web/server/tokenManager.ts

import { env } from "@/env/server"

import { ServiceTokenResponse } from "@/types/tokens"

const SERVICE_TOKEN_REVALIDATE_SECONDS = 3599 // 59 minutes and 59 seconds.

export async function fetchServiceToken(
  scopes: string[]
): Promise<ServiceTokenResponse> {
  try {
    const response = await fetch(`${env.CURITY_ISSUER_USER}/oauth/v2/token`, {
      method: "POST",
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
        Accept: "application/json",
      },
      body: new URLSearchParams({
        grant_type: "client_credentials",
        client_id: env.CURITY_CLIENT_ID_SERVICE,
        client_secret: env.CURITY_CLIENT_SECRET_SERVICE,
        scope: scopes.join(","),
      }),
      next: {
        revalidate: SERVICE_TOKEN_REVALIDATE_SECONDS,
      },
    })

    if (!response.ok) {
      throw new Error("Failed to obtain service token")
    }

    return response.json()
  } catch (error) {
    console.error("Error fetching service token:", error)
    throw error
  }
}