@apify/mcpc 0.1.0

package/dist/lib/auth/oauth-flow.js

@@ -0,0 +1,236 @@
+import { createServer } from 'http';
+import { URL } from 'url';
+import { auth as sdkAuth } from '@modelcontextprotocol/sdk/client/auth.js';
+import { McpcOAuthProvider } from './oauth-provider.js';
+import { normalizeServerUrl } from '../utils.js';
+import { ClientError } from '../errors.js';
+import { createLogger } from '../logger.js';
+const logger = createLogger('oauth-flow');
+const ESCAPE_KEY = '\x1b';
+function waitForEscapeKey() {
+    let cleanup = () => { };
+    let cleaned = false;
+    const promise = new Promise((_resolve, reject) => {
+        if (!process.stdin.isTTY) {
+            return;
+        }
+        const onData = (key) => {
+            if (key.toString() === ESCAPE_KEY) {
+                reject(new ClientError('Authentication cancelled by user'));
+            }
+        };
+        process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.on('data', onData);
+        cleanup = () => {
+            if (cleaned)
+                return;
+            cleaned = true;
+            process.stdin.off('data', onData);
+            process.stdin.setRawMode(false);
+            process.stdin.pause();
+        };
+    });
+    return { promise, cleanup };
+}
+function startCallbackServer(port) {
+    let resolveCode;
+    let rejectCode;
+    const codePromise = new Promise((resolve, reject) => {
+        resolveCode = resolve;
+        rejectCode = reject;
+    });
+    const sockets = new Set();
+    const server = createServer((req, res) => {
+        const url = new URL(req.url || '/', `http://localhost:${port}`);
+        if (url.pathname === '/callback') {
+            const code = url.searchParams.get('code');
+            const error = url.searchParams.get('error');
+            const errorDescription = url.searchParams.get('error_description');
+            const state = url.searchParams.get('state') || undefined;
+            if (error) {
+                const message = errorDescription || error;
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+          <html>
+            <head><title>Authentication failed</title></head>
+            <body>
+              <h1>Authentication failed</h1>
+              <p>Error: ${message}</p>
+              <p>You can close this window.</p>
+            </body>
+          </html>
+        `);
+                rejectCode(new ClientError(`OAuth error: ${message}`));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+          <html>
+            <head><title>Authentication failed</title></head>
+            <body>
+              <h1>Authentication failed</h1>
+              <p>No authorization code received</p>
+              <p>You can close this window.</p>
+            </body>
+          </html>
+        `);
+                rejectCode(new ClientError('No authorization code in callback'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(`
+        <html>
+          <head><title>Authentication successful</title></head>
+          <body>
+            <h1>Authentication successful!</h1>
+            <p>You can close this window and return to the terminal.</p>
+          </body>
+        </html>
+      `);
+            const result = { code };
+            if (state !== undefined) {
+                result.state = state;
+            }
+            resolveCode(result);
+        }
+        else {
+            res.writeHead(404);
+            res.end('Not found');
+        }
+    });
+    server.on('connection', (socket) => {
+        sockets.add(socket);
+        socket.on('close', () => {
+            sockets.delete(socket);
+        });
+    });
+    const destroyConnections = () => {
+        for (const socket of sockets) {
+            socket.destroy();
+        }
+        sockets.clear();
+    };
+    return { server, codePromise, destroyConnections };
+}
+async function findAvailablePort(startPort = 8000) {
+    for (let port = startPort; port < startPort + 100; port++) {
+        try {
+            await new Promise((resolve, reject) => {
+                const testServer = createServer();
+                testServer.once('error', reject);
+                testServer.once('listening', () => {
+                    testServer.close(() => resolve());
+                });
+                testServer.listen(port, '127.0.0.1');
+            });
+            return port;
+        }
+        catch {
+        }
+    }
+    throw new ClientError('Could not find available port for OAuth callback server');
+}
+async function openBrowser(url) {
+    const { exec } = await import('child_process');
+    const { promisify } = await import('util');
+    const execAsync = promisify(exec);
+    const platform = process.platform;
+    let command;
+    if (platform === 'darwin') {
+        command = `open "${url}"`;
+    }
+    else if (platform === 'win32') {
+        command = `start "${url}"`;
+    }
+    else {
+        command = `xdg-open "${url}"`;
+    }
+    try {
+        await execAsync(command);
+        logger.debug('Browser opened successfully');
+    }
+    catch (error) {
+        logger.warn(`Failed to open browser: ${error.message}`);
+        throw new ClientError(`Failed to open browser. Please manually navigate to: ${url}`);
+    }
+}
+export async function performOAuthFlow(serverUrl, profileName, scope) {
+    logger.debug(`Starting OAuth flow for ${serverUrl} (profile: ${profileName})`);
+    const normalizedServerUrl = normalizeServerUrl(serverUrl);
+    const port = await findAvailablePort(8000);
+    const redirectUrl = `http://localhost:${port}/callback`;
+    logger.debug(`Using redirect URL: ${redirectUrl}`);
+    const provider = new McpcOAuthProvider(normalizedServerUrl, profileName, redirectUrl, true);
+    const { server, codePromise, destroyConnections } = startCallbackServer(port);
+    try {
+        await new Promise((resolve, reject) => {
+            server.once('error', reject);
+            server.listen(port, '127.0.0.1', () => {
+                logger.debug(`Callback server listening on port ${port}`);
+                resolve();
+            });
+        });
+        provider.redirectToAuthorization = async (authorizationUrl) => {
+            logger.debug('Opening browser for authorization...');
+            console.log(`\nOpening browser to: ${authorizationUrl.toString()}`);
+            console.log('If the browser does not open automatically, please visit the URL above.');
+            console.log('Press Esc to cancel.\n');
+            try {
+                await openBrowser(authorizationUrl.toString());
+            }
+            catch (error) {
+                console.error(error.message);
+            }
+        };
+        const escapeHandler = waitForEscapeKey();
+        try {
+            logger.debug('Calling SDK auth()...');
+            const authOptions = {
+                serverUrl: normalizedServerUrl,
+            };
+            if (scope !== undefined) {
+                authOptions.scope = scope;
+            }
+            const result = await sdkAuth(provider, authOptions);
+            if (result === 'REDIRECT') {
+                logger.debug('Waiting for authorization code...');
+                const { code } = await Promise.race([
+                    codePromise,
+                    escapeHandler.promise,
+                ]);
+                logger.debug('Exchanging authorization code for tokens...');
+                const tokenOptions = {
+                    serverUrl: normalizedServerUrl,
+                    authorizationCode: code,
+                };
+                if (scope !== undefined) {
+                    tokenOptions.scope = scope;
+                }
+                await sdkAuth(provider, tokenOptions);
+            }
+        }
+        finally {
+            escapeHandler.cleanup();
+        }
+        const profile = provider._authProfile;
+        if (!profile) {
+            throw new ClientError('Failed to save authentication profile');
+        }
+        logger.debug('OAuth flow completed successfully');
+        return {
+            profile,
+            success: true,
+        };
+    }
+    catch (error) {
+        logger.error(`OAuth flow failed: ${error.message}`);
+        throw error;
+    }
+    finally {
+        destroyConnections();
+        server.close();
+    }
+}
+//# sourceMappingURL=oauth-flow.js.map

