@atxp/common 0.2.5

package/dist/oAuthResource.js

@@ -0,0 +1,241 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import * as oauth from 'oauth4webapi';
+import { ConsoleLogger } from './logger.js';
+export class OAuthResourceClient {
+    constructor({ db, callbackUrl = 'http://localhost:3000/unused-dummy-global-callback', isPublic = false, sideChannelFetch = fetch, strict = false, allowInsecureRequests = process.env.NODE_ENV === 'development', clientName = 'Token Introspection Client', logger = new ConsoleLogger() }) {
+        // In-memory lock to prevent concurrent client registrations
+        this.registrationLocks = new Map();
+        this.introspectToken = async (authorizationServerUrl, token, additionalParameters) => {
+            // Don't use getAuthorizationServer here, because we're not using the resource server url
+            const authorizationServer = await this.authorizationServerFromUrl(new URL(authorizationServerUrl));
+            // When introspecting a token, the "resource" server that we want credentials for is the auth server
+            let clientCredentials = await this.getClientCredentials(authorizationServer);
+            // Create a client for token introspection
+            let client = {
+                client_id: clientCredentials.clientId,
+                token_endpoint_auth_method: 'client_secret_basic'
+            };
+            // Create client authentication method
+            let clientAuth = oauth.ClientSecretBasic(clientCredentials.clientSecret);
+            // Use oauth4webapi's built-in token introspection
+            let introspectionResponse = await oauth.introspectionRequest(authorizationServer, client, clientAuth, token, {
+                additionalParameters,
+                [oauth.customFetch]: this.sideChannelFetch,
+                [oauth.allowInsecureRequests]: this.allowInsecureRequests
+            });
+            if (introspectionResponse.status === 403 || introspectionResponse.status === 401) {
+                this.logger.info(`Bad response status doing token introspection: ${introspectionResponse.statusText}. Could be due to bad client credentials - trying to re-register`);
+                clientCredentials = await this.registerClient(authorizationServer);
+                client = {
+                    client_id: clientCredentials.clientId,
+                    token_endpoint_auth_method: 'client_secret_basic'
+                };
+                clientAuth = oauth.ClientSecretBasic(clientCredentials.clientSecret);
+                introspectionResponse = await oauth.introspectionRequest(authorizationServer, client, clientAuth, token, {
+                    additionalParameters,
+                    [oauth.customFetch]: this.sideChannelFetch,
+                    [oauth.allowInsecureRequests]: this.allowInsecureRequests
+                });
+            }
+            if (introspectionResponse.status !== 200) {
+                throw new Error(`Token introspection failed with status ${introspectionResponse.status}: ${introspectionResponse.statusText}`);
+            }
+            // Process the introspection response
+            const tokenData = await oauth.processIntrospectionResponse(authorizationServer, client, introspectionResponse);
+            return {
+                active: tokenData.active,
+                scope: tokenData.scope,
+                sub: tokenData.sub,
+                aud: tokenData.aud
+            };
+        };
+        this.getAuthorizationServer = async (resourceServerUrl) => {
+            resourceServerUrl = this.normalizeResourceServerUrl(resourceServerUrl);
+            try {
+                const resourceUrl = new URL(resourceServerUrl);
+                const prmResponse = await oauth.resourceDiscoveryRequest(resourceUrl, {
+                    [oauth.customFetch]: this.sideChannelFetch,
+                    [oauth.allowInsecureRequests]: this.allowInsecureRequests
+                });
+                const fallbackToRsAs = !this.strict && prmResponse.status === 404;
+                let authServer = undefined;
+                if (!fallbackToRsAs) {
+                    const resourceServer = await oauth.processResourceDiscoveryResponse(resourceUrl, prmResponse);
+                    authServer = resourceServer.authorization_servers?.[0];
+                }
+                else {
+                    // Some older servers serve OAuth metadata from the MCP server instead of PRM data, 
+                    // so if the PRM data isn't found, we'll try to get the AS metadata from the MCP server
+                    this.logger.info('Protected Resource Metadata document not found, looking for OAuth metadata on resource server');
+                    // Trim off the path - OAuth metadata is also singular for a server and served from the root
+                    const rsUrl = new URL(resourceServerUrl);
+                    const rsAsUrl = rsUrl.protocol + '//' + rsUrl.host + '/.well-known/oauth-authorization-server';
+                    // Don't use oauth4webapi for this, because these servers might be specifiying an issuer that is not
+                    // themselves (in order to use a separate AS by just hosting the OAuth metadata on the MCP server)
+                    //   This is against the OAuth spec, but some servers do it anyway
+                    const rsAsResponse = await this.sideChannelFetch(rsAsUrl);
+                    if (rsAsResponse.status === 200) {
+                        const rsAsBody = await rsAsResponse.json();
+                        authServer = rsAsBody.issuer;
+                    }
+                }
+                if (!authServer) {
+                    throw new Error('No authorization_servers found in protected resource metadata');
+                }
+                const authServerUrl = new URL(authServer);
+                const res = await this.authorizationServerFromUrl(authServerUrl);
+                return res;
+            }
+            catch (error) {
+                this.logger.warn(`Error fetching authorization server configuration: ${error}`);
+                this.logger.warn(error.stack || '');
+                throw error;
+            }
+        };
+        this.authorizationServerFromUrl = async (authServerUrl) => {
+            try {
+                // Explicitly throw for a tricky edge case to trigger tests
+                if (authServerUrl.toString().includes('/.well-known/oauth-protected-resource')) {
+                    throw new Error('Authorization server URL is a PRM URL, which is not supported. It must be an AS URL.');
+                }
+                // Now, get the authorization server metadata
+                const response = await oauth.discoveryRequest(authServerUrl, {
+                    algorithm: 'oauth2',
+                    [oauth.customFetch]: this.sideChannelFetch,
+                    [oauth.allowInsecureRequests]: this.allowInsecureRequests
