From a2e3635ac954d3f0922d4cda18b19ba22d747499 Mon Sep 17 00:00:00 2001 From: Daniel Dietzler <36593685+danieldietzler@users.noreply.github.com> Date: Tue, 31 Mar 2026 00:22:07 +0200 Subject: [PATCH] chore: use esm global import (#27408) --- server/src/repositories/oauth.repository.ts | 28 +++++++++++++-------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/server/src/repositories/oauth.repository.ts b/server/src/repositories/oauth.repository.ts index 5af5163f8f..b2e72e470a 100644 --- a/server/src/repositories/oauth.repository.ts +++ b/server/src/repositories/oauth.repository.ts @@ -1,5 +1,19 @@ import { Injectable, InternalServerErrorException } from '@nestjs/common'; -import type { UserInfoResponse } from 'openid-client' with { 'resolution-mode': 'import' }; +import { + allowInsecureRequests, + authorizationCodeGrant, + buildAuthorizationUrl, + calculatePKCECodeChallenge, + ClientSecretBasic, + ClientSecretPost, + discovery, + fetchUserInfo, + None, + randomPKCECodeVerifier, + randomState, + skipSubjectCheck, + type UserInfoResponse, +} from 'openid-client'; import { OAuthTokenEndpointAuthMethod } from 'src/enum'; import { LoggingRepository } from 'src/repositories/logging.repository'; @@ -24,8 +38,6 @@ export class OAuthRepository { } async authorize(config: OAuthConfig, redirectUrl: string, state?: string, codeChallenge?: string) { - const { buildAuthorizationUrl, randomState, randomPKCECodeVerifier, calculatePKCECodeChallenge } = - await import('openid-client'); const client = await this.getClient(config); state ??= randomState(); @@ -64,7 +76,6 @@ export class OAuthRepository { expectedState: string, codeVerifier: string, ): Promise { - const { authorizationCodeGrant, fetchUserInfo, ...oidc } = await import('openid-client'); const client = await this.getClient(config); const pkceCodeVerifier = client.serverMetadata().supportsPKCE() ? codeVerifier : undefined; @@ -77,7 +88,7 @@ export class OAuthRepository { this.logger.debug('Using ID token claims instead of userinfo endpoint'); profile = tokenClaims as OAuthProfile; } else { - profile = await fetchUserInfo(client, tokens.access_token, oidc.skipSubjectCheck); + profile = await fetchUserInfo(client, tokens.access_token, skipSubjectCheck); } if (!profile.sub) { @@ -124,7 +135,6 @@ export class OAuthRepository { timeout, }: OAuthConfig) { try { - const { allowInsecureRequests, discovery } = await import('openid-client'); return await discovery( new URL(issuerUrl), clientId, @@ -134,7 +144,7 @@ export class OAuthRepository { userinfo_signed_response_alg: profileSigningAlgorithm === 'none' ? undefined : profileSigningAlgorithm, id_token_signed_response_alg: signingAlgorithm, }, - await this.getTokenAuthMethod(tokenEndpointAuthMethod, clientSecret), + this.getTokenAuthMethod(tokenEndpointAuthMethod, clientSecret), { execute: [allowInsecureRequests], timeout, @@ -146,9 +156,7 @@ export class OAuthRepository { } } - private async getTokenAuthMethod(tokenEndpointAuthMethod: OAuthTokenEndpointAuthMethod, clientSecret?: string) { - const { None, ClientSecretPost, ClientSecretBasic } = await import('openid-client'); - + private getTokenAuthMethod(tokenEndpointAuthMethod: OAuthTokenEndpointAuthMethod, clientSecret?: string) { if (!clientSecret) { return None(); }