnels/indiefunnels.app.mjs b/components/indiefunnels/indiefunnels.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/joggai/joggai.app.mjs b/components/joggai/joggai.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/mumble/mumble.app.mjs b/components/mumble/mumble.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/sign_plus/sign_plus.app.mjs b/components/sign_plus/sign_plus.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/components/webscrape_ai/webscrape_ai.app.mjs b/components/webscrape_ai/webscrape_ai.app.mjs
@@ -8,4 +8,4 @@ export default {
       console.log(Object.keys(this.$auth));
     },
   },
-};
+};
diff --git a/packages/sdk/CHANGELOG.md b/packages/sdk/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 # Changelog
 
+## [1.7.0] - 2025-07-03
+
+### Added
+
+- Added optional scope parameter to backendClient creation.
+
 ## [1.6.11] - 2025-07-02
 
 ### Added

diff --git a/packages/sdk/package.json b/packages/sdk/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@pipedream/sdk",
   "type": "module",
-  "version": "1.6.11",
+  "version": "1.7.0",
   "description": "Pipedream SDK",
   "main": "./dist/server.js",
   "module": "./dist/server.js",

diff --git a/packages/sdk/src/server/index.ts b/packages/sdk/src/server/index.ts
@@ -56,6 +56,11 @@
    * https://pipedream.com/docs/workflows/domains
    */
   workflowDomain?: string;
+
+  /**
+   * OAuth scope to request when obtaining access tokens
+   */
+  scope?: string[];
 };
 
 /**
@@ -197,6 +202,7 @@
   };
   protected override projectId: string = "";
   private staticAccessToken?: string;
+  private scope?: string[];
 
   /**
    * Constructs a new ServerClient instance.
@@ -209,6 +215,7 @@
 
     this.ensureValidEnvironment(opts.environment);
     this.projectId = opts.projectId;
+    this.scope = opts.scope;
     if ("accessToken" in opts.credentials) {
       this.staticAccessToken = opts.credentials.accessToken;
     } else {
@@ -264,6 +271,16 @@
     return this.ensureValidOauthAccessToken();
   }
 
+  /**s
+   * Returns true if the client is configured to use a static access token.
+   *
+   * @returns True if the client is configured to use a static access token.
+   *
+   */
+  public isStaticAccessToken(): boolean {
+    return !!this.staticAccessToken;
+  }
+
   protected authHeaders(): string | Promise<string> {
     if (this.staticAccessToken) {
       return `Bearer ${this.staticAccessToken}`;
@@ -281,31 +298,68 @@
       as,
     } = this.oauthClient
 
-    let attempts = 0;
     const maxAttempts = 2;
 