+                });
+                const authorizationServer = await oauth.processDiscoveryResponse(authServerUrl, response);
+                return authorizationServer;
+            }
+            catch (error) {
+                this.logger.warn(`Error fetching authorization server configuration: ${error}`);
+                throw error;
+            }
+        };
+        this.normalizeResourceServerUrl = (resourceServerUrl) => {
+            // the url might be EITHER:
+            // 1. the PRM URL (when it's received from the www-authenticate header or a PRM response conforming to RFC 9728)
+            // 2. the resource url itself (when we're using the resource url itself)
+            // We standardize on the resource url itself, so that we can store it in the DB and all the rest of the plumbing 
+            // doesn't have to worry about the difference between the two.
+            const res = resourceServerUrl.replace('/.well-known/oauth-protected-resource', '');
+            return res;
+        };
+        this.getRegistrationMetadata = async () => {
+            // Create client metadata for registration
+            const clientMetadata = {
+                redirect_uris: [this.callbackUrl],
+                // We shouldn't actually need any response_types for this client either, but
+                // the OAuth spec requires us to provide a response_type
+                response_types: ['code'],
+                grant_types: ['authorization_code', 'client_credentials'],
+                token_endpoint_auth_method: 'client_secret_basic',
+                client_name: this.clientName,
+            };
+            return clientMetadata;
+        };
+        this.registerClient = async (authorizationServer) => {
+            this.logger.info(`Registering client with authorization server for ${this.callbackUrl}`);
+            if (!authorizationServer.registration_endpoint) {
+                throw new Error('Authorization server does not support dynamic client registration');
+            }
+            const clientMetadata = await this.getRegistrationMetadata();
+            let registeredClient;
+            try {
+                // Make the registration request
+                const response = await oauth.dynamicClientRegistrationRequest(authorizationServer, clientMetadata, {
+                    [oauth.customFetch]: this.sideChannelFetch,
+                    [oauth.allowInsecureRequests]: this.allowInsecureRequests
+                });
+                // Process the registration response
+                registeredClient = await oauth.processDynamicClientRegistrationResponse(response);
+            }
+            catch (error) {
+                this.logger.warn(`Client registration failure error_details: ${JSON.stringify(error.cause?.error_details)}`);
+                throw error;
+            }
+            this.logger.info(`Successfully registered client with ID: ${registeredClient.client_id}`);
+            // Create client credentials from the registration response
+            const credentials = {
+                clientId: registeredClient.client_id,
+                clientSecret: registeredClient.client_secret?.toString() || '', // Public client has no secret
+                redirectUri: this.callbackUrl
+            };
+            // Save the credentials in the database
+            await this.db.saveClientCredentials(authorizationServer.issuer, credentials);
+            return credentials;
+        };
+        this.getClientCredentials = async (authorizationServer) => {
+            let credentials = await this.db.getClientCredentials(authorizationServer.issuer);
+            // If no credentials found, register a new client
+            if (!credentials) {
+                // Check if there's already a registration in progress for this issuer
+                const lockKey = authorizationServer.issuer;
+                const existingLock = this.registrationLocks.get(lockKey);
+                if (existingLock) {
+                    this.logger.debug(`Waiting for existing client registration for issuer: ${lockKey}`);
+                    return await existingLock;
+                }
+                // Create a new registration promise and store it as a lock      
+                try {
+                    const registrationPromise = this.registerClient(authorizationServer);
+                    this.registrationLocks.set(lockKey, registrationPromise);
+                    credentials = await registrationPromise;
+                    return credentials;
+                }
+                finally {
+                    // Always clean up the lock when done
+                    this.registrationLocks.delete(lockKey);
+                }
+            }
+            return credentials;
+        };
+        this.makeOAuthClientAndAuth = (credentials) => {
+            // Create the client configuration
+            const client = {
+                client_id: credentials.clientId,
+                token_endpoint_auth_method: 'none'
+            };
+            let clientAuth = oauth.None();
+            // If the client has a secret, that means it was registered as a confidential client
+            // In that case, we should auth to the token endpoint using the client secret as well.
+            // In either case (public or confidential), we're also using PKCE
+            if (credentials.clientSecret) {
+                client.token_endpoint_auth_method = 'client_secret_post';
+                // Create the client authentication method
+                clientAuth = oauth.ClientSecretPost(credentials.clientSecret);
+            }
+            return [client, clientAuth];
+        };
+        // Default values above are appropriate for a global client used directly. Subclasses should override these,
+        // because things like the callbackUrl will actually be important for them
+        this.db = db;
+        this.callbackUrl = callbackUrl;
+        this.isPublic = isPublic;
+        this.sideChannelFetch = sideChannelFetch;
+        this.strict = strict;
+        this.allowInsecureRequests = allowInsecureRequests;
+        this.clientName = clientName;
+        this.logger = logger;
+    }
+}
+OAuthResourceClient.trimToPath = (url) => {
+    try {
+        const urlObj = new URL(url);
+        return `${urlObj.origin}${urlObj.pathname}`;
+    }
+    catch (error) {
+        // If the URL is invalid, try to construct a valid one
+        if (!url.startsWith('http://') && !url.startsWith('https://')) {
+            return `https://${url}`;
+        }
+        throw error;
+    }
+};
+OAuthResourceClient.getParentPath = (url) => {
+    const urlObj = new URL(url);
+    urlObj.pathname = urlObj.pathname.replace(/\/[^/]+$/, '');
+    const res = urlObj.toString();
+    return res === url ? null : res;
+};
+//# sourceMappingURL=oAuthResource.js.map

