build!: Set Node v12 to minimum supported version & Upgrade TypeScript

.github/sync-repo-settings.yaml

@@ -9,9 +9,9 @@ branchProtectionRules:
       - "ci/kokoro: System test"
       - docs
       - lint
-      - test (10)
       - test (12)
       - test (14)
+      - test (16)
       - cla/google
       - windows
       - OwlBot Post Processor

.github/workflows/ci.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node: [10, 12, 14]
+        node: [12, 14, 16]
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3

package.json

@@ -4,7 +4,7 @@
   "author": "Google Inc.",
   "description": "Google APIs Authentication Client Library for Node.js",
   "engines": {
-    "node": ">=10"
+    "node": ">=12"
   },
   "main": "./build/src/index.js",
   "types": "./build/src/index.d.ts",
@@ -44,7 +44,7 @@
     "chai": "^4.2.0",
     "codecov": "^3.0.2",
     "execa": "^5.0.0",
-    "gts": "^2.0.0",
+    "gts": "^3.1.0",
     "is-docker": "^2.0.0",
     "karma": "^6.0.0",
     "karma-chrome-launcher": "^3.0.0",
@@ -65,7 +65,7 @@
     "sinon": "^13.0.0",
     "tmp": "^0.2.0",
     "ts-loader": "^8.0.0",
-    "typescript": "^3.8.3",
+    "typescript": "^4.6.3",
     "webpack": "^5.21.2",
     "webpack-cli": "^4.0.0"
   },

samples/package.json

@@ -9,7 +9,7 @@
     "test": "mocha --timeout 60000"
   },
   "engines": {
-    "node": ">=10"
+    "node": ">=12"
   },
   "license": "Apache-2.0",
   "dependencies": {

samples/puppeteer/package.json

@@ -4,7 +4,7 @@
   "description": "An example of using puppeteer to orchestrate a Google sign in flow.",
   "main": "oauth2-test.js",
   "engines": {
-    "node": ">=8"
+    "node": ">=12"
   },
   "scripts": {
     "start": "node oauth2-test.js"

src/auth/baseexternalclient.ts

@@ -247,7 +247,7 @@ export abstract class BaseExternalAccountClient extends AuthClient {
    * the type of external credential used.
    * @return A promise that resolves with the external subject token.
    */
-  abstract async retrieveSubjectToken(): Promise<string>;
+  abstract retrieveSubjectToken(): Promise<string>;
 
   /**
    * @return A promise that resolves with the current GCP access token

src/auth/computeclient.ts

@@ -73,8 +73,11 @@ export class Compute extends OAuth2Client {
       }
       data = await gcpMetadata.instance(instanceOptions);
     } catch (e) {
-      e.message = `Could not refresh access token: ${e.message}`;
-      this.wrapError(e);
+      if (e instanceof GaxiosError) {
+        e.message = `Could not refresh access token: ${e.message}`;
+        this.wrapError(e);
+      }
+
       throw e;
     }
     const tokens = data as Credentials;
@@ -101,7 +104,10 @@ export class Compute extends OAuth2Client {
       };
       idToken = await gcpMetadata.instance(instanceOptions);
     } catch (e) {
-      e.message = `Could not fetch ID token: ${e.message}`;
+      if (e instanceof Error) {
+        e.message = `Could not fetch ID token: ${e.message}`;
+      }
+
       throw e;
     }
 

src/auth/identitypoolclient.ts

@@ -155,7 +155,10 @@ export class IdentityPoolClient extends BaseExternalAccountClient {
         throw new Error();
       }
     } catch (err) {
-      err.message = `The file at ${filePath} does not exist, or it is not a file. ${err.message}`;
+      if (err instanceof Error) {
+        err.message = `The file at ${filePath} does not exist, or it is not a file. ${err.message}`;
+      }
+
       throw err;
     }
 

src/auth/impersonated.ts

@@ -16,6 +16,7 @@
 
 import {GetTokenResponse, OAuth2Client, RefreshOptions} from './oauth2client';
 import {AuthClient} from './authclient';
+import {GaxiosError} from 'gaxios';
 
 export interface ImpersonatedOptions extends RefreshOptions {
   /**
@@ -132,8 +133,16 @@ export class Impersonated extends OAuth2Client {
         res,
       };
     } catch (error) {
-      const status = error?.response?.data?.error?.status;
-      const message = error?.response?.data?.error?.message;
+      if (!(error instanceof Error)) throw error;
+
+      let status = 0;
+      let message = '';
+
+      if (error instanceof GaxiosError) {
+        status = error?.response?.data?.error?.status;
+        message = error?.response?.data?.error?.message;
+      }
+
       if (status && message) {
         error.message = `${status}: unable to impersonate: ${message}`;
         throw error;

src/auth/oauth2client.ts

@@ -1155,7 +1155,10 @@ export class OAuth2Client extends AuthClient {
     try {
       res = await this.transporter.request({url});
     } catch (e) {
-      e.message = `Failed to retrieve verification certificates: ${e.message}`;
+      if (e instanceof Error) {
+        e.message = `Failed to retrieve verification certificates: ${e.message}`;
+      }
+
       throw e;
     }
 
