@ai-sdk/mcp 1.0.27 → 1.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/index.d.mts +10 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +31 -10
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +28 -7
- package/dist/index.mjs.map +1 -1
- package/dist/mcp-stdio/index.js +3 -3
- package/dist/mcp-stdio/index.mjs +1 -1
- package/package.json +2 -2
- package/src/tool/mcp-http-transport.ts +7 -0
- package/src/tool/mcp-sse-transport.ts +6 -0
- package/src/tool/mcp-transport.ts +8 -0
- package/src/tool/oauth.ts +17 -0
package/dist/index.mjs
CHANGED
|
@@ -919,6 +919,7 @@ async function selectResourceURL(serverUrl, provider, resourceMetadata) {
|
|
|
919
919
|
async function authInternal(provider, {
|
|
920
920
|
serverUrl,
|
|
921
921
|
authorizationCode,
|
|
922
|
+
callbackState,
|
|
922
923
|
scope,
|
|
923
924
|
resourceMetadataUrl,
|
|
924
925
|
fetchFn
|
|
@@ -971,6 +972,14 @@ async function authInternal(provider, {
|
|
|
971
972
|
clientInformation = fullInformation;
|
|
972
973
|
}
|
|
973
974
|
if (authorizationCode !== void 0) {
|
|
975
|
+
if (provider.storedState) {
|
|
976
|
+
const expectedState = await provider.storedState();
|
|
977
|
+
if (expectedState !== void 0 && expectedState !== callbackState) {
|
|
978
|
+
throw new Error(
|
|
979
|
+
"OAuth state parameter mismatch - possible CSRF attack"
|
|
980
|
+
);
|
|
981
|
+
}
|
|
982
|
+
}
|
|
974
983
|
const codeVerifier2 = await provider.codeVerifier();
|
|
975
984
|
const tokens2 = await exchangeAuthorization(authorizationServerUrl, {
|
|
976
985
|
metadata,
|
|
@@ -1009,6 +1018,9 @@ async function authInternal(provider, {
|
|
|
1009
1018
|
}
|
|
1010
1019
|
}
|
|
1011
1020
|
const state = provider.state ? await provider.state() : void 0;
|
|
1021
|
+
if (state && provider.saveState) {
|
|
1022
|
+
await provider.saveState(state);
|
|
1023
|
+
}
|
|
1012
1024
|
const { authorizationUrl, codeVerifier } = await startAuthorization(
|
|
1013
1025
|
authorizationServerUrl,
|
|
1014
1026
|
{
|
|
@@ -1030,12 +1042,14 @@ var SseMCPTransport = class {
|
|
|
1030
1042
|
constructor({
|
|
1031
1043
|
url,
|
|
1032
1044
|
headers,
|
|
1033
|
-
authProvider
|
|
1045
|
+
authProvider,
|
|
1046
|
+
redirect = "follow"
|
|
1034
1047
|
}) {
|
|
1035
1048
|
this.connected = false;
|
|
1036
1049
|
this.url = new URL(url);
|
|
1037
1050
|
this.headers = headers;
|
|
1038
1051
|
this.authProvider = authProvider;
|
|
1052
|
+
this.redirectMode = redirect;
|
|
1039
1053
|
}
|
|
1040
1054
|
async commonHeaders(base) {
|
|
1041
1055
|
const headers = {
|
|
@@ -1069,7 +1083,8 @@ var SseMCPTransport = class {
|
|
|
1069
1083
|
});
|
|
1070
1084
|
const response = await fetch(this.url.href, {
|
|
1071
1085
|
headers,
|
|
1072
|
-
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
|
|
1086
|
+
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
|
|
1087
|
+
redirect: this.redirectMode
|
|
1073
1088
|
});
|
|
1074
1089
|
if (response.status === 401 && this.authProvider && !triedAuth) {
|
|
1075
1090
|
this.resourceMetadataUrl = extractResourceMetadataUrl(response);
|
|
@@ -1188,7 +1203,8 @@ var SseMCPTransport = class {
|
|
|
1188
1203
|
method: "POST",
|
|
1189
1204
|
headers,
|
|
1190
1205
|
body: JSON.stringify(message),
|
|
1191
|
-
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
|
|
1206
|
+
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
|
|
1207
|
+
redirect: this.redirectMode
|
|
1192
1208
|
};
|
|
1193
1209
|
const response = await fetch(endpoint, init);
|
|
1194
1210
|
if (response.status === 401 && this.authProvider && !triedAuth) {
|
|
@@ -1236,7 +1252,8 @@ var HttpMCPTransport = class {
|
|
|
1236
1252
|
constructor({
|
|
1237
1253
|
url,
|
|
1238
1254
|
headers,
|
|
1239
|
-
authProvider
|
|
1255
|
+
authProvider,
|
|
1256
|
+
redirect = "follow"
|
|
1240
1257
|
}) {
|
|
1241
1258
|
this.inboundReconnectAttempts = 0;
|
|
1242
1259
|
this.reconnectionOptions = {
|
|
@@ -1248,6 +1265,7 @@ var HttpMCPTransport = class {
|
|
|
1248
1265
|
this.url = new URL(url);
|
|
1249
1266
|
this.headers = headers;
|
|
1250
1267
|
this.authProvider = authProvider;
|
|
1268
|
+
this.redirectMode = redirect;
|
|
1251
1269
|
}
|
|
1252
1270
|
async commonHeaders(base) {
|
|
1253
1271
|
const headers = {
|
|
@@ -1288,7 +1306,8 @@ var HttpMCPTransport = class {
|
|
|
1288
1306
|
await fetch(this.url, {
|
|
1289
1307
|
method: "DELETE",
|
|
1290
1308
|
headers,
|
|
1291
|
-
signal: this.abortController.signal
|
|
1309
|
+
signal: this.abortController.signal,
|
|
1310
|
+
redirect: this.redirectMode
|
|
1292
1311
|
}).catch(() => void 0);
|
|
1293
1312
|
}
|
|
1294
1313
|
} catch (e) {
|
|
@@ -1308,7 +1327,8 @@ var HttpMCPTransport = class {
|
|
|
1308
1327
|
method: "POST",
|
|
1309
1328
|
headers,
|
|
1310
1329
|
body: JSON.stringify(message),
|
|
1311
|
-
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
|
|
1330
|
+
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
|
|
1331
|
+
redirect: this.redirectMode
|
|
1312
1332
|
};
|
|
1313
1333
|
const response = await fetch(this.url, init);
|
|
1314
1334
|
const sessionId = response.headers.get("mcp-session-id");
|
|
@@ -1457,7 +1477,8 @@ var HttpMCPTransport = class {
|
|
|
1457
1477
|
const response = await fetch(this.url.href, {
|
|
1458
1478
|
method: "GET",
|
|
1459
1479
|
headers,
|
|
1460
|
-
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal
|
|
1480
|
+
signal: (_a3 = this.abortController) == null ? void 0 : _a3.signal,
|
|
1481
|
+
redirect: this.redirectMode
|
|
1461
1482
|
});
|
|
1462
1483
|
const sessionId = response.headers.get("mcp-session-id");
|
|
1463
1484
|
if (sessionId) {
|