package/dist/lib/auth/oauth-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-flow.js","sourceRoot":"","sources":["../../../src/lib/auth/oauth-flow.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAA0D,MAAM,MAAM,CAAC;AAE5F,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,EAAE,IAAI,IAAI,OAAO,EAAE,MAAM,0CAA0C,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,MAAM,MAAM,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;AAG1C,MAAM,UAAU,GAAG,MAAM,CAAC;AAM1B,SAAS,gBAAgB;IACvB,IAAI,OAAO,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IACvB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE;QAEtD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,GAAW,EAAE,EAAE;YAC7B,IAAI,GAAG,CAAC,QAAQ,EAAE,KAAK,UAAU,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,WAAW,CAAC,kCAAkC,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC;QAGF,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,OAAO,GAAG,GAAG,EAAE;YACb,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YAEf,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAcD,SAAS,mBAAmB,CAAC,IAAY;IAKvC,IAAI,WAA8D,CAAC;IACnE,IAAI,UAAkC,CAAC;IAEvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAmC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACpF,WAAW,GAAG,OAAO,CAAC;QACtB,UAAU,GAAG,MAAM,CAAC;IACtB,CAAC,CAAC,CAAC;IAGH,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QACxE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;QAEhE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YACnE,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAEzD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,OAAO,GAAG,gBAAgB,IAAI,KAAK,CAAC;gBAC1C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;0BAKU,OAAO;;;;SAIxB,CAAC,CAAC;gBACH,UAAU,CAAC,IAAI,WAAW,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;;SASP,CAAC,CAAC;gBACH,UAAU,CAAC,IAAI,WAAW,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBACjE,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;OAQP,CAAC,CAAC;YACH,MAAM,MAAM,GAAqC,EAAE,IAAI,EAAE,CAAC;YAC1D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YACvB,CAAC;YACD,WAAW,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,MAAM,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAc,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAGH,MAAM,kBAAkB,GAAG,GAAG,EAAE;QAC9B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;QACD,OAAO,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;AACrD,CAAC;AAKD,KAAK,UAAU,iBAAiB,CAAC,YAAoB,IAAI;IACvD,KAAK,IAAI,IAAI,GAAG,SAAS,EAAE,IAAI,GAAG,SAAS,GAAG,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1C,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACjC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;oBAChC,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpC,CAAC,CAAC,CAAC;gBACH,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;IACH,CAAC;IACD,MAAM,IAAI,WAAW,CAAC,yDAAyD,CAAC,CAAC;AACnF,CAAC;AAMD,KAAK,UAAU,WAAW,CAAC,GAAW;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IAC/C,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAElC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;IAC5B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,UAAU,GAAG,GAAG,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,2BAA4B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QACnE,MAAM,IAAI,WAAW,CAAC,wDAAwD,GAAG,EAAE,CAAC,CAAC;IACvF,CAAC;AACH,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,SAAiB,EACjB,WAAmB,EACnB,KAAc;IAEd,MAAM,CAAC,KAAK,CAAC,2BAA2B,SAAS,cAAc,WAAW,GAAG,CAAC,CAAC;IAG/E,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAG1D,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,MAAM,CAAC,KAAK,CAAC,uBAAuB,WAAW,EAAE,CAAC,CAAC;IAKnD,MAAM,QAAQ,GAAG,IAAI,iBAAiB,CAAC,mBAAmB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAG5F,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAE9E,IAAI,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,MAAM,CAAC,KAAK,CAAC,qCAAqC,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAGH,QAAQ,CAAC,uBAAuB,GAAG,KAAK,EAAE,gBAAqB,EAAE,EAAE;YACjE,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,yBAAyB,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;YACvF,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YAEtC,IAAI,CAAC;gBACH,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC,CAAC;QAGF,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;QAEzC,IAAI,CAAC;YAEH,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACtC,MAAM,WAAW,GAA0C;gBACzD,SAAS,EAAE,mBAAmB;aAC/B,CAAC;YACF,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC;YAC5B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAEpD,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAE1B,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;gBAClD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAClC,WAAW;oBACX,aAAa,CAAC,OAAO;iBACtB,CAAC,CAAC;gBAGH,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBAC5D,MAAM,YAAY,GAAqE;oBACrF,SAAS,EAAE,mBAAmB;oBAC9B,iBAAiB,EAAE,IAAI;iBACxB,CAAC;gBACF,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACxB,YAAY,CAAC,KAAK,GAAG,KAAK,CAAC;gBAC7B,CAAC;gBACD,MAAM,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;gBAAS,CAAC;YAET,aAAa,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QAID,MAAM,OAAO,GAAI,QAAgB,CAAC,YAA2B,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,uCAAuC,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAClD,OAAO;YACL,OAAO;YACP,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,sBAAuB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/D,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QAET,kBAAkB,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC;AACH,CAAC"}

