feat(medusa): Authentication overhaul (#4064)

* implemented bearer auth

* changed naming strat

* changed session auth to not use jwt

* typo

* changed auth header prefix for admin api token auth

* fixed supporting functions to work with new session type

* removed database calls for bearer auth improving performance

* removed unused deps

* changed auth in tests

* added integration tests

* Accepted suggested change

Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com>

* Typo

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

* more typos

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

* proper formatting

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

* removed endregion

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

* removed startregion

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

* fixed admin JWT integration test

* added more fixes to integration tests

* Update OAS

* Create fluffy-donkeys-hope.md

* created API reference for new auth

* implemented getToken in medusa-js

* Apply suggestions from code review

Co-authored-by: Shahed Nasser <shahednasser@gmail.com>

* Apply suggestions from code review

Co-authored-by: Shahed Nasser <shahednasser@gmail.com>

* deleted files which should be autogenerated

* Update fluffy-donkeys-hope.md

* JSDoc update

Co-authored-by: Oli Juhl <59018053+olivermrbl@users.noreply.github.com>

* added missing route exports

* implemented runtime domain safety in jwt token manager

* fixed jwt manager

* lint get-token files

* Update fluffy-donkeys-hope.md

* Revert "deleted files which should be autogenerated"

This reverts commit cd5e86623b822e6a6ac37322b952143ccc493df9.

* Revert "Apply suggestions from code review"

This reverts commit f02f07ce58fd9fcc2dfc80cadbb9df2665108d65.

* Revert "created API reference for new auth"

This reverts commit c9eafbb36453f5cf8047c79e94f470cb2d023c7d.

* renamed header for sending api access tokens

* medusa-js - changed apiKey header

---------

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>
Co-authored-by: Carlos R. L. Rodrigues <37986729+carlos-r-l-rodrigues@users.noreply.github.com>
Co-authored-by: olivermrbl <oliver@mrbltech.com>
Co-authored-by: Shahed Nasser <shahednasser@gmail.com>

integration-tests/api/__tests__/admin/auth.js

@@ -47,4 +47,20 @@ describe("/admin/auth", () => {
       updated_at: expect.any(String),
     })
   })
+
+  it("creates admin JWT token correctly", async () => {
+    const api = useApi()
+
+    const response = await api
+      .post("/admin/auth/token", {
+        email: "admin@medusa.js",
+        password: "secret_password",
+      })
+      .catch((err) => {
+        console.log(err)
+      })
+
+    expect(response.status).toEqual(200)
+    expect(response.data.access_token).toEqual(expect.any(String))
+  })
 })