app specific token, and longer lifetime tokens

Author: dforsber

src/bdcli/commands/account/bdcli-account-tap-master-secret.ts

@@ -22,7 +22,7 @@ async function show(options: any, _command: cmd.Command): Promise<void> {
     updateSpinnerText(`Getting BoilingData Master TAP secret`);
     if (!region) throw new Error("Pass --region parameter or set AWS_REGION env");
     const bdAccount = new BDAccount({ logger, authToken: token });
-    const { bdTapMasterSecret, cached: tapCached, ...rest } = await bdAccount.getTapMasterSecret();
+    const { bdTapMasterSecret, cached: tapCached, ...rest } = await bdAccount.getTapMasterSecret(options?.application);
     updateSpinnerText(`Getting BoilingData Master TAP secret: ${tapCached ? "cached" : "success"}`);
     spinnerSuccess();
     await outputResults({ bdTapMasterSecret, cached: tapCached, ...rest }, options.disableSpinner);
@@ -38,6 +38,7 @@ const program = new cmd.Command("bdcli account tap-master-secret")
       "A user has shared Tap for you so that you can write to it.",
     ),
   )
+  .addOption(new cmd.Option("--application <application>", "Data Taps supported application name, like 'github'"))
   .action(async (options, command) => await show(options, command));
 
 (async () => {

src/bdcli/utils/auth_util.ts

@@ -23,11 +23,11 @@ export async function authSpinnerWithConfigCheck(): Promise<boolean> {
 export async function validateTokenLifetime(lifetime: string, logger?: ILogger): Promise<void> {
   const lifetimeInMs = ms(`${lifetime}`);
   logger?.debug({ lifetimeInMs });
-  if (!lifetimeInMs || lifetimeInMs < ms("10min") || lifetimeInMs > ms("24h")) {
+  if (!lifetimeInMs || lifetimeInMs < ms("10min")) {
     throw new Error(
       "Invalid token expiration time span, " +
         "please see https://github.com/vercel/ms for the format of the period. " +
-        "Lifetime must be between 10min - 24h",
+        "Lifetime must be at min. 10min. Free tier max is 24h.",
     );
   }
 }

src/integration/boilingdata/account.ts

@@ -46,6 +46,7 @@ export class BDAccount {
   private bdStsToken: string | undefined;
   private bdTapToken: string | undefined;
   private bdTapMasterSecret: string | undefined;
+  private bdTapMasterSecretApplication: string | undefined;
   private sharedTokens: IDecodedSession[];
   private selectedToken: string | undefined;
   private decodedToken!: jwt.JwtPayload | null;
@@ -335,11 +336,15 @@ export class BDAccount {
     throw new Error(`Failed to get fresh TAP token from BD API`);
   }
 
-  public async getTapMasterSecret(): Promise<{ bdTapMasterSecret: string; cached: boolean }> {
-    if (this.bdTapMasterSecret) return { bdTapMasterSecret: this.bdTapMasterSecret, cached: true };
+  public async getTapMasterSecret(
+    application = "default",
+  ): Promise<{ bdTapMasterSecret: string; cached: boolean; application: string }> {
+    if (this.bdTapMasterSecret && this.bdTapMasterSecretApplication === application) {
+      return { bdTapMasterSecret: this.bdTapMasterSecret, cached: true, application };
+    }
     const headers = await getReqHeaders(this.cognitoIdToken); // , { tokenLifetime, vendingSchedule, shareId });
     const method = "POST";
-    const body = JSON.stringify({});
+    const body = JSON.stringify({ application });
     this.logger.debug({ method, tapMasterSecretUrl, headers, body });
     const res = await fetch(tapMasterSecretUrl, { method, headers, body });
     const resBody = await res.json();
@@ -355,7 +360,12 @@ export class BDAccount {
       throw new Error("Missing bdTapMasterSecret in BD API Response");
     }
     this.bdTapMasterSecret = resBody.bdTapMasterSecret;
-    return { bdTapMasterSecret: resBody.bdTapMasterSecret, cached: false };
+    this.bdTapMasterSecretApplication = resBody?.application ?? "default";
+    return {
+      bdTapMasterSecret: resBody.bdTapMasterSecret,
+      cached: false,
+      application: resBody?.application ?? "default",
+    };
   }
 
   public async getStsToken(tokenLifetime: string, shareId?: string): Promise<{ bdStsToken: string; cached: boolean }> {