User
and Auth
objects. Adds authorization header to the request.name: string
- Name of fetch function. Used in logs and opossum stats.enableCircuitBreaker?: boolean
- Should use circuit breaker for requests. Defaults to true
.timeout?: number | false
- Timeout for requests. Logged and thrown as errors. May cause circuit breaker to open. Defaults to 10000
ms. Can be disabled by passing false.treat400ResponsesAsErrors?: boolean
- If true
, then too many 400 responses may cause the circuit to open. Either way these responses will be logged and thrown. Defaults to false
.logErrorResponseBody?: boolean
- If true
, then non-200 response bodies will be consumed and included in the error object and logged as body
.keepAlive?: boolean | number
- Configures keepAlive for requests. If false
, never reuse connections. If true
, reuse connection with a maximum idle timeout of 10 seconds. By passing a number you can override the idle connection timeout. Defaults to true
.clientCertificate?: ClientCertificateOptions
- Configures client certificate for requests.agentOptions?: AgentOptions
- Overrides agent configuration for requests (e.g. rejectUnauthorized
or advanced keep-alive configuration).opossum?: CircuitBreaker.Options
- Allows overriding Opossum options.error.name: string
- "FetchError"error.response: Response
- The response object.error.url: string
- The requested url.error.status: number
- The response status code.error.statusText: string
- The response status text.error.headers: Headers
- The headers of the response.error.response: Response
- The response object. Body has not been consumed.error.problem?: object
- The parsed response body if the response has content-type: application/problem+json
.error.problem?: object | string
- The response body if logErrorResponseBody
was set to true
. Parsed JSON or string depending on the response content type.auto
: Performs token exchange if an Auth
object is passed into fetch, otherwise fetches a non-user token.issuer: string
- the base URL of the IDP. We will request a token from ${issuer}/connect/token
.clientId: string
- the client id to use in the client credential or token exchange grant.clientSecret: string
- the client secret to use in the client credential or token exchange grant.scope: string[]
- which scopes to request.tokenEndpoint: string
- (optional) if the Token Endpoint doesn't match the ${issuer}/connect/token
pattern, the token endpoint URL can be overwritten.Auth
object to enhancedFetch
:autoAuth
.alwaysTokenExchange: boolean
- Request token exchange even though the current authentication has all of the specified scopes. Defaults to false.requestActorToken: boolean
- Request a token for the actor (the real end-user) and removes information about the active delegation. This is useful for services that do not understand island.is delegation tokens or should always return data for the actor rather than the active delegation. Defaults to false.useCache: boolean
- Enables private caching for token exchange tokens. Requires cacheManager
to be configured. This involves storing user-tokens between requests, so "Keep it secret. Keep it safe." Defaults to false.buildCacheControl
to configure cache control in a type-safe way:overrideCacheControl
only affects GET responses, since you rarely want to cache POST requests. If you know what you're doing, then you can cache those as well:innskra.island.is
or serving data that is not specific to the authenticated user, then you may configure cache-control to support shared caching for authorized requests:innskra.island.is
, you can configure a private cache for that user. In this case, you need to pass a User
object (eg from @CurrentUser) to the fetch function:innskra.island.is
access tokens and create private responses based on the user's nationalId
claim. If the nationalId
claim is missing, or you forget to pass the auth
argument, then a warning is logged and the cache is disabled.