     while (!this.oauthAccessToken || this.oauthAccessToken.expiresAt - Date.now() < 1000) {
-      if (attempts > maxAttempts) {
-        throw new Error("ran out of attempts trying to retrieve oauth access token");
-      }
-      if (attempts > 0) {
-        // Wait for a short duration before retrying to avoid rapid retries
-        await new Promise((resolve) => setTimeout(resolve, 100));
+      for (let attempts = 0; attempts <= maxAttempts; attempts++) {
-    const maxAttempts = 2;
-
-    while (!this.oauthAccessToken || this.oauthAccessToken.expiresAt - Date.now() < 1000) {
-      if (attempts > maxAttempts) {
-        throw new Error("ran out of attempts trying to retrieve oauth access token");
-      }
-      if (attempts > 0) {
-        // Wait for a short duration before retrying to avoid rapid retries
-        await new Promise((resolve) => setTimeout(resolve, 100));
-      for (let attempts = 0; attempts <= maxAttempts; attempts++) {
+    const maxAttempts = 2;
+
+    while (!this.oauthAccessToken || this.oauthAccessToken.expiresAt - Date.now() < 1000) {
+      for (let attempts = 0; attempts < maxAttempts; attempts++) {
-    const maxAttempts = 2;
-
-    while (!this.oauthAccessToken || this.oauthAccessToken.expiresAt - Date.now() < 1000) {
-      if (attempts > maxAttempts) {
-        throw new Error("ran out of attempts trying to retrieve oauth access token");
-      }
-      if (attempts > 0) {
-        // Wait for a short duration before retrying to avoid rapid retries
-        await new Promise((resolve) => setTimeout(resolve, 100));
-      for (let attempts = 0; attempts <= maxAttempts; attempts++) {
+    const maxAttempts = 2;
+
+    while (!this.oauthAccessToken || this.oauthAccessToken.expiresAt - Date.now() < 1000) {
+      for (let attempts = 0; attempts < maxAttempts; attempts++) {
+        if (attempts > 0) {
+          // Wait for a short duration before retrying to avoid rapid retries
+          await new Promise((resolve) => setTimeout(resolve, 100));
+        }
+
+        const parameters = new URLSearchParams();
+        if (this.scope && this.scope.length > 0) {
+          parameters.set("scope", this.scope.join(" "));
+        }
+        parameters.set("project_id", this.projectId);
+        parameters.set("environment", this.environment);
+
+        try {
+          const response = await oauth.clientCredentialsGrantRequest(as, client, clientAuth, parameters);
+          const oauthTokenResponse = await oauth.processClientCredentialsResponse(as, client, response);
+          this.oauthAccessToken = {
+            token: oauthTokenResponse.access_token,
+            expiresAt: Date.now() + (oauthTokenResponse.expires_in || 0) * 1000,
+          };
+          break; // Successfully got token, exit retry loop
+        } catch (e) {
+          // Extract error details from OAuth response
+          let errorMessage = "OAuth token request failed";
+          let wwwAuthenticate: string | undefined;
+          let statusCode: number | undefined;
+
+          if (e instanceof Error) {
+            errorMessage = e.message;
+          }
+
+          // Check if the error contains response information
+          if (e && typeof e === 'object' && 'response' in e) {
+            const errorResponse = (e as any).response;
+            if (errorResponse) {
+              statusCode = errorResponse.status;
+              wwwAuthenticate = errorResponse.headers?.get?.('www-authenticate') || 
+                               errorResponse.headers?.['www-authenticate'];
+
+              // Create more specific error message based on status code
+              if (statusCode === 401) {
+                errorMessage = `OAuth authentication failed (401 Unauthorized)${wwwAuthenticate ? `: ${wwwAuthenticate}` : ''}`;
+              } else if (statusCode === 400) {
+                errorMessage = "OAuth request invalid (400 Bad Request) - check client credentials";
+              } else if (statusCode) {
+                errorMessage = `OAuth request failed with status ${statusCode}`;
+              }
+            }
+          }
+
+          // If this is the last attempt, throw a detailed error
+          if (attempts >= maxAttempts) {
+            const error = new Error(errorMessage);
+            (error as any).statusCode = statusCode;
+            (error as any).wwwAuthenticate = wwwAuthenticate;
+            throw error;
+          }
+        }
       }
-
-      const parameters = new URLSearchParams();
-      try {
-        const response = await oauth.clientCredentialsGrantRequest(as, client, clientAuth, parameters);
-        const oauthTokenResponse = await oauth.processClientCredentialsResponse(as, client, response);
-        this.oauthAccessToken = {
-          token: oauthTokenResponse.access_token,
-          expiresAt: Date.now() + (oauthTokenResponse.expires_in || 0) * 1000,
-        };
-      } catch {
-        // pass
-      }
-
-      attempts++;
     }
 
     return this.oauthAccessToken.token;

diff --git a/packages/sdk/src/shared/index.ts b/packages/sdk/src/shared/index.ts
@@ -865,6 +865,14 @@ export type ErrorResponse = {
    * The error message returned by the API.
    */
   error: string;
+  /**
+   * The www-authenticate header value, if present in the error response.
+   */
+  wwwAuthenticate?: string;
+  /**
+   * Additional error headers that may be relevant for error handling.
+   */
+  headers?: Record<string, string>;
 };
 
 /**

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,4 +8,4 @@ export default { @@
           console.log(Object.keys(this.$auth));
         },
       },
-    };
+    };