feat(auth): auth extensions

Introduces TokenManager and supporting classes to handle token acquisition, automatic
refresh, and updates via identity providers. This foundation enables consistent
authentication token management across different identity provider implementations.

Key additions:
- Add TokenManager to obtain and maintain auth tokens from identity providers
  with automated refresh scheduling based on TTL and configurable thresholds
- Add IdentityProvider interface for token acquisition from auth providers
- Implement Token class for managing token state and TTL tracking
- Include configurable retry mechanism with exponential backoff and jitter
- Add comprehensive test suite covering refresh cycles and error handling

This change establishes the core infrastructure needed for reliable token
lifecycle management across different authentication providers.

Author: bobymicroby

package-lock.json

@@ -0,0 +1,13 @@
+export { TokenManager, TokenManagerConfig, TokenStreamListener, RetryPolicy, IDPError } from './lib/token-manager';
+export {
+  CredentialsProvider,
+  StreamingCredentialsProvider,
+  UnableToObtainNewCredentialsError,
+  CredentialsError,
+  StreamingCredentialsListener,
+  AsyncCredentialsProvider,
+  ReAuthenticationError,
+  BasicAuth
+} from './lib/credentials-provider';
+export { Token } from './lib/token';
+export { IdentityProvider, TokenResponse } from './lib/identity-provider';

packages/authx/index.ts

@@ -1,3 +1,4 @@
+
 /**
  * Provides credentials asynchronously.
  */
@@ -66,12 +67,6 @@ export type StreamingCredentialsListener<T> = {
   onError: (e: Error) => void;
 }
 
-/**
- * Disposable is an interface for objects that hold resources that should be released when they are no longer needed.
- */
-export type Disposable = {
-  dispose: () => void;
-}
 
 /**
  * Providers that can supply authentication credentials

packages/client/lib/client/authx/credentials-provider.ts packages/authx/lib/credentials-provider.ts

@@ -0,0 +1,22 @@
+/**
+ * An identity provider is responsible for providing a token that can be used to authenticate with a service.
+ */
+
+/**
+ * The response from an identity provider when requesting a token.
+ *
+ * note: "native" refers to the type of the token that the actual identity provider library is using.
+ *
+ * @type T The type of the native idp token.
+ * @property token The token.
+ * @property ttlMs The time-to-live of the token in epoch milliseconds extracted from the native token in local time.
+ */
+export type TokenResponse<T> = { token: T, ttlMs: number };
+
+export interface IdentityProvider<T> {
+  /**
+   * Request a token from the identity provider.
+   * @returns A promise that resolves to an object containing the token and the time-to-live in epoch milliseconds.
+   */
+  requestToken(): Promise<TokenResponse<T>>;
+}