@better-auth/oauth-provider 1.7.0-beta.5 → 1.7.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/{client-assertion-DmT1B6_6.mjs → client-assertion-CctbJywV.mjs} +88 -64
  2. package/dist/client-resource.d.mts +17 -2
  3. package/dist/client-resource.mjs +45 -25
  4. package/dist/client.d.mts +1 -1
  5. package/dist/client.mjs +3 -13
  6. package/dist/index.d.mts +100 -17
  7. package/dist/index.mjs +1239 -1699
  8. package/dist/introspect-BXqKFUQZ.mjs +2115 -0
  9. package/dist/{oauth-DU6NeviY.d.mts → oauth-CAeemjD7.d.mts} +265 -148
  10. package/dist/{oauth-BXrYl5x6.d.mts → oauth-CaXmZpoL.d.mts} +829 -33
  11. package/dist/resource-challenge-B-cqv4ur.mjs +63 -0
  12. package/dist/rolldown-runtime-wcPFST8Q.mjs +13 -0
  13. package/dist/signed-query-CFv2jNMT.mjs +44 -0
  14. package/dist/{utils-D2dLqo7f.mjs → utils-Baq6atYN.mjs} +310 -68
  15. package/dist/{version-B1ZiRmxj.mjs → version-CUu3vBtU.mjs} +1 -1
  16. package/package.json +7 -8
  17. package/dist/mcp-CYnz-MXn.mjs +0 -56
package/dist/mcp-CYnz-MXn.mjs DELETED
@@ -1,56 +0,0 @@
1
- import { isAPIError } from "better-auth/api";
2
- import { verifyAccessToken } from "better-auth/oauth2";
3
- import { APIError as APIError$1 } from "better-call";
4
- //#region src/mcp.ts
5
- /**
6
- * A request middleware handler that checks and responds with
7
- * a WWW-Authenticate header for unauthenticated responses.
8
- *
9
- * @external
10
- */
11
- const mcpHandler = (verifyOptions, handler, opts) => {
12
- return async (req) => {
13
- const authorization = req.headers?.get("authorization") ?? void 0;
14
- const accessToken = authorization?.startsWith("Bearer ") ? authorization.replace("Bearer ", "") : authorization;
15
- try {
16
- if (!accessToken?.length) throw new APIError$1("UNAUTHORIZED", { message: "missing authorization header" });
17
- return handler(req, await verifyAccessToken(accessToken, verifyOptions));
18
- } catch (error) {
19
- try {
20
- handleMcpErrors(error, verifyOptions.verifyOptions.audience, opts);
21
- } catch (err) {
22
- if (err instanceof APIError$1) return new Response(err.message, {
23
- ...err,
24
- status: err.statusCode
25
- });
26
- throw new Error(String(err));
27
- }
28
- throw new Error(String(error));
29
- }
30
- };
31
- };
32
- /**
33
- * The following handles all MCP errors and API errors
34
- *
35
- * @internal
36
- */
37
- function handleMcpErrors(error, resource, opts) {
38
- if (isAPIError(error) && error.status === "UNAUTHORIZED") {
39
- const wwwAuthenticateValue = (Array.isArray(resource) ? resource : [resource]).map((v) => {
40
- let audiencePath;
41
- if (URL.canParse?.(v)) {
42
- const url = new URL(v);
43
- audiencePath = url.pathname.endsWith("/") ? url.pathname.slice(0, -1) : url.pathname;
44
- return `Bearer resource_metadata="${url.origin}/.well-known/oauth-protected-resource${audiencePath}"`;
45
- } else {
46
- const resourceMetadata = opts?.resourceMetadataMappings?.[v];
47
- if (!resourceMetadata) throw new APIError$1("INTERNAL_SERVER_ERROR", { message: `missing resource_metadata mapping for ${v}` });
48
- return `Bearer resource_metadata=${resourceMetadata}`;
49
- }
50
- }).join(", ");
51
- throw new APIError$1("UNAUTHORIZED", { message: error.message }, { "WWW-Authenticate": wwwAuthenticateValue });
52
- } else if (error instanceof Error) throw error;
53
- else throw new Error(error);
54
- }
55
- //#endregion
56
- export { mcpHandler as n, handleMcpErrors as t };