From 0451b802594f76518830b9bdff515d67fc0231b9 Mon Sep 17 00:00:00 2001
From: Josh Wulf <josh.wulf@camunda.com>
Date: Tue, 5 Mar 2024 16:11:40 +1300
Subject: [PATCH] feat(oauth): support optional scope in OAuth request (#25)

set CAMUNDA_TOKEN_SCOPE in the environment to pass a scope in the OAuth request
---
 README.md                                     |   4 +-
 package-lock.json                             |  83 ++++++-
 package.json                                  |   6 +-
 .../oauth-token-clientId-CONSOLE.json         |   1 +
 src/oauth/__test__/OAuthImpl.spec.ts          | 209 ++++++++++++++++++
 src/oauth/__test__/creds.spec.ts              |   5 +
 src/oauth/__test__/integration.spec.ts        |  11 +-
 src/oauth/index.ts                            |   1 +
 src/oauth/lib/OAuthProviderImpl.ts            |  47 ++--
 .../__test__/tasklist.integration.spec.ts     |  26 ---
 10 files changed, 329 insertions(+), 64 deletions(-)
 create mode 100644 src/oauth/__test__/.token-cache/oauth-token-clientId-CONSOLE.json

diff --git a/README.md b/README.md
index 1e6ae3c0..683b77b8 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 # Camunda 8 JavaScript SDK
 
-This is the monorepo for the official Camunda 8 JavaScript SDK.
+This is the official Camunda 8 JavaScript SDK.
 