package/dist/oAuthResource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oAuthResource.js","sourceRoot":"","sources":["../src/oAuthResource.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,OAAO,KAAK,KAAK,MAAM,cAAc,CAAC;AAEtC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAa5C,MAAM,OAAO,mBAAmB;IAkB9B,YAAY,EACV,EAAE,EACF,WAAW,GAAG,oDAAoD,EAClE,QAAQ,GAAG,KAAK,EAChB,gBAAgB,GAAG,KAAK,EACxB,MAAM,GAAG,KAAK,EACd,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,EAC9D,UAAU,GAAG,4BAA4B,EACzC,MAAM,GAAG,IAAI,aAAa,EAAE,EACF;QAZ5B,4DAA4D;QACpD,sBAAiB,GAAG,IAAI,GAAG,EAAsC,CAAC;QA4C1E,oBAAe,GAAG,KAAK,EAAE,sBAA8B,EAAE,KAAa,EAAE,oBAA6C,EAAsB,EAAE;YAC3I,yFAAyF;YACzF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;YACnG,oGAAoG;YACpG,IAAI,iBAAiB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;YAE7E,0CAA0C;YAC1C,IAAI,MAAM,GAAiB;gBACzB,SAAS,EAAE,iBAAiB,CAAC,QAAQ;gBACrC,0BAA0B,EAAE,qBAAqB;aAClD,CAAC;YAEF,sCAAsC;YACtC,IAAI,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAEzE,kDAAkD;YAClD,IAAI,qBAAqB,GAAG,MAAM,KAAK,CAAC,oBAAoB,CAC1D,mBAAmB,EACnB,MAAM,EACN,UAAU,EACV,KAAK,EACL;gBACE,oBAAoB;gBACpB,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,gBAAgB;gBAC1C,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,qBAAqB;aAC1D,CACF,CAAC;YAEF,IAAG,qBAAqB,CAAC,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kDAAkD,qBAAqB,CAAC,UAAU,kEAAkE,CAAC,CAAC;gBACvK,iBAAiB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;gBACnE,MAAM,GAAG;oBACP,SAAS,EAAE,iBAAiB,CAAC,QAAQ;oBACrC,0BAA0B,EAAE,qBAAqB;iBAClD,CAAC;gBACF,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;gBACrE,qBAAqB,GAAG,MAAM,KAAK,CAAC,oBAAoB,CACtD,mBAAmB,EACnB,MAAM,EACN,UAAU,EACV,KAAK,EACL;oBACE,oBAAoB;oBACpB,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,gBAAgB;oBAC1C,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,qBAAqB;iBAC1D,CACF,CAAC;YACJ,CAAC;YAED,IAAG,qBAAqB,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,0CAA0C,qBAAqB,CAAC,MAAM,KAAK,qBAAqB,CAAC,UAAU,EAAE,CAAC,CAAC;YACjI,CAAC;YAED,qCAAqC;YACrC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,4BAA4B,CACxD,mBAAmB,EACnB,MAAM,EACN,qBAAqB,CACtB,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,SAAS,CAAC,MAAM;gBACxB,KAAK,EAAE,SAAS,CAAC,KAAK;gBACtB,GAAG,EAAE,SAAS,CAAC,GAAG;gBAClB,GAAG,EAAE,SAAS,CAAC,GAAG;aACnB,CAAC;QACJ,CAAC,CAAA;QAED,2BAAsB,GAAG,KAAK,EAAE,iBAAyB,EAAsC,EAAE;YAC/F,iBAAiB,GAAG,IAAI,CAAC,0BAA0B,CAAC,iBAAiB,CAAC,CAAC;YAEvE,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC;gBAE/C,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,WAAW,EAAE;oBACpE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,gBAAgB;oBAC1C,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,qBAAqB;iBAC1D,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,MAAM,KAAK,GAAG,CAAC;gBAElE,IAAI,UAAU,GAAuB,SAAS,CAAC;gBAC/C,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,gCAAgC,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;oBAC9F,UAAU,GAAG,cAAc,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,oFAAoF;oBACpF,uFAAuF;oBACvF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+FAA+F,CAAC,CAAC;oBAClH,4FAA4F;oBAC5F,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC;oBACzC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,GAAG,IAAI,GAAG,KAAK,CAAC,IAAI,GAAG,yCAAyC,CAAC;oBAC/F,oGAAoG;oBACpG,kGAAkG;oBAClG,kEAAkE;oBAClE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;oBAC1D,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBAChC,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;wBAC3C,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;gBACnF,CAAC;gBAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;gBAC1C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;gBACjE,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,KAAK,EAAE,CAAC,CAAC;gBAChF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAE,KAAe,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;gBAC/C,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAA;QAED,+BAA0B,GAAG,KAAK,EAAE,aAAkB,EAAsC,EAAE;YAC5F,IAAI,CAAC;gBACH,2DAA2D;gBAC3D,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAAE,CAAC;oBAC/E,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;gBAC1G,CAAC;gBAED,6CAA6C;gBAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,aAAa,EAAE;oBAC3D,SAAS,EAAE,QAAQ;oBACnB,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,gBAAgB;oBAC1C,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,qBAAqB;iBAC1D,CAAC,CAAC;gBACH,MAAM,mBAAmB,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;gBAC1F,OAAO,mBAAmB,CAAC;YAC7B,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,KAAK,EAAE,CAAC,CAAC;gBAChF,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAA;QAES,+BAA0B,GAAG,CAAC,iBAAyB,EAAU,EAAE;YAC3E,2BAA2B;YAC3B,gHAAgH;YAChH,wEAAwE;YACxE,iHAAiH;YACjH,8DAA8D;YAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC;YACnF,OAAO,GAAG,CAAC;QACb,CAAC,CAAA;QAES,4BAAuB,GAAG,KAAK,IAAgE,EAAE;YACzG,0CAA0C;YAC1C,MAAM,cAAc,GAAG;gBACrB,aAAa,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;gBACjC,4EAA4E;gBAC5E,wDAAwD;gBACxD,cAAc,EAAE,CAAC,MAAM,CAAC;gBACxB,WAAW,EAAE,CAAC,oBAAoB,EAAE,oBAAoB,CAAC;gBACzD,0BAA0B,EAAE,qBAAqB;gBACjD,WAAW,EAAE,IAAI,CAAC,UAAU;aAC7B,CAAC;YACF,OAAO,cAAc,CAAC;QACxB,CAAC,CAAA;QAES,mBAAc,GAAG,KAAK,EAAE,mBAA8C,EAA8B,EAAE;YAC9G,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAEzF,IAAI,CAAC,mBAAmB,CAAC,qBAAqB,EAAE,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;YACvF,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAE5D,IAAI,gBAA8B,CAAC;YACnC,IAAI,CAAC;gBACH,gCAAgC;gBAChC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gCAAgC,CAC3D,mBAAmB,EACnB,cAAc,EACd;oBACE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,gBAAgB;oBAC1C,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,qBAAqB;iBAC1D,CACF,CAAC;gBAEF,oCAAoC;gBACpC,gBAAgB,GAAG,MAAM,KAAK,CAAC,wCAAwC,CAAC,QAAQ,CAAC,CAAC;YACpF,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;gBAC7G,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,gBAAgB,CAAC,SAAS,EAAE,CAAC,CAAC;YAE1F,2DAA2D;YAC3D,MAAM,WAAW,GAAsB;gBACrC,QAAQ,EAAE,gBAAgB,CAAC,SAAS;gBACpC,YAAY,EAAE,gBAAgB,CAAC,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,8BAA8B;gBAC9F,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,uCAAuC;YACvC,MAAM,IAAI,CAAC,EAAE,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAE7E,OAAO,WAAW,CAAC;QACrB,CAAC,CAAA;QAES,yBAAoB,GAAG,KAAK,EAAE,mBAA8C,EAA8B,EAAE;YACpH,IAAI,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjF,iDAAiD;YACjD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,sEAAsE;gBACtE,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC;gBAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACzD,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,OAAO,EAAE,CAAC,CAAC;oBACrF,OAAO,MAAM,YAAY,CAAC;gBAC5B,CAAC;gBAED,iEAAiE;gBACjE,IAAI,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;oBACrE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;oBAEzD,WAAW,GAAG,MAAM,mBAAmB,CAAC;oBACxC,OAAO,WAAW,CAAC;gBACrB,CAAC;wBAAS,CAAC;oBACT,qCAAqC;oBACrC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YACD,OAAO,WAAW,CAAC;QACrB,CAAC,CAAA;QAES,2BAAsB,GAAG,CACjC,WAA8B,EACI,EAAE;YACpC,kCAAkC;YAClC,MAAM,MAAM,GAAiB;gBAC3B,SAAS,EAAE,WAAW,CAAC,QAAQ;gBAC/B,0BAA0B,EAAE,MAAM;aACnC,CAAC;YACF,IAAI,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAE9B,oFAAoF;YACpF,sFAAsF;YACtF,iEAAiE;YACjE,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;gBAC7B,MAAM,CAAC,0BAA0B,GAAG,oBAAoB,CAAC;gBACzD,0CAA0C;gBAC1C,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAChE,CAAC;YAED,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9B,CAAC,CAAA;QA3RC,4GAA4G;QAC5G,0EAA0E;QAC1E,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;QACnD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;;AAEM,8BAAU,GAAG,CAAC,GAAW,EAAU,EAAE;IAC1C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,sDAAsD;QACtD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9D,OAAO,WAAW,GAAG,EAAE,CAAC;QAC1B,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,AAXgB,CAWhB;AAEM,iCAAa,GAAG,CAAC,GAAW,EAAiB,EAAE;IACpD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC9B,OAAO,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AAClC,CAAC,AALmB,CAKnB"}

