OauthProvider#

@palmyralabs/palmyra-wire · lib/palmyra/store/auth/AuthProviders.ts

Overview#

OAuth / bearer-token decorator — stub. The class declares implements AuthDecorator but the decorate() body is empty. No token is attached to outgoing requests. Treat as a placeholder until the upstream implementation lands.

For OAuth today, implement AuthDecorator yourself — the workaround below covers the common cases (bearer token from session storage, silent refresh, multi-tenant token lookup).

Source#

class OauthProvider implements AuthDecorator {
  decorate(request: any): void { }
}

export { OauthProvider };

Workaround — bearer-token decorator#

import type { AuthDecorator } from '@palmyralabs/palmyra-wire';

export class BearerTokenDecorator implements AuthDecorator {
  constructor(private readonly getToken: () => string | undefined) {}

  decorate(request: any): void {
    const token = this.getToken();
    if (token) {
      request.headers = { ...(request.headers ?? {}), Authorization: `Bearer ${token}` };
    }
  }
}

// Usage — read from session storage, or from whatever your auth state hook exposes.
const decorator = new BearerTokenDecorator(() => sessionStorage.getItem('access_token') ?? undefined);

For silent refresh, install a 401 response interceptor on the factory’s axios instance (via StoreOptions.axiosCustomizer) that swaps the token and retries the original request.