package/dist/lib/auth/oauth-provider.d.ts

@@ -0,0 +1,24 @@
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { OAuthClientMetadata, OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
+export declare class McpcOAuthProvider implements OAuthClientProvider {
+    private serverUrl;
+    private profileName;
+    private _redirectUrl;
+    private _authProfile;
+    private _codeVerifier;
+    private _clientInformation;
+    private _ignoreExistingTokens;
+    constructor(serverUrl: string, profileName: string, redirectUrl: string, ignoreExistingTokens?: boolean);
+    private loadProfile;
+    get redirectUrl(): string;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): Promise<OAuthClientInformationMixed | undefined>;
+    saveClientInformation(clientInformation: OAuthClientInformationMixed): Promise<void>;
+    tokens(): Promise<OAuthTokens | undefined>;
+    saveTokens(tokens: OAuthTokens): Promise<void>;
+    redirectToAuthorization(authorizationUrl: URL): Promise<void>;
+    saveCodeVerifier(codeVerifier: string): Promise<void>;
+    codeVerifier(): Promise<string>;
+    setOAuthIssuer(issuer: string): void;
+}
+//# sourceMappingURL=oauth-provider.d.ts.map

package/dist/lib/auth/oauth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oauth-provider.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AACpF,OAAO,KAAK,EACV,mBAAmB,EACnB,2BAA2B,EAC3B,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAkBlD,qBAAa,iBAAkB,YAAW,mBAAmB;IAC3D,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,YAAY,CAA0B;IAC9C,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,kBAAkB,CAA0C;IACpE,OAAO,CAAC,qBAAqB,CAAU;gBAE3B,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,oBAAoB,UAAQ;YAUvF,WAAW;IAOzB,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,cAAc,IAAI,mBAAmB,CASxC;IAEK,iBAAiB,IAAI,OAAO,CAAC,2BAA2B,GAAG,SAAS,CAAC;IAcrE,qBAAqB,CAAC,iBAAiB,EAAE,2BAA2B,GAAG,OAAO,CAAC,IAAI,CAAC;IAepF,MAAM,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAgC1C,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAuD9C,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7D,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrD,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAWrC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;CAKrC"}

package/dist/lib/auth/oauth-provider.js

@@ -0,0 +1,144 @@
+import { getAuthProfile, saveAuthProfile } from '../auth/auth-profiles.js';
+import { readKeychainOAuthTokenInfo, storeKeychainOAuthTokenInfo, readKeychainOAuthClientInfo, storeKeychainOAuthClientInfo, } from './keychain.js';
+import { createLogger } from '../logger.js';
+const logger = createLogger('oauth-provider');
+export class McpcOAuthProvider {
+    serverUrl;
+    profileName;
+    _redirectUrl;
+    _authProfile;
+    _codeVerifier;
+    _clientInformation;
+    _ignoreExistingTokens;
+    constructor(serverUrl, profileName, redirectUrl, ignoreExistingTokens = false) {
+        this.serverUrl = serverUrl;
+        this.profileName = profileName;
+        this._redirectUrl = redirectUrl;
+        this._ignoreExistingTokens = ignoreExistingTokens;
+    }
+    async loadProfile() {
+        if (!this._authProfile) {
+            this._authProfile = await getAuthProfile(this.serverUrl, this.profileName);
+        }
+        return this._authProfile;
+    }
+    get redirectUrl() {
+        return this._redirectUrl;
+    }
+    get clientMetadata() {
+        return {
+            redirect_uris: [this._redirectUrl],
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'none',
+            client_name: 'mcpc',
+            client_uri: 'https://github.com/apify/mcpc',
+        };
+    }
+    async clientInformation() {
+        if (!this._clientInformation) {
+            const storedClient = await readKeychainOAuthClientInfo(this.serverUrl, this.profileName);