package/dist/paymentRequiredError.d.ts

@@ -0,0 +1,6 @@
+import { McpError } from "@modelcontextprotocol/sdk/types.js";
+import { AuthorizationServerUrl } from "./types.js";
+export declare const PAYMENT_REQUIRED_ERROR_CODE = -30402;
+export declare const PAYMENT_REQUIRED_PREAMBLE = "Payment via ATXP is required. ";
+export declare function paymentRequiredError(server: AuthorizationServerUrl, paymentRequestId: string, chargeAmount?: BigNumber): McpError;
+//# sourceMappingURL=paymentRequiredError.d.ts.map

package/dist/paymentRequiredError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paymentRequiredError.d.ts","sourceRoot":"","sources":["../src/paymentRequiredError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oCAAoC,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAGpD,eAAO,MAAM,2BAA2B,SAAS,CAAC;AAGlD,eAAO,MAAM,yBAAyB,mCAAmC,CAAC;AAE1E,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,SAAS,GAAG,QAAQ,CAQjI"}

package/dist/paymentRequiredError.js

@@ -0,0 +1,14 @@
+import { McpError } from "@modelcontextprotocol/sdk/types.js";
+export const PAYMENT_REQUIRED_ERROR_CODE = -30402; // Payment required
+// Do NOT modify this message. It is used by clients to identify an ATXP payment required error
+// in an MCP response. Changing it will break back-compatability.
+export const PAYMENT_REQUIRED_PREAMBLE = 'Payment via ATXP is required. ';
+export function paymentRequiredError(server, paymentRequestId, chargeAmount) {
+    const serverUrl = new URL(server);
+    server = serverUrl.origin;
+    const paymentRequestUrl = `${server}/payment-request/${paymentRequestId}`;
+    const data = { paymentRequestId, paymentRequestUrl, chargeAmount };
+    const amountText = chargeAmount ? ` You will be charged ${chargeAmount.toString()}.` : '';
+    return new McpError(PAYMENT_REQUIRED_ERROR_CODE, `${PAYMENT_REQUIRED_PREAMBLE}${amountText} Please pay at: ${paymentRequestUrl}`, data);
+}
+//# sourceMappingURL=paymentRequiredError.js.map

package/dist/paymentRequiredError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paymentRequiredError.js","sourceRoot":"","sources":["../src/paymentRequiredError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oCAAoC,CAAC;AAI9D,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,KAAK,CAAC,CAAC,mBAAmB;AACtE,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,CAAC,MAAM,yBAAyB,GAAG,gCAAgC,CAAC;AAE1E,MAAM,UAAU,oBAAoB,CAAC,MAA8B,EAAE,gBAAwB,EAAE,YAAwB;IACrH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,GAAG,SAAS,CAAC,MAAgC,CAAC;IAEpD,MAAM,iBAAiB,GAAG,GAAG,MAAM,oBAAoB,gBAAgB,EAAE,CAAC;IAC1E,MAAM,IAAI,GAAG,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,YAAY,EAAE,CAAC;IACnE,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,wBAAwB,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,OAAO,IAAI,QAAQ,CAAC,2BAA2B,EAAE,GAAG,yBAAyB,GAAG,UAAU,mBAAmB,iBAAiB,EAAE,EAAE,IAAI,CAAC,CAAC;AAC1I,CAAC"}

package/dist/platform/index.d.ts

@@ -0,0 +1,27 @@
+import type { FetchLike } from '../types.js';
+export interface PlatformCrypto {
+    digest: (data: Uint8Array) => Promise<Uint8Array>;
+    randomUUID: () => string;
+    toHex: (data: Uint8Array) => string;
+}
+export interface PlatformSQLite {
+    openDatabase: (name: string) => SQLiteDatabase;
+}
+export interface SQLiteDatabase {
+    execAsync: (sql: string) => Promise<void>;
+    prepareAsync: (sql: string) => Promise<SQLiteStatement>;
+    closeAsync: () => Promise<void>;
+}
+export interface SQLiteStatement {
+    executeAsync: <T = any>(...params: any[]) => Promise<SQLiteResult<T>>;
+    finalizeAsync: () => Promise<void>;
+}
+export interface SQLiteResult<T> {
+    getFirstAsync: () => Promise<T | null>;
+}
+export declare function getIsReactNative(): boolean;
+export declare const isNode: string | false;
+export declare const createReactNativeSafeFetch: (originalFetch: FetchLike) => FetchLike;
+export declare let crypto: PlatformCrypto;
+export declare let sqlite: PlatformSQLite;
+//# sourceMappingURL=index.d.ts.map

