Feature/oauth token from backend#17
Open
smoghe-bw wants to merge 13 commits into
Open
Conversation
Port the Express backend from javascript-brtc-sdk-sample-app into ./server so the dialpad is a single-repo story. The backend now owns every call to the Bandwidth platform: - GET /access-token — mints a short-lived OAuth access token from BW_ID_CLIENT_ID/SECRET. The browser hands this to BandwidthUA.setOAuthToken. Client credentials never leave the server; no long-lived token in the bundle. - /bwapi/* — same-origin relay to api.bandwidth.com so the SDK's endpoint- creation POST avoids a browser CORS preflight. Replaces the old setupProxy.js. - /callbacks/bandwidth, /calls/answer, /calls/status — existing BRTC + Voice callback handlers, plus a small patch in placeCall() that auto-registers SDK-created endpoints (dialpad's SDK creates its own endpoints, they don't come from the server's /token pool). package.json picks up express/cors/dotenv/bandwidth-sdk/http-proxy-middleware deps, adds concurrently + tsx to run `npm start` → server (:3000) + React (:3001) together, and sets `"proxy": "http://localhost:3000"` so the dev server forwards non-asset requests to the backend. DialPad.js now fetches /access-token at mount and wires gatewayUrl / httpBaseUrl / eventCallbackUrl into the BandwidthUA constructor so env overrides actually propagate. setupProxy.js is removed — the backend is the only proxy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Aggressively pruned the migration guide diff: - server/index.ts: removed all call-bridging, endpoint pooling, endpoint creation, BXML routing, debug routes. Kept only the OAuth token endpoint customers need to copy: /access-token (client-credentials exchange) + caching. - Removed server/types.ts (unused stub) - .env.example: cut from 46→12 lines (only required vars for OAuth token endpoint) - README.md: removed detailed setup/callback sections, kept only: "fetch OAuth token from backend" pattern (the actual migration diff) - package.json: removed bandwidth-sdk and http-proxy-middleware (unused) The sample is now a true migration guide: customers see exactly what they need to add to migrate v1→v2 SDK without distraction. Before: 813 net insertions. After: 91 net insertions (-682 lines). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DialPad.js reads REACT_APP_GATEWAY_URL, REACT_APP_HTTP_BASE_URL, and REACT_APP_EVENT_CALLBACK_URL when constructing BandwidthUA; .env.example needs to list them so customers know to set them. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
REACT_APP_GATEWAY_URL and REACT_APP_HTTP_BASE_URL match the production defaults from the brtc SDK. REACT_APP_EVENT_CALLBACK_URL stays blank with a comment because it's customer-specific. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drop the Express backend OAuth client-credentials flow. Customers now pass their Signum JWT directly via REACT_APP_AUTH_TOKEN env var, matching the original v1 sample pattern. The SDK v2 extracts accountId from JWT claims as a fallback. This simplifies the sample with ~zero diff from master. Removed: - server/ directory (Express backend) - Backend-only deps: express, axios, dotenv, cors, ts-node, typescript, @types/* - Proxy field from package.json - concurrently script and server startup logic Changed: - DialPad.js: synchronous initialization with env var token (no fetchAuthToken) - .env.example: dropped BW_ID_* keys, kept only REACT_APP_* vars - README.md: simplified to reflect env var approach, removed OAuth narrative Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The sample now configures only accountId and the OAuth token; gateway, REST, and event-callback URLs come from the SDK's production defaults. README calls this out so customers do the same in their own apps. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The v2 SDK's endpoint-creation POST is browser-blocked by CORS because api.bandwidth.com does not send Access-Control-Allow-Origin. This is dev-only — production apps need a proper backend or will need to wait for the Bandwidth-hosted minting service (TODO'd in the SDK). DialPad.js now honors REACT_APP_HTTP_BASE_URL / GATEWAY_URL / EVENT_CALLBACK_URL when set in .env, falling back to SDK defaults when unset so customer migrations still require zero code changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
http-proxy-middleware v3 rewrote /bwapi → /v2/... with the old config but the target was receiving /accounts/... (no /v2 prefix), so api.bandwidth.com 404'd. Moving /v2 into the target URL. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.