npm - @aiwerk/mcp-bridge - Versions diffs - 2.6.3 → 2.6.4 - Mend

@aiwerk/mcp-bridge 2.6.3 → 2.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/src/oauth2-token-manager.d.ts +5 -2
package/dist/src/oauth2-token-manager.js +15 -45
package/package.json +1 -1

package/dist/src/oauth2-token-manager.d.ts CHANGED Viewed

@@ -46,8 +46,11 @@ export declare class OAuth2TokenManager {
      * Takes a refreshFn that performs the actual token exchange.
      */
     private doTokenRefresh;
-    private refreshDeviceCodeToken;
-    private refreshAuthCodeToken;
+    /**
+     * Shared refresh token exchange for both auth_code and device_code flows.
+     * The only differences are which fields are optional (clientId/clientSecret).
+     */
+    private refreshStoredToken;
     private makeKey;
     private fetchToken;
     private exchangeToken;

package/dist/src/oauth2-token-manager.js CHANGED Viewed

@@ -66,7 +66,7 @@ export class OAuth2TokenManager {
         if (existingInflight) {
             return existingInflight;
         }
-        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshAuthCodeToken(s, config), "Auth code");
+        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshStoredToken(s, config), "Auth code");
         this.tokenRefreshInflight.set(serverName, refreshPromise);
         try {
             return await refreshPromise;
@@ -98,7 +98,7 @@ export class OAuth2TokenManager {
         if (existingInflight) {
             return existingInflight;
         }
-        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshDeviceCodeToken(s, config), "Device code");
+        const refreshPromise = this.doTokenRefresh(serverName, stored, (s) => this.refreshStoredToken(s, config), "Device code");
         this.tokenRefreshInflight.set(serverName, refreshPromise);
         try {
             return await refreshPromise;
@@ -128,50 +128,20 @@ export class OAuth2TokenManager {
         error.code = -32006;
         throw error;
     }
-    async refreshDeviceCodeToken(stored, config) {
-        const formData = new URLSearchParams();
-        formData.set("grant_type", "refresh_token");
-        formData.set("refresh_token", stored.refreshToken);
-        formData.set("client_id", config.clientId);
-        if (config.clientSecret)
-            formData.set("client_secret", config.clientSecret);
-        if (config.scopes?.length)
-            formData.set("scope", config.scopes.join(" "));
-        const response = await fetch(stored.tokenUrl, {
-            method: "POST",
-            headers: { "Content-Type": "application/x-www-form-urlencoded" },
-            body: formData.toString(),
-        });
-        if (!response.ok) {
-            throw new Error(`OAuth2 refresh token exchange failed: HTTP ${response.status}`);
-        }
-        const payload = (await response.json());
-        if (!payload.access_token) {
-            throw new Error("OAuth2 refresh response missing access_token");
-        }
-        const expiresIn = Number.isFinite(payload.expires_in)
-            ? Number(payload.expires_in)
-            : DEFAULT_EXPIRES_IN_SECONDS;
-        const expiresAt = Date.now() + Math.max(0, expiresIn - EXPIRY_BUFFER_SECONDS) * 1000;
-        return {
-            accessToken: payload.access_token,
-            refreshToken: payload.refresh_token ?? stored.refreshToken,
-            expiresAt,
-            tokenUrl: stored.tokenUrl,
-            clientId: config.clientId,
-            scopes: config.scopes,
-        };
-    }
-    async refreshAuthCodeToken(stored, config) {
+    /**
+     * Shared refresh token exchange for both auth_code and device_code flows.
+     * The only differences are which fields are optional (clientId/clientSecret).
+     */
+    async refreshStoredToken(stored, params) {
         const formData = new URLSearchParams();
         formData.set("grant_type", "refresh_token");
         formData.set("refresh_token", stored.refreshToken);
-        if (config.clientId)
-            formData.set("client_id", config.clientId);
-        if (config.clientSecret)
-            formData.set("client_secret", config.clientSecret);
-        if (config.scopes?.length)
-            formData.set("scope", config.scopes.join(" "));
+        if (params.clientId)
+            formData.set("client_id", params.clientId);
+        if (params.clientSecret)
+            formData.set("client_secret", params.clientSecret);
+        if (params.scopes?.length)
+            formData.set("scope", params.scopes.join(" "));
         const response = await fetch(stored.tokenUrl, {
             method: "POST",
             headers: { "Content-Type": "application/x-www-form-urlencoded" },
@@ -193,8 +163,8 @@ export class OAuth2TokenManager {
             refreshToken: payload.refresh_token ?? stored.refreshToken,
             expiresAt,
             tokenUrl: stored.tokenUrl,
-            clientId: config.clientId,
-            scopes: config.scopes,
+            clientId: params.clientId,
+            scopes: params.scopes,
         };
     }
     makeKey(tokenUrl, clientId) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiwerk/mcp-bridge",
-  "version": "2.6.3",
+  "version": "2.6.4",
   "description": "Standalone MCP server that multiplexes multiple MCP servers into one interface",
   "type": "module",
   "main": "./dist/src/index.js",