package/dist/platform/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/platform/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG7C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;IAClD,UAAU,EAAE,MAAM,MAAM,CAAC;IACzB,KAAK,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,MAAM,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,cAAc,CAAC;CAChD;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;IACxD,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,aAAa,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY,CAAC,CAAC;IAC7B,aAAa,EAAE,MAAM,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CACxC;AAGD,wBAAgB,gBAAgB,YAG/B;AACD,eAAO,MAAM,MAAM,gBAA2D,CAAC;AAkC/E,eAAO,MAAM,0BAA0B,GAAI,eAAe,SAAS,KAAG,SA4BrE,CAAC;AA4IF,eAAO,IAAI,MAAM,EAAE,cAAc,CAAC;AAClC,eAAO,IAAI,MAAM,EAAE,cAAc,CAAC"}

package/dist/platform/index.js

@@ -0,0 +1,204 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+// Platform detection - supports both Expo and bare React Native
+export function getIsReactNative() {
+    const nav = (typeof navigator !== 'undefined' ? navigator : (typeof global !== 'undefined' ? global.navigator : undefined));
+    return !!nav && nav.product === 'ReactNative';
+}
+export const isNode = typeof process !== 'undefined' && process.versions?.node;
+// Helper to load modules in both CommonJS and ESM environments
+function loadModule(moduleId) {
+    try {
+        // Try to use eval('require') to prevent bundler static analysis
+        const requireFunc = (0, eval)('require');
+        return requireFunc(moduleId);
+    }
+    catch {
+        throw new Error(`Failed to load module "${moduleId}" synchronously. In ESM environments, please ensure the module is pre-loaded or use MemoryOAuthDb instead.`);
+    }
+}
+// Async version for cases where we can fall back to dynamic import
+async function loadModuleAsync(moduleId) {
+    try {
+        // Try synchronous loading first
+        return loadModule(moduleId);
+    }
+    catch {
+        // Fall back to dynamic import for ESM
+        try {
+            return await import(moduleId);
+        }
+        catch (e) {
+            throw new Error(`Failed to load module "${moduleId}": ${e instanceof Error ? e.message : 'Module loading not available in this environment'}`);
+        }
+    }
+}
+// Apply URL polyfill for React Native/Expo
+if (getIsReactNative()) {
+    loadModule('react-native-url-polyfill/auto');
+}
+// React Native safe fetch that prevents body consumption issues
+export const createReactNativeSafeFetch = (originalFetch) => {
+    return async (url, init) => {
+        const response = await originalFetch(url, init);
+        // For non-2xx responses or responses we know won't have JSON bodies, return as-is
+        if (!response.ok || response.status === 204) {
+            return response;
+        }
+        // Pre-read the body to avoid consumption issues
+        const contentType = response.headers.get('content-type');
+        if (contentType && contentType.includes('application/json')) {
+            try {
+                const bodyText = await response.text();
+                // Create a new Response with the pre-read body
+                return new Response(bodyText, {
+                    status: response.status,
+                    statusText: response.statusText,
+                    headers: response.headers
+                });
+            }
+            catch {
+                // If reading fails, return original response
+                return response;
+            }
+        }
+        return response;
+    };
+};
+// Platform factory functions
+function createReactNativeCrypto() {
+    let expoCrypto;
+    try {
+        expoCrypto = loadModule('expo-crypto');
+    }
+    catch {
+        throw new Error('React Native detected but expo-crypto package is required. ' +
+            'Please install it: npm install expo-crypto');
+    }
+    return {
+        digest: async (data) => {
+            const hash = await expoCrypto.digestStringAsync(expoCrypto.CryptoDigestAlgorithm.SHA256, new TextDecoder().decode(data));
+            return new Uint8Array(Buffer.from(hash, 'hex'));
+        },
+        randomUUID: () => expoCrypto.randomUUID(),
+        toHex: (data) => Array.from(data).map(b => b.toString(16).padStart(2, '0')).join(''),
+    };
+}
+function createReactNativeSQLite() {
+    let expoSqlite;
+    try {
+        expoSqlite = loadModule('expo-sqlite');
+    }
+    catch {
+        throw new Error('React Native detected but expo-sqlite package is required. ' +
+            'Please install it: npm install expo-sqlite');
+    }
+    return {
+        openDatabase: (name) => expoSqlite.openDatabaseSync(name),
+    };
+}
+function createNodeCrypto() {
+    let cryptoModule = null;
+    return {
+        digest: async (data) => {
+            if (!cryptoModule) {
+                cryptoModule = await loadModuleAsync('crypto');
+            }
+            return new Uint8Array(cryptoModule.createHash('sha256').update(data).digest());
+        },
+        randomUUID: () => {
+            // randomUUID is synchronous, so we need sync loading
+            try {
+                const crypto = loadModule('crypto');
+                return crypto.randomUUID();
+            }
+            catch {
+                throw new Error('randomUUID requires synchronous module loading (CommonJS)');
+            }
+        },
+        toHex: (data) => Buffer.from(data).toString('hex'),
+    };
+}
+function createNodeSQLite() {
+    return {
+        openDatabase: (name) => {
+            let db = null;
+            let dbPromise = null;
+            const getDbAsync = async () => {
+                if (db)
+                    return db;
+                if (!dbPromise) {
+                    dbPromise = (async () => {
+                        try {
+                            // Try synchronous loading first (works in CJS)
+                            const Database = loadModule('better-sqlite3');
+                            db = new Database(name);
+                        }
+                        catch {
+                            // Fall back to async loading for ESM
+                            const module = await import('better-sqlite3');
+                            const Database = module.default || module;
+                            db = new Database(name);
+                        }
+                        return db;
+                    })();
+                }
+                return dbPromise;
+            };
+            return {
+                execAsync: async (sql) => {
+                    const database = await getDbAsync();
+                    database.exec(sql);
+                },
+                prepareAsync: async (sql) => {
+                    const database = await getDbAsync();
+                    const stmt = database.prepare(sql);
+                    return {
+                        executeAsync: async (...params) => {
+                            // Use .all() for SELECT, .run() for others
+                            const isSelect = /^\s*select/i.test(sql);
+                            let resultRows = [];
+                            if (isSelect) {
+                                resultRows = stmt.all(...params);
+                            }
+                            else {
+                                stmt.run(...params);
+                            }
+                            return {
+                                getFirstAsync: async () => {
+                                    if (isSelect) {
+                                        return resultRows[0] || null;
+                                    }
+                                    else {
+                                        return null;
+                                    }
+                                },
+                                // Optionally, you could expose runResult for non-SELECTs if needed
+                            };
+                        },
+                        finalizeAsync: async () => {
+                            // better-sqlite3 statements are automatically finalized when they go out of scope
+                        },
+                    };
+                },
+                closeAsync: async () => {
+                    if (db) {
+                        db.close();
+                        db = null;
+                    }
+                },
+            };
+        },
+    };
+}
+// Export platform-specific implementations
+export let crypto;
+export let sqlite;
+if (getIsReactNative()) {
+    crypto = createReactNativeCrypto();
+    sqlite = createReactNativeSQLite();
+}
+else {
+    crypto = createNodeCrypto();
+    sqlite = createNodeSQLite();
+}
+//# sourceMappingURL=index.js.map