 ## Using the SDK in your project
 
 Install the SDK as a dependency:
 
 ```bash
-npm i @camunda/sdk
+npm i @camunda8/sdk
 ```
diff --git a/package-lock.json b/package-lock.json
index 5f530f8f..18cd2275 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -52,6 +52,7 @@
 				"semantic-release": "^22.0.12",
 				"semantic-release-lerna": "^2.1.0",
 				"ts-jest": "^29.1.1",
+				"typedoc": "^0.25.9",
 				"typescript": "^5.3.3"
 			}
 		},
@@ -5856,6 +5857,12 @@
 				"node": ">=8"
 			}
 		},
+		"node_modules/ansi-sequence-parser": {
+			"version": "1.1.1",
+			"resolved": "https://registry.npmjs.org/ansi-sequence-parser/-/ansi-sequence-parser-1.1.1.tgz",
+			"integrity": "sha512-vJXt3yiaUL4UU546s3rPXlsry/RnM730G1+HkpKE012AN0sx1eOrxSu95oKDIonskeLTijMgqWZ3uDEe3NFvyg==",
+			"dev": true
+		},
 		"node_modules/ansi-styles": {
 			"version": "3.2.1",
 			"license": "MIT",
@@ -14822,6 +14829,12 @@
 				"yallist": "^3.0.2"
 			}
 		},
+		"node_modules/lunr": {
+			"version": "2.3.9",
+			"resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz",
+			"integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==",
+			"dev": true
+		},
 		"node_modules/make-dir": {
 			"version": "4.0.0",
 			"dev": true,
@@ -14953,7 +14966,6 @@
 			"version": "4.3.0",
 			"dev": true,
 			"license": "MIT",
-			"peer": true,
 			"bin": {
 				"marked": "bin/marked.js"
 			},
@@ -22768,6 +22780,18 @@
 				"node": ">=8"
 			}
 		},
+		"node_modules/shiki": {
+			"version": "0.14.7",
+			"resolved": "https://registry.npmjs.org/shiki/-/shiki-0.14.7.tgz",
+			"integrity": "sha512-dNPAPrxSc87ua2sKJ3H5dQ/6ZaY8RNnaAqK+t0eG7p0Soi2ydiqbGOTaZCqaYvA/uZYfS1LJnemt3Q+mSfcPCg==",
+			"dev": true,
+			"dependencies": {
+				"ansi-sequence-parser": "^1.1.0",
+				"jsonc-parser": "^3.2.0",
+				"vscode-oniguruma": "^1.7.0",
+				"vscode-textmate": "^8.0.0"
+			}
+		},
 		"node_modules/side-channel": {
 			"version": "1.0.4",
 			"dev": true,
@@ -24310,6 +24334,51 @@
 				"is-typedarray": "^1.0.0"
 			}
 		},
+		"node_modules/typedoc": {
+			"version": "0.25.9",
+			"resolved": "https://registry.npmjs.org/typedoc/-/typedoc-0.25.9.tgz",
+			"integrity": "sha512-jVoGmfNw848iW0L313+jqHbsknepwDV6F9nzk1H30oWhKXkw65uaENgR6QtTw9a5KqRWEb6nwNd54KxffBJyWw==",
+			"dev": true,
+			"dependencies": {
+				"lunr": "^2.3.9",
+				"marked": "^4.3.0",
+				"minimatch": "^9.0.3",
+				"shiki": "^0.14.7"
+			},
+			"bin": {
+				"typedoc": "bin/typedoc"
+			},
+			"engines": {
+				"node": ">= 16"
+			},
+			"peerDependencies": {
+				"typescript": "4.6.x || 4.7.x || 4.8.x || 4.9.x || 5.0.x || 5.1.x || 5.2.x || 5.3.x"
+			}
+		},
+		"node_modules/typedoc/node_modules/brace-expansion": {
+			"version": "2.0.1",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"dev": true,
+			"dependencies": {
+				"balanced-match": "^1.0.0"
+			}
+		},
+		"node_modules/typedoc/node_modules/minimatch": {
+			"version": "9.0.3",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz",
+			"integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==",
+			"dev": true,
+			"dependencies": {
+				"brace-expansion": "^2.0.1"
+			},
+			"engines": {
