test: auth api route for token

apps/nextjs/package.json

@@ -14,6 +14,7 @@
   },
   "dependencies": {
     "@canvas-challenge/api": "workspace:*",
+    "@canvas-challenge/canvas": "workspace:*",
     "@tanstack/react-query": "^5.8.7",
     "@tanstack/react-query-devtools": "^5.8.7",
     "@tanstack/react-query-next-experimental": "5.8.7",

apps/nextjs/src/app/api/test/route.ts

@@ -0,0 +1,33 @@
+import { getAuthToken } from '@canvas-challenge/canvas';
+
+export const runtime = 'edge';
+
+function setCorsHeaders(res: Response) {
+  res.headers.set('Access-Control-Allow-Origin', '*');
+  res.headers.set('Access-Control-Request-Method', '*');
+  res.headers.set('Access-Control-Allow-Methods', 'OPTIONS, GET, POST');
+  res.headers.set('Access-Control-Allow-Headers', '*');
+}
+
+export function OPTIONS() {
+  const response = new Response(null, {
+    status: 204,
+  });
+  setCorsHeaders(response);
+  return response;
+}
+
+const handler = async () => {
+  const { token, expiresInSeconds } = await getAuthToken({
+    clientSecret: process.env.CANVAS_CLIENT_SECRET!,
+    clientId: process.env.CANVAS_CLIENT_ID!,
+    baseUrl: process.env.CANVAS_EMR_BASE_URL!,
+  });
+
+  return Response.json({
+    token,
+    expiresInSeconds,
+  });
+};
+
+export { handler as GET, handler as POST };

packages/canvas/src/services/auth.ts

@@ -29,6 +29,12 @@ export async function getAuthToken({
     }),
   });
 
+  if (!response.ok) {
+    return response.text().then((text) => {
+      throw new Error(text);
+    });
+  }
+
   const json = AuthTokenResponseBodySchema.parse(await response.json());
 
   return { token: json.access_token, expiresInSeconds: json.expires_in };