@@ -1220,7 +1223,10 @@ export class OAuth2Client extends AuthClient {
     try {
       res = await this.transporter.request({url});
     } catch (e) {
-      e.message = `Failed to retrieve verification certificates: ${e.message}`;
+      if (e instanceof Error) {
+        e.message = `Failed to retrieve verification certificates: ${e.message}`;
+      }
+
       throw e;
     }
 
@@ -1271,7 +1277,10 @@ export class OAuth2Client extends AuthClient {
     try {
       envelope = JSON.parse(crypto.decodeBase64StringUtf8(segments[0]));
     } catch (err) {
-      err.message = `Can't parse token envelope: ${segments[0]}': ${err.message}`;
+      if (err instanceof Error) {
+        err.message = `Can't parse token envelope: ${segments[0]}': ${err.message}`;
+      }
+
       throw err;
     }
 
@@ -1282,7 +1291,9 @@ export class OAuth2Client extends AuthClient {
     try {
       payload = JSON.parse(crypto.decodeBase64StringUtf8(segments[1]));
     } catch (err) {
-      err.message = `Can't parse token payload '${segments[0]}`;
+      if (err instanceof Error) {
+        err.message = `Can't parse token payload '${segments[0]}`;
+      }
       throw err;
     }
 

src/auth/stscredentials.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {GaxiosOptions, GaxiosResponse} from 'gaxios';
+import {GaxiosError, GaxiosOptions, GaxiosResponse} from 'gaxios';
 import * as querystring from 'querystring';
 
 import {DefaultTransporter} from '../transporters';
@@ -216,7 +216,7 @@ export class StsCredentials extends OAuthClientAuthHandler {
       return stsSuccessfulResponse;
     } catch (error) {
       // Translate error to OAuthError.
-      if (error.response) {
+      if (error instanceof GaxiosError && error.response) {
         throw getErrorFromOAuthErrorResponse(
           error.response.data as OAuthErrorResponse,
           // Preserve other fields from the original error.

src/transporters.ts

@@ -104,7 +104,7 @@ export class DefaultTransporter {
       validate(opts);
     } catch (e) {
       if (callback) {
-        return callback(e);
+        return callback(e as Error);
       } else {
         throw e;
       }

test/test.awsclient.ts

@@ -408,7 +408,9 @@ describe('AwsClient', () => {
           {},
           awsCredentialSource
         );
-        delete missingUrlCredentialSource.url;
+        delete (
+          missingUrlCredentialSource as Partial<typeof awsCredentialSource>
+        ).url;
         const invalidOptions = {
           type: 'external_account',
           audience,
@@ -435,7 +437,11 @@ describe('AwsClient', () => {
           {},
           awsCredentialSource
         );
-        delete missingRegionUrlCredentialSource.region_url;
+        delete (
+          missingRegionUrlCredentialSource as Partial<
+            typeof awsCredentialSource
+          >
+        ).region_url;
         const invalidOptions = {
           type: 'external_account',
           audience,
@@ -707,8 +713,12 @@ describe('AwsClient', () => {
           awsCredentialSource
         );
         // Remove all optional fields.
-        delete requiredOnlyCredentialSource.region_url;
-        delete requiredOnlyCredentialSource.url;
+        delete (
+          requiredOnlyCredentialSource as Partial<typeof awsCredentialSource>
+        ).region_url;
+        delete (
+          requiredOnlyCredentialSource as Partial<typeof awsCredentialSource>
+        ).url;
         const requiredOnlyOptions = {
           type: 'external_account',
           audience,

test/test.externalclient.ts

@@ -191,7 +191,8 @@ describe('ExternalAccountClient', () => {
 
     it('should throw when given invalid ExternalAccountClient', () => {
       const invalidOptions = Object.assign({}, fileSourcedOptions);
-      delete invalidOptions.credential_source;
+      delete (invalidOptions as Partial<typeof fileSourcedOptions>)
+        .credential_source;
 
       assert.throws(() => {
         return ExternalAccountClient.fromJSON(invalidOptions);