package/dist/platform/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/platform/index.ts"],"names":[],"mappings":"AAAA,uDAAuD;AA+BvD,gEAAgE;AAChE,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,CAAC,OAAO,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAE,MAAc,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IACrI,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,KAAK,aAAa,CAAC;AAChD,CAAC;AACD,MAAM,CAAC,MAAM,MAAM,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC;AAE/E,+DAA+D;AAC/D,SAAS,UAAU,CAAC,QAAgB;IAClC,IAAI,CAAC;QACH,gEAAgE;QAChE,MAAM,WAAW,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC;QACzC,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,4GAA4G,CAAC,CAAC;IAClK,CAAC;AACH,CAAC;AAED,mEAAmE;AACnE,KAAK,UAAU,eAAe,CAAC,QAAgB;IAC7C,IAAI,CAAC;QACH,gCAAgC;QAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;QACtC,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,MAAM,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,kDAAkD,EAAE,CAAC,CAAC;QACjJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,2CAA2C;AAC3C,IAAI,gBAAgB,EAAE,EAAE,CAAC;IACvB,UAAU,CAAC,gCAAgC,CAAC,CAAC;AAC/C,CAAC;AAED,gEAAgE;AAChE,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,aAAwB,EAAa,EAAE;IAChF,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEhD,kFAAkF;QAClF,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5C,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,gDAAgD;QAChD,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,WAAW,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvC,+CAA+C;gBAC/C,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE;oBAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,OAAO,EAAE,QAAQ,CAAC,OAAO;iBAC1B,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;gBAC7C,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF,6BAA6B;AAC7B,SAAS,uBAAuB;IAC9B,IAAI,UAAe,CAAC;IACpB,IAAI,CAAC;QACH,UAAU,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,6DAA6D;YAC7D,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,KAAK,EAAE,IAAgB,EAAE,EAAE;YACjC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,iBAAiB,CAC7C,UAAU,CAAC,qBAAqB,CAAC,MAAM,EACvC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAC/B,CAAC;YACF,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAClD,CAAC;QACD,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE;QACzC,KAAK,EAAE,CAAC,IAAgB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;KACjG,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB;IAC9B,IAAI,UAAe,CAAC;IACpB,IAAI,CAAC;QACH,UAAU,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,6DAA6D;YAC7D,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC;KAClE,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,YAAY,GAAQ,IAAI,CAAC;IAE7B,OAAO;QACL,MAAM,EAAE,KAAK,EAAE,IAAgB,EAAE,EAAE;YACjC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,YAAY,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,UAAU,EAAE,GAAG,EAAE;YACf,qDAAqD;YACrD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACpC,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QACD,KAAK,EAAE,CAAC,IAAgB,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO;QACL,YAAY,EAAE,CAAC,IAAY,EAAE,EAAE;YAC7B,IAAI,EAAE,GAAQ,IAAI,CAAC;YACnB,IAAI,SAAS,GAAwB,IAAI,CAAC;YAE1C,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;gBAC5B,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC;gBAElB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,SAAS,GAAG,CAAC,KAAK,IAAI,EAAE;wBACtB,IAAI,CAAC;4BACH,+CAA+C;4BAC/C,MAAM,QAAQ,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC;4BAC9C,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;wBAC1B,CAAC;wBAAC,MAAM,CAAC;4BACP,qCAAqC;4BACrC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;4BAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC;4BAC1C,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;wBAC1B,CAAC;wBACD,OAAO,EAAE,CAAC;oBACZ,CAAC,CAAC,EAAE,CAAC;gBACP,CAAC;gBAED,OAAO,SAAS,CAAC;YACnB,CAAC,CAAC;YAEF,OAAO;gBACL,SAAS,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;oBAC/B,MAAM,QAAQ,GAAG,MAAM,UAAU,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrB,CAAC;gBACD,YAAY,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;oBAClC,MAAM,QAAQ,GAAG,MAAM,UAAU,EAAE,CAAC;oBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACnC,OAAO;wBACL,YAAY,EAAE,KAAK,EAAK,GAAG,MAAa,EAAE,EAAE;4BAC1C,2CAA2C;4BAC3C,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;4BACzC,IAAI,UAAU,GAAQ,EAAE,CAAC;4BACzB,IAAI,QAAQ,EAAE,CAAC;gCACb,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;4BACnC,CAAC;iCAAM,CAAC;gCACN,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;4BACtB,CAAC;4BACD,OAAO;gCACL,aAAa,EAAE,KAAK,IAAI,EAAE;oCACxB,IAAI,QAAQ,EAAE,CAAC;wCACb,OAAO,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;oCAC/B,CAAC;yCAAM,CAAC;wCACN,OAAO,IAAI,CAAC;oCACd,CAAC;gCACH,CAAC;gCACD,mEAAmE;6BACpE,CAAC;wBACJ,CAAC;wBACD,aAAa,EAAE,KAAK,IAAI,EAAE;4BACxB,kFAAkF;wBACpF,CAAC;qBACF,CAAC;gBACJ,CAAC;gBACD,UAAU,EAAE,KAAK,IAAI,EAAE;oBACrB,IAAI,EAAE,EAAE,CAAC;wBACP,EAAE,CAAC,KAAK,EAAE,CAAC;wBACX,EAAE,GAAG,IAAI,CAAC;oBACZ,CAAC;gBACH,CAAC;aACF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,2CAA2C;AAC3C,MAAM,CAAC,IAAI,MAAsB,CAAC;AAClC,MAAM,CAAC,IAAI,MAAsB,CAAC;AAElC,IAAI,gBAAgB,EAAE,EAAE,CAAC;IACvB,MAAM,GAAG,uBAAuB,EAAE,CAAC;IACnC,MAAM,GAAG,uBAAuB,EAAE,CAAC;AACrC,CAAC;KAAM,CAAC;IACN,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAC5B,MAAM,GAAG,gBAAgB,EAAE,CAAC;AAC9B,CAAC"}

