refactor: remove simple-oauth2 library

An HTTP call with built-in fetch library is used
to get access token, in order to reduce external dependencies.

Signed-off-by: kvmw <[email protected]>

Author: kvmw

package-lock.json

@@ -20,8 +20,7 @@
   },
   "dependencies": {
     "dotenv": "^17.2.0",
-    "express": "^5.1.0",
-    "simple-oauth2": "^5.1.0"
+    "express": "^5.1.0"
   },
   "devDependencies": {
     "eslint": "^9.31.0",

package.json

@@ -1,34 +1,43 @@
-import { ClientCredentials } from 'simple-oauth2';
 import services from './vcap-services.js';
 
 const credentials = services.getCredentials('p.config-server');
 
-const client = new ClientCredentials({
-  client: {
-    id: credentials.client_id,
-    secret: credentials.client_secret,
-  },
-  auth: {
-    tokenHost: credentials.access_token_uri.replace('/oauth/token', ''),
-    tokenPath: '/oauth/token',
-  },
-});
-
 let token = null;
 
+// Checks if token is expired or will be expired in given window.
+const expired = (token, expirationWindowSeconds = 0) => {
+  return (
+    !token ||
+    token.expires_at - (Date.now() + expirationWindowSeconds * 1000) <= 0
+  );
+};
+
 // Requests an access token from the UAA server using client credentials.
 const getAccessToken = async () => {
   // If token is not set or expired, request a new one.
-  if (!token || token.expired(10)) {
-    try {
-      token = await client.getToken();
-    } catch (error) {
-      console.error('Failed to get access token', error.message);
-      throw error;
+  if (!token || expired(token, 10)) {
+    const response = await fetch(credentials.access_token_uri, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        Authorization: `Basic ${Buffer.from(`${credentials.client_id}:${credentials.client_secret}`).toString('base64')}`,
+      },
+      body: new URLSearchParams({ grant_type: 'client_credentials' }),
+    });
+
+    if (!response.ok) {
+      throw new Error(`HTTP error! status: ${response.status}`);
     }
+
+    const data = await response.json();
+
+    token = {
+      access_token: data.access_token,
+      expires_at: Date.now() + data.expires_in * 1000,
+    };
   }
 
-  return token.token.access_token;
+  return token.access_token;
 };
 
 export default {