@ai-sdk/mcp 1.0.26 → 1.0.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/index.d.mts +3 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +14 -1
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +14 -1
- package/dist/index.mjs.map +1 -1
- package/dist/mcp-stdio/index.js.map +1 -1
- package/dist/mcp-stdio/index.mjs.map +1 -1
- package/package.json +1 -1
- package/src/tool/mock-mcp-transport.ts +2 -1
- package/src/tool/oauth.ts +17 -0
- package/src/tool/types.ts +2 -1
package/dist/index.mjs
CHANGED
|
@@ -44,9 +44,10 @@ import { z as z2 } from "zod/v4";
|
|
|
44
44
|
|
|
45
45
|
// src/tool/types.ts
|
|
46
46
|
import { z } from "zod/v4";
|
|
47
|
-
var LATEST_PROTOCOL_VERSION = "2025-
|
|
47
|
+
var LATEST_PROTOCOL_VERSION = "2025-11-25";
|
|
48
48
|
var SUPPORTED_PROTOCOL_VERSIONS = [
|
|
49
49
|
LATEST_PROTOCOL_VERSION,
|
|
50
|
+
"2025-06-18",
|
|
50
51
|
"2025-03-26",
|
|
51
52
|
"2024-11-05"
|
|
52
53
|
];
|
|
@@ -918,6 +919,7 @@ async function selectResourceURL(serverUrl, provider, resourceMetadata) {
|
|
|
918
919
|
async function authInternal(provider, {
|
|
919
920
|
serverUrl,
|
|
920
921
|
authorizationCode,
|
|
922
|
+
callbackState,
|
|
921
923
|
scope,
|
|
922
924
|
resourceMetadataUrl,
|
|
923
925
|
fetchFn
|
|
@@ -970,6 +972,14 @@ async function authInternal(provider, {
|
|
|
970
972
|
clientInformation = fullInformation;
|
|
971
973
|
}
|
|
972
974
|
if (authorizationCode !== void 0) {
|
|
975
|
+
if (provider.storedState) {
|
|
976
|
+
const expectedState = await provider.storedState();
|
|
977
|
+
if (expectedState !== void 0 && expectedState !== callbackState) {
|
|
978
|
+
throw new Error(
|
|
979
|
+
"OAuth state parameter mismatch - possible CSRF attack"
|
|
980
|
+
);
|
|
981
|
+
}
|
|
982
|
+
}
|
|
973
983
|
const codeVerifier2 = await provider.codeVerifier();
|
|
974
984
|
const tokens2 = await exchangeAuthorization(authorizationServerUrl, {
|
|
975
985
|
metadata,
|
|
@@ -1008,6 +1018,9 @@ async function authInternal(provider, {
|
|
|
1008
1018
|
}
|
|
1009
1019
|
}
|
|
1010
1020
|
const state = provider.state ? await provider.state() : void 0;
|
|
1021
|
+
if (state && provider.saveState) {
|
|
1022
|
+
await provider.saveState(state);
|
|
1023
|
+
}
|
|
1011
1024
|
const { authorizationUrl, codeVerifier } = await startAuthorization(
|
|
1012
1025
|
authorizationServerUrl,
|
|
1013
1026
|
{
|