+				"node": ">=16 || 14 >=14.17"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/isaacs"
+			}
+		},
 		"node_modules/typescript": {
 			"version": "5.3.3",
 			"dev": true,
@@ -24532,6 +24601,18 @@
 				"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
 			}
 		},
+		"node_modules/vscode-oniguruma": {
+			"version": "1.7.0",
+			"resolved": "https://registry.npmjs.org/vscode-oniguruma/-/vscode-oniguruma-1.7.0.tgz",
+			"integrity": "sha512-L9WMGRfrjOhgHSdOYgCt/yRMsXzLDJSL7BPrOZt73gU0iWO4mpqzqQzOz5srxqTvMBaR0XZTSrVWo4j55Rc6cA==",
+			"dev": true
+		},
+		"node_modules/vscode-textmate": {
+			"version": "8.0.0",
+			"resolved": "https://registry.npmjs.org/vscode-textmate/-/vscode-textmate-8.0.0.tgz",
+			"integrity": "sha512-AFbieoL7a5LMqcnOF04ji+rpXadgOXnZsxQr//r83kLPr7biP7am3g9zbaZIaBGwBRWeSvoMD4mgPdX3e4NWBg==",
+			"dev": true
+		},
 		"node_modules/walker": {
 			"version": "1.0.8",
 			"dev": true,
diff --git a/package.json b/package.json
index 9ead94fb..cb0e1d60 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,7 @@
 		"build": "npm run clean && npm run compile",
 		"clean": "rm -rf ./dist && rm -f ./tsconfig.tsbuildinfo",
 		"compile": "tsc --project tsconfig.json",
+		"docs": "rm -rf ./docs && typedoc src/index.ts",
 		"test": "jest --detectOpenHandles --testPathIgnorePatterns integration local-integration disconnection",
 		"test:integration": "jest --runInBand --testPathIgnorePatterns disconnection --detectOpenHandles --verbose true",
 		"test:local": "jest --runInBand --verbose true --detectOpenHandles local-integration",
@@ -14,9 +15,9 @@
 		"test:docker": "jest --runInBand --testPathIgnorePatterns disconnection local-integration --detectOpenHandles --verbose true",
 		"test:disconnect": "jest --runInBand --verbose true --detectOpenHandles disconnection",
 		"test&docs": "npm test && npm run docs",
-		"publish": "lerna run build && lerna run test && lerna publish",
+		"publish": "npm run build && npm run test && lerna publish",
 		"commit": "cz",
-		"publish:canary": "lerna run build && lerna run test && lerna publish --canary",
+		"publish:canary": "npm run build && npm run test && lerna publish --canary",
 		"prepare": "husky install",
 		"prepublishOnly": "npm run build",
 		"lint": "eslint 'src/**/*.{ts,tsx}'",
@@ -93,6 +94,7 @@
 		"semantic-release": "^22.0.12",
 		"semantic-release-lerna": "^2.1.0",
 		"ts-jest": "^29.1.1",
+		"typedoc": "^0.25.9",
 		"typescript": "^5.3.3"
 	},
 	"dependencies": {
diff --git a/src/oauth/__test__/.token-cache/oauth-token-clientId-CONSOLE.json b/src/oauth/__test__/.token-cache/oauth-token-clientId-CONSOLE.json
new file mode 100644
index 00000000..4015991c
--- /dev/null
+++ b/src/oauth/__test__/.token-cache/oauth-token-clientId-CONSOLE.json
@@ -0,0 +1 @@
+{"token":"something","audience":"CONSOLE","expiry":null}
\ No newline at end of file
diff --git a/src/oauth/__test__/OAuthImpl.spec.ts b/src/oauth/__test__/OAuthImpl.spec.ts
index aa7020cf..f842f0e3 100644
--- a/src/oauth/__test__/OAuthImpl.spec.ts
+++ b/src/oauth/__test__/OAuthImpl.spec.ts
@@ -1,8 +1,118 @@
+import fs from 'fs'
 import http from 'http'
+import path from 'path'
 
