fix: Fix downscope token to use retrieveToken method for token retrieval (box/box-codegen#731)

.codegen.json

@@ -1 +1 @@
-{ "engineHash": "0be574b", "specHash": "a8825be", "version": "0.6.1" }
+{ "engineHash": "20cb559", "specHash": "a8825be", "version": "0.6.1" }

Sources/Box/CcgAuth/BoxCCGAuth.swift

@@ -93,7 +93,7 @@ public class BoxCCGAuth: Authentication {
     /// - Returns: The `AccessToken`.
     /// - Throws: The `GeneralError`.
     public func downscopeToken(scopes: [String], resource: String? = nil, sharedLink: String? = nil, networkSession: NetworkSession? = nil) async throws -> AccessToken {
-        let token: AccessToken? = try await self.tokenStorage.get()
+        let token: AccessToken? = try await self.retrieveToken(networkSession: networkSession)
         if token == nil {
             throw BoxSDKError(message: "No access token is available. Make an API call to retrieve a token before calling this method.")
         }

Sources/Box/DeveloperTokenAuth/BoxDeveloperTokenAuth.swift

@@ -76,7 +76,7 @@ public class BoxDeveloperTokenAuth: Authentication {
     /// - Returns: The `AccessToken`.
     /// - Throws: The `GeneralError`.
     public func downscopeToken(scopes: [String], resource: String? = nil, sharedLink: String? = nil, networkSession: NetworkSession? = nil) async throws -> AccessToken {
-        let token: AccessToken? = try await self.tokenStorage.get()
+        let token: AccessToken? = try await self.retrieveToken(networkSession: networkSession)
         if token == nil || token!.accessToken == nil {
             throw BoxSDKError(message: "No access token is available.")
         }

Sources/Box/Oauth/BoxOAuth.swift

@@ -101,7 +101,7 @@ public class BoxOAuth: Authentication {
     /// - Returns: The `AccessToken`.
     /// - Throws: The `GeneralError`.
     public func downscopeToken(scopes: [String], resource: String? = nil, sharedLink: String? = nil, networkSession: NetworkSession? = nil) async throws -> AccessToken {
-        let token: AccessToken? = try await self.tokenStorage.get()
+        let token: AccessToken? = try await self.retrieveToken(networkSession: networkSession)
         if token == nil || token!.accessToken == nil {
             throw BoxSDKError(message: "No access token is available.")
         }

Tests/Auth/AuthManagerTests.swift

@@ -11,6 +11,13 @@ class AuthManagerTests: XCTestCase {
         XCTAssertTrue(authUrl == "https://account.box.com/api/oauth2/authorize?client_id=OAUTH_CLIENT_ID&response_type=code" || authUrl == "https://account.box.com/api/oauth2/authorize?response_type=code&client_id=OAUTH_CLIENT_ID")
     }
 
+    public func testOauthDownscopeTokenSucceedsIfNoTokenAvailable() async throws {
+        let config: OAuthConfig = OAuthConfig(clientId: Utils.getEnvironmentVariable(name: "CLIENT_ID"), clientSecret: Utils.getEnvironmentVariable(name: "CLIENT_SECRET"))
+        let auth: BoxOAuth = BoxOAuth(config: config)
+        let resourcePath: String = "\("https://api.box.com/2.0/files/12345")"
+        await XCTAssertThrowsErrorAsync(try await auth.downscopeToken(scopes: ["item_rename", "item_preview"], resource: resourcePath))
+    }
+
     public func testCcgAuth() async throws {
         let userId: String = Utils.getEnvironmentVariable(name: "USER_ID")
         let enterpriseId: String = Utils.getEnvironmentVariable(name: "ENTERPRISE_ID")
@@ -42,6 +49,15 @@ class AuthManagerTests: XCTestCase {
         try await parentClient.folders.deleteFolderById(folderId: folder.id)
     }
 
+    public func testCcgDownscopeTokenSucceedsIfNoTokenAvailable() async throws {
+        let ccgConfig: CCGConfig = CCGConfig(clientId: Utils.getEnvironmentVariable(name: "CLIENT_ID"), clientSecret: Utils.getEnvironmentVariable(name: "CLIENT_SECRET"), userId: Utils.getEnvironmentVariable(name: "USER_ID"))
+        let auth: BoxCCGAuth = BoxCCGAuth(config: ccgConfig)
+        let downscopedToken: AccessToken = try await auth.downscopeToken(scopes: ["root_readonly"])
+        XCTAssertTrue(downscopedToken.accessToken != nil)
+        let downscopedClient: BoxClient = BoxClient(auth: BoxDeveloperTokenAuth(token: downscopedToken.accessToken!))
+        await XCTAssertThrowsErrorAsync(try await downscopedClient.uploads.uploadFile(requestBody: UploadFileRequestBody(attributes: UploadFileRequestBodyAttributesField(name: Utils.getUUID(), parent: UploadFileRequestBodyAttributesParentField(id: "0")), file: Utils.generateByteStream(size: 1024 * 1024))))
+    }
+
     public func testCcgAuthRevoke() async throws {
         let ccgConfig: CCGConfig = CCGConfig(clientId: Utils.getEnvironmentVariable(name: "CLIENT_ID"), clientSecret: Utils.getEnvironmentVariable(name: "CLIENT_SECRET"), userId: Utils.getEnvironmentVariable(name: "USER_ID"))
         let auth: BoxCCGAuth = BoxCCGAuth(config: ccgConfig)
@@ -52,6 +68,13 @@ class AuthManagerTests: XCTestCase {
         XCTAssertTrue(tokenFromStorageBeforeRevoke.accessToken != tokenFromStorageAfterRevoke.accessToken)
     }
 
+    public func testDeveloperDownscopeTokenSucceedsIfNoTokenAvailable() async throws {
+        let developerTokenConfig: DeveloperTokenConfig = DeveloperTokenConfig(clientId: Utils.getEnvironmentVariable(name: "CLIENT_ID"), clientSecret: Utils.getEnvironmentVariable(name: "CLIENT_SECRET"))
+        let auth: BoxDeveloperTokenAuth = BoxDeveloperTokenAuth(token: "", config: developerTokenConfig)
+        let resourcePath: String = "\("https://api.box.com/2.0/folders/12345")"
+        await XCTAssertThrowsErrorAsync(try await auth.downscopeToken(scopes: ["item_rename", "item_preview"], resource: resourcePath))
+    }
+
     public func getAccessToken() async throws -> AccessToken {
         let userId: String = Utils.getEnvironmentVariable(name: "USER_ID")
         let enterpriseId: String = Utils.getEnvironmentVariable(name: "ENTERPRISE_ID")