Add comments, fix avatar API call

server/idapiProxy.ts

@@ -100,6 +100,25 @@ const idapiOrOAuthHeaders = ({
 	}
 };
 
+/**
+ * Prepares the options object for a fetch request to IDAPI
+ * or Avatar API (AAPI).
+ *
+ * @param options - The options object to prepare
+ * @param options.sendAuthHeader - Whether to send the access token or IDAPI cookies
+ * in the request
+ * @param options.useOkta - Whether to use Okta for authentication
+ * @param options.path - The path to the IDAPI endpoint (e.g. '/user/me')
+ * @param options.subdomain - The subdomain of the IDAPI endpoint
+ * (e.g. 'idapi' or 'avatar')
+ * @param options.method - The HTTP method to use
+ * @param options.cookies - The cookies coming from the client. These are used to
+ * build the security and cookie headers in the request
+ * @param options.signedCookies - The signed cookies coming from the client, also
+ * used to build the security and cookie headers in the request
+ * @param options.config - The IDAPI configuration object
+ * @returns The options object for the fetch request
+ */
 export const setOptions = ({
 	sendAuthHeader,
 	useOkta,
@@ -170,6 +189,8 @@ export const idapiFetch = async <T>({
  * @param url The IDAPI endpoint to hit
  * @param method The HTTP method to use (default: 'GET')
  * @param processData A function to process the JSON response (optional)
+ * @param sendAuthHeader Whether to send the access token or IDAPI cookies
+ * in the request (default: false)
  * @returns An Express route handler
  */
 export const idapiProxyHandler =

server/routes/aapi.ts

@@ -41,7 +41,7 @@ router.get(
 		}
 		const { useOkta } = await getOktaConfig();
 		const options = setOptions({
-			sendAuthHeader: false,
+			sendAuthHeader: true,
 			useOkta,
 			path: '/v1/avatars/user/me/active',
 			subdomain: 'avatar',