+            if (storedClient) {
+                this._clientInformation = {
+                    client_id: storedClient.clientId,
+                    client_secret: storedClient.clientSecret,
+                };
+            }
+        }
+        return this._clientInformation;
+    }
+    async saveClientInformation(clientInformation) {
+        this._clientInformation = clientInformation;
+        const clientInfo = {
+            clientId: clientInformation.client_id,
+        };
+        if (clientInformation.client_secret) {
+            clientInfo.clientSecret = clientInformation.client_secret;
+        }
+        await storeKeychainOAuthClientInfo(this.serverUrl, this.profileName, clientInfo);
+        logger.debug('Saved client information to keychain');
+    }
+    async tokens() {
+        if (this._ignoreExistingTokens) {
+            return undefined;
+        }
+        const storedTokens = await readKeychainOAuthTokenInfo(this.serverUrl, this.profileName);
+        if (!storedTokens) {
+            return undefined;
+        }
+        const result = {
+            access_token: storedTokens.accessToken,
+            token_type: storedTokens.tokenType,
+        };
+        if (storedTokens.expiresIn !== undefined) {
+            result.expires_in = storedTokens.expiresIn;
+        }
+        if (storedTokens.refreshToken !== undefined) {
+            result.refresh_token = storedTokens.refreshToken;
+        }
+        if (storedTokens.scope !== undefined) {
+            result.scope = storedTokens.scope;
+        }
+        return result;
+    }
+    async saveTokens(tokens) {
+        logger.debug('Saving OAuth tokens to keychain');
+        const tokenInfo = {
+            accessToken: tokens.access_token,
+            tokenType: tokens.token_type,
+        };
+        if (tokens.expires_in !== undefined) {
+            tokenInfo.expiresIn = tokens.expires_in;
+            tokenInfo.expiresAt = Math.floor(Date.now() / 1000) + tokens.expires_in;
+        }
+        if (tokens.refresh_token !== undefined) {
+            tokenInfo.refreshToken = tokens.refresh_token;
+        }
+        if (tokens.scope !== undefined) {
+            tokenInfo.scope = tokens.scope;
+        }
+        await storeKeychainOAuthTokenInfo(this.serverUrl, this.profileName, tokenInfo);
+        const now = new Date().toISOString();
+        let profile = await this.loadProfile();
+        if (!profile) {
+            profile = {
+                name: this.profileName,
+                serverUrl: this.serverUrl,
+                authType: 'oauth',
+                oauthIssuer: '',
+                createdAt: now,
+                authenticatedAt: now,
+            };
+            if (tokens.scope) {
+                profile.scopes = tokens.scope.split(' ');
+            }
+        }
+        else {
+            profile.authenticatedAt = now;
+            if (tokens.scope) {
+                profile.scopes = tokens.scope.split(' ');
+            }
+        }
+        await saveAuthProfile(profile);
+        this._authProfile = profile;
+        logger.debug('Tokens saved to keychain, profile metadata updated');
+    }
+    async redirectToAuthorization(authorizationUrl) {
+        logger.info(`Authorization URL: ${authorizationUrl.toString()}`);
+    }
+    async saveCodeVerifier(codeVerifier) {
+        this._codeVerifier = codeVerifier;
+    }
+    async codeVerifier() {
+        if (!this._codeVerifier) {
+            throw new Error('Code verifier not found');
+        }
+        return this._codeVerifier;
+    }
+    setOAuthIssuer(issuer) {
+        if (this._authProfile) {
+            this._authProfile.oauthIssuer = issuer;
+        }
+    }
+}
+//# sourceMappingURL=oauth-provider.js.map

