remove iasResource list support & fix tests

Author: davidkna-sap

packages/connectivity/src/scp-cf/client-credentials-token-cache.spec.ts

@@ -249,149 +249,4 @@ describe('ClientCredentialsTokenCache', () => {
       expect(key).toBe('tenant-123:client-id');
     });
   });
-
-  describe('Multiple resources (array) support', () => {
-    const validToken = {
-      access_token: 'multi-resource-token',
-      token_type: 'Bearer',
-      expires_in: oneHourInSeconds * 3,
-      jti: '',
-      scope: ''
-    };
-
-    beforeEach(() => {
-      clientCredentialsTokenCache.clear();
-    });
-
-    it('should cache and retrieve token with array of resource clientIds', () => {
-      const resources = [
-        { clientId: 'client-1', tenantId: 'tenant-1' },
-        { clientId: 'client-2' },
-        { name: 'app3' }
-      ];
-
-      clientCredentialsTokenCache.cacheToken(
-        'subscriber-tenant',
-        'clientid',
-        resources,
-        validToken
-      );
-
-      const cached = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        resources
-      );
-
-      expect(cached).toEqual(validToken);
-    });
-    it('should treat resource array as a set (order-independent)', () => {
-      const resources1 = [{ name: 'app-1' }, { name: 'app-2' }];
-      const resources2 = [{ name: 'app-2' }, { name: 'app-1' }];
-
-      clientCredentialsTokenCache.cacheToken(
-        'subscriber-tenant',
-        'clientid',
-        resources1,
-        validToken
-      );
-
-      const cached1 = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        resources1
-      );
-      const cached2 = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        resources2
-      );
-
-      expect(cached1).toEqual(validToken);
-      expect(cached2).toEqual(validToken);
-    });
-
-    it('should isolate cache by number of resources in array', () => {
-      const resources1 = [{ name: 'app-1' }];
-      const resources2 = [{ name: 'app-1' }, { name: 'app-2' }];
-
-      clientCredentialsTokenCache.cacheToken(
-        'subscriber-tenant',
-        'clientid',
-        resources1,
-        validToken
-      );
-
-      const cached1 = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        resources1
-      );
-      const cached2 = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        resources2
-      );
-
-      expect(cached1).toEqual(validToken);
-      expect(cached2).toBeUndefined();
-    });
-
-    it('should not treat single resource and single-element array differently', () => {
-      const singleResource = { name: 'app-1' };
-      const arrayResource = [{ name: 'app-1' }];
-
-      clientCredentialsTokenCache.cacheToken(
-        'subscriber-tenant',
-        'clientid',
-        singleResource,
-        validToken
-      );
-
-      const cachedSingle = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        singleResource
-      );
-      const cachedArray = clientCredentialsTokenCache.getToken(
-        'subscriber-tenant',
-        'clientid',
-        arrayResource
-      );
-
-      expect(cachedSingle).toEqual(validToken);
-      expect(cachedArray).toEqual(validToken);
-    });
-
-    it('should generate correct cache key with array of resource names', () => {
-      const key = getCacheKey('tenant-123', 'client-id', [
-        { name: 'app-1' },
-        { name: 'app-2' }
-      ]);
-      expect(key).toBe('tenant-123:client-id:name=app-1::name=app-2');
-    });
-
-    it('should generate correct cache key with array of resource clientIds', () => {
-      const key = getCacheKey('tenant-123', 'client-id', [
-        { clientId: 'client-1' },
-        { clientId: 'client-2', tenantId: 'tenant-2' }
-      ]);
-      expect(key).toBe(
-        'tenant-123:client-id:clientid=client-1::clientid=client-2:tenantid=tenant-2'
-      );
-    });
-
-    it('should generate correct cache key with array of mixed resource types', () => {
-      const key = getCacheKey('tenant-123', 'client-id', [
-        { name: 'app-1' },
-        { clientId: 'client-2' }
-      ]);
-      expect(key).toBe('tenant-123:client-id:clientid=client-2::name=app-1');
-    });
-
-    it('should handle empty resource array', () => {
-      const key = getCacheKey('tenant-123', 'client-id', []);
-      expect(key).toBe('tenant-123:client-id');
-    });
-  });
 });

packages/connectivity/src/scp-cf/client-credentials-token-cache.ts

@@ -14,14 +14,14 @@ const ClientCredentialsTokenCache = (
   getToken: (
     tenantId: string | undefined,
     clientId: string,
-    resource?: IasResource | IasResource[]
+    resource?: IasResource
   ): ClientCredentialsResponse | undefined =>
     cache.get(getCacheKey(tenantId, clientId, resource)),
 
   cacheToken: (
     tenantId: string | undefined,
     clientId: string,
-    resource: IasResource | IasResource[] | undefined,
+    resource: IasResource | undefined,
     token: ClientCredentialsResponse
   ): void => {
     cache.set(getCacheKey(tenantId, clientId, resource), {
@@ -43,29 +43,19 @@ const ClientCredentialsTokenCache = (
  * @returns Normalized resource string or empty string if not provided.
  * @internal
  */
-function normalizeResource(
-  resource?: IasResource | IasResource[]
-): string | undefined {
+function normalizeResource(resource?: IasResource): string | undefined {
   if (!resource) {
     return undefined;
   }
+  if ('name' in resource) {
+    return `name=${resource.name}`;
+  }
 
