import ITokenProvider from './ITokenProvider'; import Token from './Token'; /** * A token provider that wraps another provider with automatic token federation. * When the base provider returns a token from a different issuer, this provider * exchanges it for a Databricks-compatible token using RFC 8693. */ export default class FederationProvider implements ITokenProvider { private readonly baseProvider; private readonly databricksHost; private readonly clientId?; private readonly returnOriginalTokenOnFailure; /** * Creates a new FederationProvider. * @param baseProvider - The underlying token provider * @param databricksHost - The Databricks workspace host URL * @param options - Optional configuration * @param options.clientId - Client ID for M2M/service principal federation * @param options.returnOriginalTokenOnFailure - Return original token if exchange fails (default: true) */ constructor(baseProvider: ITokenProvider, databricksHost: string, options?: { clientId?: string; returnOriginalTokenOnFailure?: boolean; }); getToken(): Promise; getName(): string; /** * Determines if the token needs to be exchanged. * @param token - The token to check * @returns true if the token should be exchanged */ private needsTokenExchange; /** * Exchanges the token for a Databricks-compatible token using RFC 8693. * Includes retry logic for transient errors with exponential backoff. * @param token - The token to exchange * @returns The exchanged token */ private exchangeToken; /** * Attempts a single token exchange request. * @returns The exchanged token */ private attemptTokenExchange; /** * Recursively attempts token exchange with exponential backoff. */ private exchangeTokenWithRetry; /** * Determines if an error is retryable (transient HTTP errors, network errors, timeouts). */ private isRetryableError; /** * Builds the token exchange URL. */ private buildExchangeUrl; }