package/dist/redisOAuthDb.d.ts

@@ -0,0 +1,36 @@
+import type { AccessToken, ClientCredentials, Logger, OAuthDb, PKCEValues } from './types.js';
+export interface RedisClient {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<unknown>;
+    setex(key: string, seconds: number, value: string): Promise<unknown>;
+    del(key: string): Promise<number>;
+    quit(): Promise<unknown>;
+}
+export interface RedisOAuthDbConfig {
+    redis: RedisClient | string;
+    encrypt?: (data: string) => string;
+    decrypt?: (data: string) => string;
+    logger?: Logger;
+    keyPrefix?: string;
+    ttl?: number;
+}
+export declare class RedisOAuthDb implements OAuthDb {
+    private redis;
+    private encrypt;
+    private decrypt;
+    private logger;
+    private keyPrefix;
+    private ttl?;
+    constructor({ redis, encrypt, decrypt, logger, keyPrefix, ttl }: RedisOAuthDbConfig);
+    private createRedisClient;
+    private getRedisClient;
+    private getKey;
+    getClientCredentials(resourceUrl: string): Promise<ClientCredentials | null>;
+    saveClientCredentials(resourceUrl: string, credentials: ClientCredentials): Promise<void>;
+    getPKCEValues(userId: string, state: string): Promise<PKCEValues | null>;
+    savePKCEValues(userId: string, state: string, values: PKCEValues): Promise<void>;
+    getAccessToken(userId: string, url: string): Promise<AccessToken | null>;
+    saveAccessToken(userId: string, url: string, token: AccessToken): Promise<void>;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=redisOAuthDb.d.ts.map

package/dist/redisOAuthDb.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redisOAuthDb.d.ts","sourceRoot":"","sources":["../src/redisOAuthDb.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE9F,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClD,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACrE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,WAAW,GAAG,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACnC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,YAAa,YAAW,OAAO;IAC1C,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,GAAG,CAAC,CAAS;gBAET,EACV,KAAK,EACL,OAAgC,EAChC,OAAgC,EAChC,MAA4B,EAC5B,SAAoB,EACpB,GAAG,EACJ,EAAE,kBAAkB;YAeP,iBAAiB;YAUjB,cAAc;IAO5B,OAAO,CAAC,MAAM;IAIR,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAoB5E,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAYzF,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAqBxE,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAehF,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAgCxE,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB/E,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAQ7B"}