package/dist/lib/auth/oauth-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.js","sourceRoot":"","sources":["../../../src/lib/auth/oauth-provider.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3E,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,EAC3B,2BAA2B,EAC3B,4BAA4B,GAE7B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;AAM9C,MAAM,OAAO,iBAAiB;IACpB,SAAS,CAAS;IAClB,WAAW,CAAS;IACpB,YAAY,CAAS;IACrB,YAAY,CAA0B;IACtC,aAAa,CAAqB;IAClC,kBAAkB,CAA0C;IAC5D,qBAAqB,CAAU;IAEvC,YAAY,SAAiB,EAAE,WAAmB,EAAE,WAAmB,EAAE,oBAAoB,GAAG,KAAK;QACnG,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,qBAAqB,GAAG,oBAAoB,CAAC;IACpD,CAAC;IAKO,KAAK,CAAC,WAAW;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,IAAI,cAAc;QAChB,OAAO;YACL,aAAa,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC;YAClC,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,MAAM;YACnB,UAAU,EAAE,+BAA+B;SAC5C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB;QAErB,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,MAAM,2BAA2B,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACzF,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC,kBAAkB,GAAG;oBACxB,SAAS,EAAE,YAAY,CAAC,QAAQ;oBAChC,aAAa,EAAE,YAAY,CAAC,YAAY;iBACzC,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,iBAA8C;QACxE,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QAG5C,MAAM,UAAU,GAAuD;YACrE,QAAQ,EAAE,iBAAiB,CAAC,SAAS;SACtC,CAAC;QACF,IAAI,iBAAiB,CAAC,aAAa,EAAE,CAAC;YACpC,UAAU,CAAC,YAAY,GAAG,iBAAiB,CAAC,aAAa,CAAC;QAC5D,CAAC;QACD,MAAM,4BAA4B,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEjF,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,MAAM;QAGV,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,OAAO,SAAS,CAAC;QACnB,CAAC;QAGD,MAAM,YAAY,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACxF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,SAAS,CAAC;QACnB,CAAC;QAGD,MAAM,MAAM,GAAgB;YAC1B,YAAY,EAAE,YAAY,CAAC,WAAW;YACtC,UAAU,EAAE,YAAY,CAAC,SAAS;SACnC,CAAC;QAEF,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACzC,MAAM,CAAC,UAAU,GAAG,YAAY,CAAC,SAAS,CAAC;QAC7C,CAAC;QACD,IAAI,YAAY,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YAC5C,MAAM,CAAC,aAAa,GAAG,YAAY,CAAC,YAAY,CAAC;QACnD,CAAC;QACD,IAAI,YAAY,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC;QACpC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAmB;QAClC,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAGhD,MAAM,SAAS,GAAmB;YAChC,WAAW,EAAE,MAAM,CAAC,YAAY;YAChC,SAAS,EAAE,MAAM,CAAC,UAAU;SAC7B,CAAC;QAEF,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,SAAS,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;YACxC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;QAC1E,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACvC,SAAS,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC;QAChD,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,SAAS,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACjC,CAAC;QAED,MAAM,2BAA2B,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAG/E,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;YAEb,OAAO,GAAG;gBACR,IAAI,EAAE,IAAI,CAAC,WAAW;gBACtB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,OAAO;gBACjB,WAAW,EAAE,EAAE;gBACf,SAAS,EAAE,GAAG;gBACd,eAAe,EAAE,GAAG;aACrB,CAAC;YAEF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YAEN,OAAO,CAAC,eAAe,GAAG,GAAG,CAAC;YAE9B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAE5B,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,gBAAqB;QAGjD,MAAM,CAAC,IAAI,CAAC,sBAAsB,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,YAAoB;QACzC,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAMD,cAAc,CAAC,MAAc;QAC3B,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,CAAC,WAAW,GAAG,MAAM,CAAC;QACzC,CAAC;IACH,CAAC;CACF"}

