@aiwerk/mcp-bridge 2.6.2 → 2.6.3

package/dist/src/cli-auth.d.ts

@@ -41,4 +41,4 @@ export interface DeviceCodeConfig {
  * 2. Display user_code and verification_uri to the user
  * 3. Poll tokenUrl until the user authorizes or the code expires
  */
-export declare function performDeviceCodeLogin(serverName: string, config: DeviceCodeConfig, logger: Logger): Promise<StoredToken>;
+export declare function performDeviceCodeLogin(serverName: string, config: DeviceCodeConfig, logger: Logger, signal?: AbortSignal): Promise<StoredToken>;

package/dist/src/cli-auth.js

@@ -174,7 +174,7 @@ const SLOW_DOWN_INCREMENT_S = 5;
  * 2. Display user_code and verification_uri to the user
  * 3. Poll tokenUrl until the user authorizes or the code expires
  */
-export async function performDeviceCodeLogin(serverName, config, logger) {
+export async function performDeviceCodeLogin(serverName, config, logger, signal) {
     // Step 1: Request device code
     const formData = new URLSearchParams();
     formData.set("client_id", config.clientId);
@@ -221,7 +221,13 @@ export async function performDeviceCodeLogin(serverName, config, logger) {
     // Step 3: Poll for token
     const deadline = Date.now() + expiresInS * 1000;
     while (Date.now() < deadline) {
+        if (signal?.aborted) {
+            throw new Error("Device code login aborted");
+        }
         await sleep(intervalS * 1000);
+        if (signal?.aborted) {
+            throw new Error("Device code login aborted");
+        }
         const tokenForm = new URLSearchParams();
         tokenForm.set("grant_type", "urn:ietf:params:oauth:grant-type:device_code");
         tokenForm.set("device_code", deviceCode);
@@ -232,6 +238,7 @@ export async function performDeviceCodeLogin(serverName, config, logger) {
             method: "POST",
             headers: { "Content-Type": "application/x-www-form-urlencoded" },
             body: tokenForm.toString(),
+            signal,
         });
         // Guard against non-JSON responses (e.g. 500 HTML error pages)
         const contentType = tokenResponse.headers.get("content-type") || "";

package/dist/src/oauth2-token-manager.d.ts

@@ -41,9 +41,12 @@ export declare class OAuth2TokenManager {
      * Checks TokenStore, refreshes if expired, throws if unavailable.
      */
     getTokenForDeviceCode(serverName: string, config: DeviceCodeOAuth2Config): Promise<string>;
-    private doDeviceCodeRefresh;
+    /**
+     * Shared refresh logic for both auth_code and device_code flows.
+     * Takes a refreshFn that performs the actual token exchange.
+     */
+    private doTokenRefresh;
     private refreshDeviceCodeToken;
-    private doAuthCodeRefresh;
     private refreshAuthCodeToken;
     private makeKey;
     private fetchToken;

package/dist/src/oauth2-token-manager.js

@@ -66,7 +66,7 @@ export class OAuth2TokenManager {
         if (existingInflight) {
             return existingInflight;
         }
-        const refreshPromise = this.doAuthCodeRefresh(serverName, stored, config);
+        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshAuthCodeToken(s, config), "Auth code");
         this.tokenRefreshInflight.set(serverName, refreshPromise);
         try {
             return await refreshPromise;
@@ -98,7 +98,7 @@ export class OAuth2TokenManager {
         if (existingInflight) {
             return existingInflight;
         }
-        const refreshPromise = this.doDeviceCodeRefresh(serverName, stored, config);
+        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshDeviceCodeToken(s, config), "Device code");
         this.tokenRefreshInflight.set(serverName, refreshPromise);
         try {
             return await refreshPromise;
@@ -107,15 +107,19 @@ export class OAuth2TokenManager {
             this.tokenRefreshInflight.delete(serverName);
         }
     }
-    async doDeviceCodeRefresh(serverName, stored, config) {
+    /**
+     * Shared refresh logic for both auth_code and device_code flows.
+     * Takes a refreshFn that performs the actual token exchange.
+     */
+    async doTokenRefresh(serverName, stored, refreshFn, flowName) {
         if (stored.refreshToken) {
             try {
-                const refreshed = await this.refreshDeviceCodeToken(stored, config);
+                const refreshed = await refreshFn(stored);
                 this.tokenStore.save(serverName, refreshed);
                 return refreshed.accessToken;
             }
             catch (err) {
-                this.logger.warn("[mcp-bridge] Device code token refresh failed:", err);
+                this.logger.warn(`[mcp-bridge] ${flowName} token refresh failed:`, err);
             }
         }
         // Refresh failed or no refresh token
@@ -158,23 +162,6 @@ export class OAuth2TokenManager {
             scopes: config.scopes,
         };
     }
-    async doAuthCodeRefresh(serverName, stored, config) {
-        if (stored.refreshToken) {
-            try {
-                const refreshed = await this.refreshAuthCodeToken(stored, config);
-                this.tokenStore.save(serverName, refreshed);
-                return refreshed.accessToken;
-            }
-            catch (err) {
-                this.logger.warn("[mcp-bridge] Auth code token refresh failed:", err);
-            }
-        }
-        // Refresh failed or no refresh token
-        this.tokenStore.remove(serverName);
-        const error = new Error(`Authentication expired for server "${serverName}". Run: mcp-bridge auth login ${serverName}`);
-        error.code = -32006;
-        throw error;
-    }
     async refreshAuthCodeToken(stored, config) {
         const formData = new URLSearchParams();
         formData.set("grant_type", "refresh_token");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aiwerk/mcp-bridge",
-  "version": "2.6.2",
+  "version": "2.6.3",
   "description": "Standalone MCP server that multiplexes multiple MCP servers into one interface",
   "type": "module",
   "main": "./dist/src/index.js",