 import { OAuthProviderImpl } from '../lib/OAuthProviderImpl'
 
 jest.setTimeout(10000)
+
+const STORED_ENV = {}
+const ENV_VARS_TO_STORE = [
+	'CAMUNDA_TOKEN_CACHE_DIR',
+	'CAMUNDA_TOKEN_CACHE',
+	'CAMUNDA_TOKEN_SCOPE',
+]
+
+beforeAll(() => {
+	ENV_VARS_TO_STORE.forEach((e) => {
+		STORED_ENV[e] = process.env[e]
+		delete process.env[e]
+	})
+})
+
+afterAll(() => {
+	ENV_VARS_TO_STORE.forEach((e) => {
+		delete process.env[e]
+		if (STORED_ENV[e]) {
+			process.env[e] = STORED_ENV[e]
+		}
+	})
+})
+
+test('Gets the token cache dir from the environment', () => {
+	const tokenCacheDir = path.join(__dirname, '.token-cache')
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmSync(tokenCacheDir, {
+			recursive: true,
+			force: true,
+		})
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+	process.env.CAMUNDA_TOKEN_CACHE_DIR = tokenCacheDir
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'test',
+	})
+	expect(o).toBeTruthy()
+	expect(fs.existsSync(tokenCacheDir)).toBe(true)
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmdirSync(tokenCacheDir)
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+})
+
+test('Creates the token cache dir if it does not exist', () => {
+	process.env.CAMUNDA_TOKEN_CACHE_DIR = path.join(process.cwd(), '.token-cache')
+	const tokenCacheDir = OAuthProviderImpl.getTokenCacheDirFromEnv()
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmSync(tokenCacheDir, {
+			recursive: true,
+			force: true,
+		})
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'url',
+		userAgentString: 'test',
+	})
+	expect(o).toBeTruthy()
+	expect(fs.existsSync(tokenCacheDir)).toBe(true)
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmdirSync(tokenCacheDir)
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+})
+
+test('Throws in the constructor if the token cache is not writable', () => {
+	const tokenCacheDir = path.join(__dirname, '.token-cache')
+	process.env.CAMUNDA_TOKEN_CACHE_DIR = tokenCacheDir
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmSync(tokenCacheDir, {
+			recursive: true,
+			force: true,
+		})
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+	fs.mkdirSync(tokenCacheDir, 0o400)
+	expect(fs.existsSync(tokenCacheDir)).toBe(true)
+	let thrown = false
+	try {
+		const o = new OAuthProviderImpl({
+			audience: 'token',
+			clientId: 'clientId',
+			// file deepcode ignore HardcodedNonCryptoSecret/test: <please specify a reason of ignoring this>
+			clientSecret: 'clientSecret',
+			authServerUrl: 'url',
+			userAgentString: 'test',
+		})
+		expect(o).toBeTruthy()
+	} catch {
+		thrown = true
+	}
+	expect(thrown).toBe(true)
+	if (fs.existsSync(tokenCacheDir)) {
+		fs.rmdirSync(tokenCacheDir)
+	}
+	expect(fs.existsSync(tokenCacheDir)).toBe(false)
+})
+
 // Added test for https://github.com/camunda-community-hub/camunda-saas-oauth-nodejs/issues/8
 // "Can not renew expired token"
 // Updated test for https://github.com/camunda-community-hub/camunda-8-js-sdk/issues/3
@@ -52,3 +162,102 @@ test('In-memory cache is populated and evicted after timeout', (done) => {
 		server.close(() => done())
 	})
 })
+
+test('Uses form encoding for request', (done) => {
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'http://127.0.0.1:3001',
+		userAgentString: 'test',
+	})
+	const server = http
+		.createServer((req, res) => {
+			if (req.method === 'POST') {
+				let body = ''
+				req.on('data', (chunk) => {
+					body += chunk
+				})
+
+				req.on('end', () => {
+					res.writeHead(200, { 'Content-Type': 'application/json' })
+					res.end('{"token": "something"}')
+					server.close()
+					expect(body).toEqual(
+						'audience=token&client_id=clientId&client_secret=clientSecret&grant_type=client_credentials'
+					)
+					done()
+				})
+			}
+		})
+		.listen(3001)
+	o.getToken('CONSOLE').finally(() => server.close())
+})
+
+test('Passes scope, if provided', () => {
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		scope: 'scope',
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'http://127.0.0.1:3002',
+		userAgentString: 'test',
+	})
+	const server = http
+		.createServer((req, res) => {
+			if (req.method === 'POST') {
+				let body = ''
+				req.on('data', (chunk) => {
+					body += chunk
+				})
+
+				req.on('end', () => {
+					res.writeHead(200, { 'Content-Type': 'application/json' })
+					res.end('{"token": "something"}')
+
+					expect(body).toEqual(
+						'audience=token&client_id=clientId&client_secret=clientSecret&grant_type=client_credentials&scope=scope'
+					)
+				})
+			}
+		})
+		.listen(3002)
+
+	return o.getToken('CONSOLE').finally(() => {
+		return server.close()
+	})
+})
+
+test('Can get scope from environment', () => {
+	process.env.CAMUNDA_TOKEN_SCOPE = 'scope2'
+	const o = new OAuthProviderImpl({
+		audience: 'token',
+		clientId: 'clientId',
+		clientSecret: 'clientSecret',
+		authServerUrl: 'http://127.0.0.1:3003',
+		userAgentString: 'test',
+	})
+	const server = http
+		.createServer((req, res) => {
+			if (req.method === 'POST') {
+				let body = ''
+				req.on('data', (chunk) => {
+					body += chunk
+				})
+
+				req.on('end', () => {
+					res.writeHead(200, { 'Content-Type': 'application/json' })
+					res.end('{"token": "something"}')
+
+					expect(body).toEqual(
+						'audience=token&client_id=clientId&client_secret=clientSecret&grant_type=client_credentials&scope=scope2'
+					)
+				})
+			}
+		})
+		.listen(3003)
+
+	return o.getToken('CONSOLE').finally(() => {
+		return server.close()
+	})
+})
diff --git a/src/oauth/__test__/creds.spec.ts b/src/oauth/__test__/creds.spec.ts
index 9fdd3ee1..876ccf46 100644
--- a/src/oauth/__test__/creds.spec.ts
+++ b/src/oauth/__test__/creds.spec.ts
@@ -9,6 +9,9 @@ const keys = [
 	'ZEEBE_CLIENT_ID',
 	'ZEEBE_ADDRESS',
 	'ZEEBE_TOKEN_AUDIENCE',
+	'ZEEBE_TOKEN_SCOPE',
+	'ZEEBE_TENANT_ID',
+	'ZEEBE_SECURE_CONNECTION',
 	'CAMUNDA_CLUSTER_ID',
 	'CAMUNDA_CLUSTER_REGION',
 	'CAMUNDA_CREDENTIALS_SCOPES',
@@ -16,6 +19,8 @@ const keys = [
 	'CAMUNDA_OPTIMIZE_BASE_URL',
 	'CAMUNDA_OPERATE_BASE_URL',
 	'CAMUNDA_OAUTH_URL',
+	'CAMUNDA_TOKEN_SCOPE',
+	'CAMUNDA_TENANT_ID',
 ]
 