package/dist/lib/auth/oauth-token-manager.d.ts

@@ -0,0 +1,25 @@
+import { type OAuthTokenResponse } from './oauth-utils.js';
+export type OnTokenRefreshCallback = (tokens: OAuthTokenResponse) => void | Promise<void>;
+export interface OAuthTokenManagerOptions {
+    serverUrl: string;
+    profileName: string;
+    clientId: string;
+    refreshToken: string;
+    accessToken?: string;
+    accessTokenExpiresAt?: number;
+    onTokenRefresh?: OnTokenRefreshCallback;
+}
+export declare class OAuthTokenManager {
+    private serverUrl;
+    private profileName;
+    private clientId;
+    private refreshToken;
+    private accessToken;
+    private accessTokenExpiresAt;
+    private onTokenRefresh?;
+    constructor(options: OAuthTokenManagerOptions);
+    isAccessTokenExpired(): boolean;
+    refreshAccessToken(): Promise<OAuthTokenResponse>;
+    getValidAccessToken(): Promise<string>;
+}
+//# sourceMappingURL=oauth-token-manager.d.ts.map

package/dist/lib/auth/oauth-token-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token-manager.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oauth-token-manager.ts"],"names":[],"mappings":"AAQA,OAAO,EAA8C,KAAK,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAcvG,MAAM,MAAM,sBAAsB,GAAG,CAAC,MAAM,EAAE,kBAAkB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAK1F,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IAEpB,QAAQ,EAAE,MAAM,CAAC;IAEjB,YAAY,EAAE,MAAM,CAAC;IAErB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAKD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,oBAAoB,CAAuB;IACnD,OAAO,CAAC,cAAc,CAAC,CAAyB;gBAEpC,OAAO,EAAE,wBAAwB;IAe7C,oBAAoB,IAAI,OAAO;IAYzB,kBAAkB,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAsDjD,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC;CAW7C"}

package/dist/lib/auth/oauth-token-manager.js

@@ -0,0 +1,70 @@
+import { createLogger } from '../logger.js';
+import { AuthError } from '../errors.js';
+import { discoverAndRefreshToken, createReauthError } from './oauth-utils.js';
+const logger = createLogger('oauth-token-manager');
+const DEFAULT_TOKEN_EXPIRY_SECONDS = 3600;
+const EXPIRY_BUFFER_SECONDS = 60;
+export class OAuthTokenManager {
+    serverUrl;
+    profileName;
+    clientId;
+    refreshToken;
+    accessToken = null;
+    accessTokenExpiresAt = null;
+    onTokenRefresh;
+    constructor(options) {
+        this.serverUrl = options.serverUrl;
+        this.profileName = options.profileName;
+        this.clientId = options.clientId;
+        this.refreshToken = options.refreshToken;
+        this.accessToken = options.accessToken ?? null;
+        this.accessTokenExpiresAt = options.accessTokenExpiresAt ?? null;
+        if (options.onTokenRefresh) {
+            this.onTokenRefresh = options.onTokenRefresh;
+        }
+    }
+    isAccessTokenExpired() {
+        if (!this.accessToken || !this.accessTokenExpiresAt) {
+            return true;
+        }
+        return Date.now() / 1000 > this.accessTokenExpiresAt - EXPIRY_BUFFER_SECONDS;
+    }
+    async refreshAccessToken() {
+        if (!this.refreshToken) {
+            throw createReauthError(this.serverUrl, this.profileName, `No refresh token available for profile ${this.profileName}`);
+        }
+        logger.debug(`Refreshing access token for profile: ${this.profileName}`);
+        try {
+            const tokenResponse = await discoverAndRefreshToken(this.serverUrl, this.refreshToken, this.clientId);
+            this.accessToken = tokenResponse.access_token;
+            const expiresIn = tokenResponse.expires_in ?? DEFAULT_TOKEN_EXPIRY_SECONDS;
+            this.accessTokenExpiresAt = Math.floor(Date.now() / 1000) + expiresIn;
+            if (tokenResponse.refresh_token) {
+                this.refreshToken = tokenResponse.refresh_token;
+                logger.debug('Received new refresh token (token rotation)');
+            }
+            logger.debug(`Access token refreshed successfully for profile: ${this.profileName}`);
+            if (this.onTokenRefresh) {
+                await this.onTokenRefresh(tokenResponse);
+            }
+            return tokenResponse;
+        }
+        catch (error) {
+            if (error instanceof AuthError) {
+                throw createReauthError(this.serverUrl, this.profileName, error.message);
+            }
+            logger.error(`Token refresh error: ${error.message}`);
+            throw createReauthError(this.serverUrl, this.profileName, `Failed to refresh token: ${error.message}`);
+        }
+    }
+    async getValidAccessToken() {
+        if (this.isAccessTokenExpired()) {
+            await this.refreshAccessToken();
+        }
+        if (!this.accessToken) {
+            throw new AuthError('No access token available after refresh');
+        }
+        return this.accessToken;
+    }
+}
+//# sourceMappingURL=oauth-token-manager.js.map

