Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@adobe/fetch
Advanced tools
Call Adobe APIs
Make calling Adobe APIs a breeze!
This package will handle JWT authentication, token caching and storage.
Otherwise it works exactly as fetch
npm install --save @adobe/fetch
const fs = require('fs');
const config = {
auth: {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: ['ent_dataservices_sdk']
}
};
config.auth.privateKey = fs.readFileSync('private.key');
const adobefetch = require('@adobe/fetch').config(config);
adobefetch("https://platform.adobe.io/some/adobe/api", { method: 'get'})
.then(response => response.json())
.then(json => console.log('Result: ',json));
The config.auth
object is where you pass in all the required and optional parameters to authenticate API calls.
parameter | integration name | required | type | default |
---|---|---|---|---|
clientId | API Key (Client ID) | true | String | |
technicalAccountId | Technical account ID | true | String | |
orgId | Organization ID | true | String | |
clientSecret | Client secret | true | String | |
privateKey | true | String | ||
passphrase | false | String | ||
metaScopes | true | Comma separated Sting or an Array | ||
ims | false | String | https://ims-na1.adobelogin.com |
In order to determine which metaScopes you need to register for you can look them up by product in this handy table.
For instance, if you need to be authenticated to call API's for both GDPR and User Management you would look them up and find that they are:
Then you would create an array of metaScopes as part of the config
object. For instance:
const config = {
auth: {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: [
'https://ims-na1.adobelogin.com/s/ent_gdpr_sdk',
'https://ims-na1.adobelogin.com/s/ent_user_sdk'
]
}
};
However, if you omit the IMS URL, the package will automatically add it for you when making the call to generate the JWT.
For example:
const config = {
auth: {
clientId: 'asasdfasf',
clientSecret: 'aslfjasljf-=asdfalasjdf==asdfa',
technicalAccountId: 'asdfasdfas@techacct.adobe.com',
orgId: 'asdfasdfasdf@AdobeOrg',
metaScopes: ['ent_gdpr_sdk', 'ent_user_sdk']
}
};
This is the recommended approach.
If you have HTTP headers that are required for each request, you can provide them in the configuration. They will be then added automatically to each request.
You can provide either a value or a function. A function can be used when you need to generate a dynamic header value on each request.
For example:
const config = {
auth: {
... Auth Configuration ...
},
headers: {
'x-sandbox-name': 'prod',
'x-request-id': () => idGenerationFunc()
}
};
The following headers are added automatically by adobe-fetch, you can override all of them besides authorization*[]:
By default, node-persist is used to store all the active tokens locally.
Tokens will be stored under /.node-perist/storage
It is possible to use any other storage for token persistence. This is done by providing read and write methods as follows:
const config = {
auth: {
clientId: 'asasdfasf',
...
storage: {
read: function() {
return new Promise(function(resolve, reject) {
let tokens;
// .. Some logic to read the tokens ..
resolve(tokens);
});
},
write: function(tokens) {
return new Promise(function(resolve, reject) {
// .. Some logic to save the tokens ..
resolve();
});
}
}
}
};
Alternatively, use async/await:
const config = {
auth: {
clientId: 'asasdfasf',
...
storage: {
read: async function() {
return await myGetTokensImplementation();
},
write: async function(tokens) {
await myStoreTokensImplementation(tokens);
}
}
}
};
Every request will include a unique request identifier sent via the x-request-id.
The request identifier can be overriden by providing it through the headers:
fetch(url, {
headers: { 'x-request-id': myRequestID }
});
We use debug to log requests. In order to see all the debug output, including the request identifiers, run your app with the DEBUG environment variable including the @adobe/fetch scope as follows:
DEBUG=@adobe/fetch
Contributions are welcomed! Read the Contributing Guide for more information.
This project is licensed under the Apache V2 License. See LICENSE for more information.
FAQs
Light-weight Fetch implementation transparently supporting both HTTP/1(.1) and HTTP/2
The npm package @adobe/fetch receives a total of 8,103 weekly downloads. As such, @adobe/fetch popularity was classified as popular.
We found that @adobe/fetch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.