 const storage: { [key: string]: string | undefined } = {}
diff --git a/src/oauth/__test__/integration.spec.ts b/src/oauth/__test__/integration.spec.ts
index c3570bc9..3ed6301f 100644
--- a/src/oauth/__test__/integration.spec.ts
+++ b/src/oauth/__test__/integration.spec.ts
@@ -7,35 +7,33 @@ import { getZeebeToken } from '../lib/Zeebe'
 
 let o: OAuthProvider
 
-beforeAll(() => (o = new OAuthProvider('client-nodejs testing')))
+beforeAll(() => {
+	o = new OAuthProvider('client-nodejs testing')
+	o.flushFileCache()
+})
 
 test('Can get an Operate token from the environment vars', async () => {
 	const token = await o.getToken('OPERATE')
-	// console.log(token)
 	expect(typeof token).toBe('string')
 })
 
 test('Can get Operate token', async () => {
 	const token = await getOperateToken('client-nodejs testing')
-	// console.log('Operate token', token)
 	expect(typeof token).toBe('string')
 })
 
 test('Can get Optimize token', async () => {
 	const token = await getOptimizeToken('client-nodejs testing')
-	// console.log('Optimize token', token)
 	expect(typeof token).toBe('string')
 })
 
 test('Can get Tasklist token', async () => {
 	const token = await getTasklistToken('client-nodejs testing')
-	// console.log('Tasklist token', token)
 	expect(typeof token).toBe('string')
 })
 
 test('Can get Zeebe token', async () => {
 	const token = await getZeebeToken('client-nodejs testing')
-	// console.log('Zeebe token', token)
 	expect(typeof token).toBe('string')
 })
 
@@ -44,7 +42,6 @@ test('Can get a console token from the environment vars', async () => {
 		expect(true).toBe(true)
 	} else {
 		const token = await getConsoleToken('client-nodejs testing')
-		// console.log(token)
 		expect(typeof token).toBe('string')
 	}
 })
diff --git a/src/oauth/index.ts b/src/oauth/index.ts
index 4f62d8f7..4d30cb8f 100644
--- a/src/oauth/index.ts
+++ b/src/oauth/index.ts
@@ -17,6 +17,7 @@ export interface OAuthProviderConfig {
 	authServerUrl: string
 	/** OAuth Audience */
 	audience: string
+	scope?: string
 	clientId: string
 	clientSecret: string
 	userAgentString: string
diff --git a/src/oauth/lib/OAuthProviderImpl.ts b/src/oauth/lib/OAuthProviderImpl.ts
index 7a0a3925..6e7f09d9 100644
--- a/src/oauth/lib/OAuthProviderImpl.ts
+++ b/src/oauth/lib/OAuthProviderImpl.ts
@@ -20,7 +20,7 @@ type TokenGrantAudiences =
 