package/dist/lib/auth/oauth-token-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token-manager.js","sourceRoot":"","sources":["../../../src/lib/auth/oauth-token-manager.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAA2B,MAAM,kBAAkB,CAAC;AAEvG,MAAM,MAAM,GAAG,YAAY,CAAC,qBAAqB,CAAC,CAAC;AAGnD,MAAM,4BAA4B,GAAG,IAAI,CAAC;AAG1C,MAAM,qBAAqB,GAAG,EAAE,CAAC;AA6BjC,MAAM,OAAO,iBAAiB;IACpB,SAAS,CAAS;IAClB,WAAW,CAAS;IACpB,QAAQ,CAAS;IACjB,YAAY,CAAS;IACrB,WAAW,GAAkB,IAAI,CAAC;IAClC,oBAAoB,GAAkB,IAAI,CAAC;IAC3C,cAAc,CAA0B;IAEhD,YAAY,OAAiC;QAC3C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;QAC/C,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,IAAI,CAAC;QACjE,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAC/C,CAAC;IACH,CAAC;IAKD,oBAAoB;QAClB,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,oBAAoB,GAAG,qBAAqB,CAAC;IAC/E,CAAC;IAOD,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,iBAAiB,CACrB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,WAAW,EAChB,0CAA0C,IAAI,CAAC,WAAW,EAAE,CAC7D,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,wCAAwC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAEzE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAGtG,IAAI,CAAC,WAAW,GAAG,aAAa,CAAC,YAAY,CAAC;YAG9C,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,IAAI,4BAA4B,CAAC;YAC3E,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC;YAGtE,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;gBAChC,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC;gBAChD,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC9D,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,oDAAoD,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAGrF,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAC3C,CAAC;YAED,OAAO,aAAa,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;gBAE/B,MAAM,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3E,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,wBAAyB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACjE,MAAM,iBAAiB,CACrB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,WAAW,EAChB,4BAA6B,KAAe,CAAC,OAAO,EAAE,CACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAOD,KAAK,CAAC,mBAAmB;QACvB,IAAI,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF"}

package/dist/lib/auth/oauth-utils.d.ts

@@ -0,0 +1,14 @@
+import { AuthError } from '../errors.js';
+export declare const DEFAULT_AUTH_PROFILE = "default";
+export interface OAuthTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+export declare function discoverTokenEndpoint(serverUrl: string): Promise<string | undefined>;
+export declare function refreshAccessToken(tokenEndpoint: string, refreshToken: string, clientId: string): Promise<OAuthTokenResponse>;
+export declare function discoverAndRefreshToken(serverUrl: string, refreshToken: string, clientId: string): Promise<OAuthTokenResponse>;
+export declare function createReauthError(serverUrl: string, profileName: string, message: string): AuthError;
+//# sourceMappingURL=oauth-utils.d.ts.map

package/dist/lib/auth/oauth-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-utils.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oauth-utils.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAIzC,eAAO,MAAM,oBAAoB,YAAY,CAAC;AAK9C,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA0B1F;AAYD,wBAAsB,kBAAkB,CACtC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,CAAC,CAiC7B;AAYD,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,CAAC,CAO7B;AAOD,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,SAAS,CAMX"}

