[MAIN] [STRATCONN-6246] added OAUTH2.0 in taxonomy API in yahoo audiences (#3659)

* STRATCONN-6246 added OAUTH2.0 in taxonomy API in yahoo audiences

* Code refactored

---------

Co-authored-by: Prithviraj-rathore-segment <[email protected]>

Author: AnkitSegment

packages/destination-actions/src/destinations/yahoo-audiences/__tests__/index.test.ts

@@ -44,6 +44,11 @@ describe('Yahoo Audiences', () => {
 
     describe('Success cases', () => {
       it('It should create the audience successfully', async () => {
+        // Mock the token endpoint called by get_taxonomy_access_token inside update_taxonomy
+        nock('https://id.b2b.yahooincapis.com').post('/zts/v1/oauth2/token').reply(200, {
+          access_token: 'fake-taxonomy-access-token'
+        })
+
         nock('https://datax.yahooapis.com').put(`/v1/taxonomy/append/${ENGAGE_SPACE_ID}`).reply(202, {
           anything: '123'
         })

packages/destination-actions/src/destinations/yahoo-audiences/index.ts

@@ -1,17 +1,18 @@
-import type { AudienceDestinationDefinition, ModifiedResponse } from '@segment/actions-core'
+import type { AudienceDestinationDefinition } from '@segment/actions-core'
 import { defaultValues, IntegrationError } from '@segment/actions-core'
 import type { Settings, AudienceSettings } from './generated-types'
-import { generate_jwt } from './utils-rt'
 import updateSegment from './updateSegment'
-import { gen_customer_taxonomy_payload, gen_segment_subtaxonomy_payload, update_taxonomy } from './utils-tax'
+import {
+  gen_customer_taxonomy_payload,
+  gen_segment_subtaxonomy_payload,
+  update_taxonomy,
+  get_taxonomy_access_token
+} from './utils-tax'
 type PersonasSettings = {
   computation_id: string
   computation_key: string
   parent_id: string
 }
-interface RefreshTokenResponse {
-  access_token: string
-}
 
 const destination: AudienceDestinationDefinition<Settings, AudienceSettings> = {
   name: 'Yahoo Audiences',
@@ -80,22 +81,8 @@ const destination: AudienceDestinationDefinition<Settings, AudienceSettings> = {
         rt_client_secret = auth.clientSecret
       }
 
-      const prefixed_client_id = `idb2b.dsp.datax.${rt_client_key}`
-      const jwt = generate_jwt(prefixed_client_id, rt_client_secret)
-      const res: ModifiedResponse<RefreshTokenResponse> = await request<RefreshTokenResponse>(
-        'https://id.b2b.yahooincapis.com/zts/v1/oauth2/token',
-        {
-          method: 'POST',
-          body: new URLSearchParams({
-            client_assertion: jwt,
-            client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
-            grant_type: 'client_credentials',
-            scope: 'idb2b.dsp.datax:role.online.writer',
-            aud: 'https://id.b2b.yahooincapis.com/zts/v1'
-          })
-        }
-      )
-      const rt_access_token = res.data.access_token
+      // Use shared token fetching utility (handles prefixing, JWT generation, and token request)
+      const rt_access_token = await get_taxonomy_access_token(request, rt_client_key, rt_client_secret)
       return { accessToken: rt_access_token }
     }
   },

packages/destination-actions/src/destinations/yahoo-audiences/types.ts

@@ -32,3 +32,7 @@ export interface YahooSubTaxonomy {
   engage_space_id: string
   //identifier: string
 }
+
+export interface TokenResponse {
+  access_token: string
+}

packages/destination-actions/src/destinations/yahoo-audiences/utils-tax.ts

@@ -1,8 +1,15 @@
 import type { Settings } from './generated-types'
-import { createHmac } from 'crypto'
-import { CredsObj, YahooSubTaxonomy } from './types'
+import type { ModifiedResponse } from '@segment/actions-core'
+import { CredsObj, YahooSubTaxonomy, TokenResponse } from './types'
 import { RequestClient, IntegrationError } from '@segment/actions-core'
 import { StatsClient } from '@segment/actions-core/destination-kit'
+import { generate_jwt } from './utils-rt'
+
+// Constants for Yahoo Taxonomy API
+const TAXONOMY_CLIENT_KEY_PREFIX = 'idb2b.dsp.datax'
+const TAXONOMY_TOKEN_ENDPOINT = 'https://id.b2b.yahooincapis.com/zts/v1/oauth2/token'
+const TAXONOMY_AUDIENCE_URL = 'https://id.b2b.yahooincapis.com/zts/v1'
+const TAXONOMY_SCOPE = 'idb2b.dsp.datax:role.online.writer'
 
 export function gen_customer_taxonomy_payload(settings: Settings) {
   const data = {
@@ -45,26 +52,45 @@ export function gen_random_id(length: number): string {
   return random_id.join('')
 }
 