 export class OAuthProviderImpl {
 	private static readonly defaultTokenCache = `${homedir}/.camunda`
-	private static readonly getTokenCacheDirFromEnv = () =>
+	public static readonly getTokenCacheDirFromEnv = () =>
 		process.env.CAMUNDA_TOKEN_CACHE_DIR || OAuthProviderImpl.defaultTokenCache
 	private cacheDir: string
 	private zeebeAudience: string
@@ -33,12 +33,14 @@ export class OAuthProviderImpl {
 	private failureCount = 0
 	private userAgentString: string
 	private audience: string
+	private scope: string | undefined
 
 	constructor({
 		/** OAuth Endpoint URL */
 		authServerUrl,
 		/** OAuth Audience */
 		audience,
+		scope,
 		clientId,
 		clientSecret,
 		userAgentString,
@@ -48,6 +50,7 @@ export class OAuthProviderImpl {
 		this.audience = audience
 		this.clientId = clientId
 		this.clientSecret = clientSecret
+		this.scope = scope ?? process.env.CAMUNDA_TOKEN_SCOPE
 		this.useFileCache = process.env.CAMUNDA_TOKEN_CACHE !== 'memory-only'
 		this.cacheDir = OAuthProviderImpl.getTokenCacheDirFromEnv()
 
@@ -109,25 +112,33 @@ export class OAuthProviderImpl {
 							reject(e)
 						})
 				},
-				this.failed ? BACKOFF_TOKEN_ENDPOINT_FAILURE * this.failureCount : 1
+				this.failed ? BACKOFF_TOKEN_ENDPOINT_FAILURE * this.failureCount : 0
 			)
 		})
 	}
 
-	private makeDebouncedTokenRequest(audience: TokenGrantAudiences) {
-		// const form = {
-		//     audience: this.getAudience(audience),
-		//     client_id: this.clientId,
-		//     client_secret: this.clientSecret,
-		//     grant_type: 'client_credentials',
-		// };
+	public flushMemoryCache() {
+		this.tokenCache = {}
+	}
 
+	public flushFileCache() {
+		if (this.useFileCache) {
+			fs.readdirSync(this.cacheDir).forEach((file) => {
+				if (fs.existsSync(file)) {
+					fs.unlinkSync(file)
+				}
+			})
+		}
+	}
+
+	private makeDebouncedTokenRequest(audience: TokenGrantAudiences) {
 		const body = `audience=${this.getAudience(audience)}&client_id=${
 			this.clientId
 		}&client_secret=${this.clientSecret}&grant_type=client_credentials`
+		const bodyWithScope = this.scope ? `${body}&scope=${this.scope}` : body
 		return fetch(this.authServerUrl, {
 			method: 'POST',
-			body,
+			body: bodyWithScope,
 			headers: {
 				'content-type': 'application/x-www-form-urlencoded',
 				'user-agent': this.userAgentString,
@@ -182,19 +193,6 @@ export class OAuthProviderImpl {
 		this.tokenCache[key] = token
 	}
 
-	// private safeJSONParse(thing: any): Promise<Token> {
-	//     // tslint:disable-next-line: no-console
-	//     console.log(thing); // @DEBUG
-
-	//     return new Promise((resolve, reject) => {
-	//         try {
-	//             resolve(JSON.parse(thing));
-	//         } catch (e) {
-	//             reject(e);
-	//         }
-	//     });
-	// }
-
 	private retrieveFromFileCache(
 		clientId: string,
 		audience: TokenGrantAudiences
@@ -251,9 +249,6 @@ export class OAuthProviderImpl {
 