-  const resources = Array.isArray(resource) ? resource : [resource];
-
-  return resources
-    .map(r => {
-      if ('name' in r) {
-        return `name=${r.name}`;
-      }
-
-      let normalized = `clientid=${r.clientId}`;
-      if (r.tenantId) {
-        normalized += `:tenantid=${r.tenantId}`;
-      }
-      return normalized;
-    })
-    .sort()
-    .join('::');
+  let normalized = `clientid=${resource.clientId}`;
+  if (resource.tenantId) {
+    normalized += `:tenantid=${resource.tenantId}`;
+  }
+  return normalized;
 }
 
 /** *
@@ -78,7 +68,7 @@ function normalizeResource(
 export function getCacheKey(
   tenantId: string | undefined,
   clientId: string,
-  resource?: IasResource | IasResource[]
+  resource?: IasResource
 ): string | undefined {
   if (!tenantId) {
     logger.warn(

packages/connectivity/src/scp-cf/destination/destination-from-vcap.ts

@@ -141,7 +141,7 @@ interface IasOptionsBase {
    * Either provide the app name (common case) or the provider client ID
    * and tenant ID (optional).
    */
-  resource?: IasResource | IasResource[];
+  resource?: IasResource;
   /**
    * The consumer (BTP) tenant ID of the application.
    * May be required for multi-tenant communication.

packages/connectivity/src/scp-cf/identity-service.spec.ts

@@ -99,7 +99,9 @@ describe('getIasClientCredentialsToken', () => {
       aud: 'test-audience',
       ias_apis: ['dummy']
     });
-    expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({});
+    expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({
+      token_format: 'jwt'
+    });
   });
 
   it('fetches IAS token with client secret authentication', async () => {
@@ -125,7 +127,9 @@ describe('getIasClientCredentialsToken', () => {
       aud: 'test-audience',
       ias_apis: ['dummy']
     });
-    expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({});
+    expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({
+      token_format: 'jwt'
+    });
   });
 
   it('includes resource parameter for app2app flow', async () => {
@@ -136,7 +140,8 @@ describe('getIasClientCredentialsToken', () => {
     });
 
     expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({
-      resource: 'urn:sap:identity:application:provider:name:my-app'
+      resource: 'urn:sap:identity:application:provider:name:my-app',
+      token_format: 'jwt'
     });
   });
 
@@ -162,7 +167,8 @@ describe('getIasClientCredentialsToken', () => {
 
     expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({
       resource: 'urn:sap:identity:application:provider:name:my-app',
-      app_tid: 'tenant-123'
+      app_tid: 'tenant-123',
+      token_format: 'jwt'
     });
   });
 
@@ -174,6 +180,7 @@ describe('getIasClientCredentialsToken', () => {
     });
 
     expect(mockFetchClientCredentialsToken).toHaveBeenCalledWith({
+      token_format: 'jwt',
       custom_param: 'custom_value'
     });
   });
@@ -222,7 +229,9 @@ describe('getIasClientCredentialsToken', () => {
         assertion: userAssertion
       });
 
-      expect(mockFetchJwtBearerToken).toHaveBeenCalledWith(userAssertion, {});
+      expect(mockFetchJwtBearerToken).toHaveBeenCalledWith(userAssertion, {
+        token_format: 'jwt'
+      });
       expect(mockFetchClientCredentialsToken).not.toHaveBeenCalled();
     });
 
@@ -254,7 +263,8 @@ describe('getIasClientCredentialsToken', () => {
       expect(mockFetchJwtBearerToken).toHaveBeenCalledWith(userAssertion, {
         resource: 'urn:sap:identity:application:provider:name:my-app',
         app_tid: 'tenant-123',
-        refresh_token: '0'
+        refresh_token: '0',
+        token_format: 'jwt'
       });
     });
   });

packages/connectivity/src/scp-cf/identity-service.ts

@@ -146,11 +146,9 @@ async function getIasClientCredentialsTokenImpl(
     token_format: 'jwt'
   };
 
-  // Stringify resource(s)
+  // Stringify resource
   if (arg.resource) {
-    tokenOptions.resource = Array.isArray(arg.resource)
-      ? arg.resource.map(convertResourceToUrn)
-      : convertResourceToUrn(arg.resource);
+    tokenOptions.resource = convertResourceToUrn(arg.resource);
   }
 
   if (arg.appTid) {