Feat: oauth pkce support workspace id

config/vitest-config/src/preset-default.ts

@@ -20,7 +20,7 @@ export const defaultVitestConfig: ViteUserConfig = {
       all: true,
       exclude: coverageConfigDefaults.exclude,
       provider: 'v8',
-      reporter: ['text', 'html', 'clover', 'json', 'v8', 'istanbul'],
+      reporter: ['cobertura', 'text', 'html', 'clover', 'json', 'json-summary'],
     },
   },
 };

examples/coze-js-node/src/auth/auth-oauth-device.ts

@@ -7,7 +7,12 @@
  * The process involves obtaining a device code, displaying it to the user, and then polling for the access token.
  */
 
-import { APIError, getDeviceCode, getDeviceToken } from '@coze/api';
+import {
+  APIError,
+  getDeviceCode,
+  getDeviceToken,
+  refreshOAuthToken,
+} from '@coze/api';
 
 import config from '../config/config';
 import { sleep } from '../client';
@@ -44,9 +49,18 @@ while (true) {
       deviceCode: deviceCode.device_code,
     });
 
-    // If successful, log the token and exit the loop
     if (deviceToken.access_token) {
       console.log('deviceToken', deviceToken);
+
+      // You can refresh the access token if it expires
+      const refreshToken = deviceToken.refresh_token;
+      const refreshTokenResult = await refreshOAuthToken({
+        baseURL,
+        clientId,
+        refreshToken,
+      });
+      console.log('refreshTokenResult', refreshTokenResult);
+
       break;
     }
   } catch (error) {

packages/coze-js/src/auth.ts

@@ -64,6 +64,12 @@ export const getPKCEAuthenticationUrl = async (
     code_challenge: codeChallenge,
     code_challenge_method: config.code_challenge_method || 'S256',
   });
+  if (config.workspaceId) {
+    return {
+      url: `${baseUrl}/api/permission/oauth2/workspace_id/${config.workspaceId}/authorize?${params.toString()}`,
+      codeVerifier,
+    };
+  }
   return {
     url: `${baseUrl}/api/permission/oauth2/authorize?${params.toString()}`,
     codeVerifier,
@@ -151,7 +157,12 @@ export const getDeviceCode = async (
   }
   const api = new APIClient({ token: '', baseURL: config.baseURL });
 
-  const apiUrl = '/api/permission/oauth2/device/code';
+  let apiUrl;
+  if (config.workspaceId) {
+    apiUrl = `/api/permission/oauth2/workspace_id/${config.workspaceId}/device/code`;
+  } else {
+    apiUrl = '/api/permission/oauth2/device/code';
+  }
   const payload = {
     client_id: config.clientId,
   };
@@ -264,6 +275,7 @@ export interface WebAuthenticationConfig {
 
 export interface PKCEAuthenticationConfig extends WebAuthenticationConfig {
   code_challenge_method?: string;
+  workspaceId?: string;
 }
 
 export interface WebOAuthTokenConfig {
@@ -292,6 +304,7 @@ export interface RefreshOAuthTokenConfig {
 export interface DeviceCodeConfig {
   baseURL?: string;
   clientId: string;
+  workspaceId?: string;
 }
 
 export interface DeviceTokenConfig {

packages/coze-js/test/auth.spec.ts

@@ -126,6 +126,18 @@ describe('Auth functions', () => {
       expect(url).toContain('&code_challenge_method=S256');
       expect(codeVerifier).toBeTruthy();
     });
+
+    it('should return the correct PKCE authentication URL with workspaceId', async () => {
+      const { url, codeVerifier } = await getPKCEAuthenticationUrl({
+        ...mockConfig,
+        workspaceId: '123',
+      });
+      expect(url).toContain(
+        'https://www.coze.com/api/permission/oauth2/workspace_id/123/authorize?response_type=code&client_id=test-client-id&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&state=test-state&code_challenge=',
+      );
+      expect(url).toContain('&code_challenge_method=S256');
+      expect(codeVerifier).toBeTruthy();
+    });
   });
 
   describe('getOAuthToken', () => {
@@ -185,6 +197,29 @@ describe('Auth functions', () => {
         undefined,
       );
     });
+    it('should return the correct device code with workspaceId', async () => {
+      const mockPost = vi
+        .fn()
+        .mockResolvedValue({ device_code: 'test-device-code' });
+      (APIClient as unknown as vi.Mock).mockImplementation(() => ({
+        post: mockPost,
+      }));
+
+      await getDeviceCode({
+        clientId: mockConfig.clientId,
+        baseURL: mockConfig.baseURL,
+        workspaceId: '123',
+      });
+
+      expect(mockPost).toHaveBeenCalledWith(
+        '/api/permission/oauth2/workspace_id/123/device/code',
+        {
+          client_id: mockConfig.clientId,
+        },
+        false,
+        undefined,
+      );
+    });
   });
 
   describe('getDeviceToken', () => {

packages/realtime-api/test/client.spec.ts

@@ -1,5 +1,6 @@
 import VERTC from '@volcengine/rtc';
 
+import * as RealtimeUtils from '../src/utils';
 import { RealtimeAPIError } from '../src/error';
 import { EngineClient } from '../src/client';
 
@@ -96,14 +97,14 @@ describe('EngineClient', () => {
 
   describe('getDevices', () => {
     it('should return audio input devices', async () => {
-      const devices = await client.getDevices();
+      const devices = await RealtimeUtils.getAudioDevices();
       expect(devices.audioInputs).toHaveLength(2);
     });
     it('should handle device enumeration errors', async () => {
       (VERTC.enumerateDevices as vi.Mock).mockRejectedValue(
         new Error('Enumeration failed'),
       );
-      await expect(client.getDevices()).rejects.toThrow(Error);
+      await expect(RealtimeUtils.getAudioDevices()).rejects.toThrow(Error);
     });
   });