package/dist/lib/auth/oauth-utils.js

@@ -0,0 +1,68 @@
+import { createLogger } from '../logger.js';
+import { AuthError } from '../errors.js';
+const logger = createLogger('oauth-utils');
+export const DEFAULT_AUTH_PROFILE = 'default';
+export async function discoverTokenEndpoint(serverUrl) {
+    const discoveryUrls = [
+        `${serverUrl}/.well-known/oauth-authorization-server`,
+        `${serverUrl}/.well-known/openid-configuration`,
+    ];
+    for (const url of discoveryUrls) {
+        try {
+            logger.debug(`Trying OAuth discovery at: ${url}`);
+            const response = await fetch(url, {
+                headers: { Accept: 'application/json' },
+            });
+            if (response.ok) {
+                const metadata = await response.json();
+                if (metadata.token_endpoint) {
+                    logger.debug(`Found token endpoint: ${metadata.token_endpoint}`);
+                    return metadata.token_endpoint;
+                }
+            }
+        }
+        catch {
+        }
+    }
+    return undefined;
+}
+export async function refreshAccessToken(tokenEndpoint, refreshToken, clientId) {
+    logger.debug(`Refreshing token at: ${tokenEndpoint}`);
+    const params = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: clientId,
+    });
+    const response = await fetch(tokenEndpoint, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: params.toString(),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        logger.error(`Token refresh failed: ${response.status} ${errorText}`);
+        if (response.status === 400 || response.status === 401) {
+            throw new AuthError('Refresh token is invalid or expired');
+        }
+        throw new AuthError(`Failed to refresh token: ${response.status} ${response.statusText}`);
+    }
+    const tokenResponse = await response.json();
+    return tokenResponse;
+}
+export async function discoverAndRefreshToken(serverUrl, refreshToken, clientId) {
+    const tokenEndpoint = await discoverTokenEndpoint(serverUrl);
+    if (!tokenEndpoint) {
+        throw new AuthError(`Could not find OAuth token endpoint for ${serverUrl}`);
+    }
+    return refreshAccessToken(tokenEndpoint, refreshToken, clientId);
+}
+export function createReauthError(serverUrl, profileName, message) {
+    const command = profileName === DEFAULT_AUTH_PROFILE
+        ? `mcpc ${serverUrl} login`
+        : `mcpc ${serverUrl} login --profile ${profileName}`;
+    return new AuthError(`${message}. Please re-authenticate with: ${command}`);
+}
+//# sourceMappingURL=oauth-utils.js.map

package/dist/lib/auth/oauth-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-utils.js","sourceRoot":"","sources":["../../../src/lib/auth/oauth-utils.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;AAE3C,MAAM,CAAC,MAAM,oBAAoB,GAAG,SAAS,CAAC;AAiB9C,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,SAAiB;IAC3D,MAAM,aAAa,GAAG;QACpB,GAAG,SAAS,yCAAyC;QACrD,GAAG,SAAS,mCAAmC;KAChD,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,CAAC,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;aACxC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAiC,CAAC;gBACtE,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;oBAC5B,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC;oBACjE,OAAO,QAAQ,CAAC,cAAc,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAYD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,aAAqB,EACrB,YAAoB,EACpB,QAAgB;IAEhB,MAAM,CAAC,KAAK,CAAC,wBAAwB,aAAa,EAAE,CAAC,CAAC;IAItD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE,QAAQ;KACpB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAEtE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvD,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,IAAI,SAAS,CAAC,4BAA4B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAwB,CAAC;IAClE,OAAO,aAAa,CAAC;AACvB,CAAC;AAYD,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,SAAiB,EACjB,YAAoB,EACpB,QAAgB;IAEhB,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAC7D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,SAAS,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,kBAAkB,CAAC,aAAa,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;AACnE,CAAC;AAOD,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,WAAmB,EACnB,OAAe;IAEf,MAAM,OAAO,GACX,WAAW,KAAK,oBAAoB;QAClC,CAAC,CAAC,QAAQ,SAAS,QAAQ;QAC3B,CAAC,CAAC,QAAQ,SAAS,oBAAoB,WAAW,EAAE,CAAC;IACzD,OAAO,IAAI,SAAS,CAAC,GAAG,OAAO,kCAAkC,OAAO,EAAE,CAAC,CAAC;AAC9E,CAAC"}

package/dist/lib/auth/token-refresh.d.ts

@@ -0,0 +1,2 @@
+export declare function getValidAccessTokenFromKeychain(serverUrl: string, profileName?: string): Promise<string | undefined>;
+//# sourceMappingURL=token-refresh.d.ts.map

package/dist/lib/auth/token-refresh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-refresh.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/token-refresh.ts"],"names":[],"mappings":"AAmEA,wBAAsB,+BAA+B,CACnD,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAA6B,GACzC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAqD7B"}