 	private isExpired(token: Token) {
 		const d = new Date()
-		// console.log('token.expiry', token.expiry)
-		// console.log('d.setSeconds(d.getSeconds())', d.setSeconds(d.getSeconds()))
-		// console.log(token.expiry - d.setSeconds(d.getSeconds()))
 		return token.expiry <= d.setSeconds(d.getSeconds())
 	}
 
diff --git a/src/tasklist/__test__/tasklist.integration.spec.ts b/src/tasklist/__test__/tasklist.integration.spec.ts
index 831f143a..3db1b060 100644
--- a/src/tasklist/__test__/tasklist.integration.spec.ts
+++ b/src/tasklist/__test__/tasklist.integration.spec.ts
@@ -16,8 +16,6 @@ let def: DeployProcessResponse
 const delay = (ms: number) =>
 	new Promise((resolve) => setTimeout(() => resolve(null), ms))
 
-process.env.DEBUG = 'camunda:token' // @DEBUG
-
 describe('TasklistApiClient', () => {
 	const zbc = new ZBClient({
 		loglevel: 'NONE',
@@ -115,16 +113,12 @@ describe('TasklistApiClient', () => {
 
 		it('will not allow a task to be claimed twice', async () => {
 			const tasklist = new TasklistApiClient()
-			// console.log('Zeebe Client ID', process.env.ZEEBE_CLIENT_ID)
-			// console.log('Zeebe Client Secret', process.env.ZEEBE_CLIENT_SECRET)
 
 			const tasks = await tasklist.getTasks({ state: 'CREATED' })
-			// console.log('Tasks', JSON.stringify(tasks, null, 2))
 			const task = await tasklist.assignTask({
 				taskId: tasks[0].id,
 				assignee: 'jwulf',
 			})
-			console.log('Task', JSON.stringify(task, null, 2))
 			expect(task).toBeTruthy()
 			let threw = false
 			try {
@@ -140,15 +134,6 @@ describe('TasklistApiClient', () => {
 		})
 
 		it('can unclaim task', async () => {
-			// const creds = {
-			//     authServerUrl: process.env.CAMUNDA_OAUTH_URL!,
-			//     clientId: process.env.ZEEBE_CLIENT_ID!,
-			//     clientSecret: process.env.ZEEBE_CLIENT_SECRET!,
-			//     audience: process.env.ZEEBE_TOKEN_AUDIENCE!,
-			//     scopes: process.env.CAMUNDA_CREDENTIALS_SCOPES!,
-			//     tokenUrl: process.env.CAMUNDA_OAUTH_TOKEN_URL!,
-			// }
-			// const oAuth = new OAuthProviderImpl({ ...creds, userAgentString: 'test' })
 			const tasklist = new TasklistApiClient(/*{ oauthProvider: oAuth }*/)
 			const tasks = await tasklist.getTasks({ state: 'CREATED' })
 			const taskId = tasks[0].id
@@ -180,18 +165,7 @@ describe('TasklistApiClient', () => {
 		})
 
 		it('can complete a Task', async () => {
-			// const creds = {
-			//     authServerUrl: process.env.CAMUNDA_OAUTH_URL!,
-			//     clientId: process.env.ZEEBE_CLIENT_ID!,
-			//     clientSecret: process.env.ZEEBE_CLIENT_SECRET!,
-			//     audience: process.env.ZEEBE_TOKEN_AUDIENCE!,
-			//     scopes: process.env.CAMUNDA_CREDENTIALS_SCOPES!,
-			//     tokenUrl: process.env.CAMUNDA_OAUTH_TOKEN_URL!,
-			// }
-			// const oAuth = new OAuthProviderImpl({ ...creds, userAgentString: 'test' })
 			const tasklist = new TasklistApiClient(/*{ oauthProvider: oAuth }*/)
-			console.log('Can complete a Task')
-			// console.log(creds)
 			const tasks = await tasklist.getTasks({ state: 'CREATED' })
 			const taskid = tasks[0].id
 			expect(tasks.length).toBeGreaterThan(0)