SDK: Passport

The Passport client provides methods for managing OAuth providers, authorizations, and viewing the audit trail.

Access it via client.passport.

Providers

List providers

const providers = await client.passport.providers.list();
// providers: Provider[]

Returns an array of Provider objects:

interface Provider {
  id: string;
  name: string;
  type: string;
  clientId: string;
  authUrl: string;
  tokenUrl: string;
  scopes: string[];
  createdAt: string;
}

Register a provider

const provider = await client.passport.providers.create({
  name: "google-workspace",
  type: "oauth2",
  clientId: "your-client-id",
  clientSecret: "your-client-secret",
  authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
  tokenUrl: "https://oauth2.googleapis.com/token",
  scopes: ["openid", "email", "profile"],
});

Authorizations

Create an authorization

const auth = await client.passport.authorizations.create({
  providerId: "abc12345",
  serviceId: "my-service-id",
  scopes: ["calendar.read", "calendar.write"],
  grantType: "authorization_code",
});

The authorization object includes:

interface Authorization {
  id: string;
  providerId: string;
  serviceId: string;
  scopes: string[];
  grantType: string;
  status: "active" | "revoked";
  createdAt: string;
}

Audit Trail

List audit entries

const auditEntries = await client.passport.audit.list();
// auditEntries: AuditEntry[]

Each audit entry records an authentication or authorization event:

interface AuditEntry {
  id: string;
  action: string;
  providerId?: string;
  serviceId?: string;
  timestamp: string;
  details: Record<string, unknown>;
}

Full Example

import { createClient } from "@the-shift/sdk";

const client = createClient({
  gatewayUrl: "https://app.the-shift.dev",
  apiKey: process.env.SHIFT_API_KEY,
});

// Register an OAuth provider
const provider = await client.passport.providers.create({
  name: "github-oauth",
  type: "oauth2",
  clientId: process.env.GITHUB_CLIENT_ID,
  clientSecret: process.env.GITHUB_CLIENT_SECRET,
  authUrl: "https://github.com/login/oauth/authorize",
  tokenUrl: "https://github.com/login/oauth/access_token",
  scopes: ["read:user", "repo"],
});

console.log(`Registered provider: ${provider.id}`);

// Create an authorization for a service
const auth = await client.passport.authorizations.create({
  providerId: provider.id,
  serviceId: "my-app-id",
  scopes: ["read:user"],
  grantType: "authorization_code",
});

console.log(`Authorization created: ${auth.id}`);

// Check the audit trail
const audit = await client.passport.audit.list();
console.log(`Audit entries: ${audit.length}`);

Providers​

List providers​

Register a provider​

Authorizations​

Create an authorization​

Audit Trail​

List audit entries​

Full Example​