-export function gen_oauth1_signature(client_key: string, client_secret: string, method: string, url: string) {
-  // Following logic in #9 https://oauth.net/core/1.0a/#sig_norm_param
-  const timestamp = Math.floor(new Date().getTime() / 1000)
-  const nonce = gen_random_id(15)
+/**
+ * Obtains a short-lived OAuth 2.0 Bearer token for the Taxonomy API using the
+ * same JWT client-credentials flow used by the Online (Realtime) API.
+ * @param request RequestClient for making HTTP requests
+ * @param tx_client_key Taxonomy API client key (will be prefixed with 'idb2b.dsp.datax.')
+ * @param tx_client_secret Taxonomy API client secret
+ * @returns OAuth 2.0 access token
+ */
+export async function get_taxonomy_access_token(
+  request: RequestClient,
+  tx_client_key: string,
+  tx_client_secret: string
+): Promise<string> {
+  // Prefix the client key as required by Yahoo's Taxonomy API
+  const prefixed_client_key = `${TAXONOMY_CLIENT_KEY_PREFIX}.${tx_client_key}`
+
+  // Generate JWT using the shared utility
+  const jwt = generate_jwt(prefixed_client_key, tx_client_secret)
+
+  const res: ModifiedResponse<TokenResponse> = await request<TokenResponse>(TAXONOMY_TOKEN_ENDPOINT, {
+    method: 'POST',
+    body: new URLSearchParams({
+      client_assertion: jwt,
+      client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+      grant_type: 'client_credentials',
+      scope: TAXONOMY_SCOPE,
+      aud: TAXONOMY_AUDIENCE_URL
+    })
+  })
 
-  const param_string = `oauth_consumer_key=${encodeURIComponent(client_key)}&oauth_nonce=${encodeURIComponent(
-    nonce
-  )}&oauth_signature_method=${encodeURIComponent('HMAC-SHA1')}&oauth_timestamp=${encodeURIComponent(
-    timestamp
-  )}&oauth_version=${encodeURIComponent('1.0')}`
+  if (!res?.data?.access_token) {
+    throw new IntegrationError(
+      'Failed to obtain taxonomy access token - missing access_token in response',
+      'YAHOO_TAXONOMY_TOKEN_ERROR',
+      500
+    )
+  }
 
-  const base_string = `${method.toUpperCase()}&${encodeURIComponent(url)}&${encodeURIComponent(param_string)}`
-  const encoded_client_secret = encodeURIComponent(client_secret)
-  const signature = encodeURIComponent(
-    createHmac('sha1', encoded_client_secret + '&')
-      .update(base_string)
-      .digest('base64')
-  )
-  const oauth1_auth_string = `OAuth oauth_consumer_key="${client_key}", oauth_nonce="${nonce}", oauth_signature="${signature}", oauth_signature_method="HMAC-SHA1", oauth_timestamp="${timestamp}", oauth_version="1.0"`
-  return oauth1_auth_string
+  return res.data.access_token
 }
 
 export async function update_taxonomy(
@@ -78,13 +104,16 @@ export async function update_taxonomy(
   const tx_client_secret = tx_creds.tx_client_secret
   const tx_client_key = tx_creds.tx_client_key
   const url = `https://datax.yahooapis.com/v1/taxonomy/append${engage_space_id.length > 0 ? '/' + engage_space_id : ''}`
-  const oauth1_auth_string = gen_oauth1_signature(tx_client_key, tx_client_secret, 'PUT', url)
+
+  // Get a short-lived Bearer token using the same JWT client-credentials flow as the Online API
+  const access_token = await get_taxonomy_access_token(request, tx_client_key, tx_client_secret)
+
   try {
     const add_segment_node = await request(url, {
       method: 'PUT',
       body: body_form_data,
       headers: {
-        Authorization: oauth1_auth_string,
+        Authorization: `Bearer ${access_token}`,
         'Content-Type': 'multipart/form-data; boundary=SEGMENT-DATA'
       }
     })