@bugroger/lokka 0.3.10 → 0.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/build/auth.js +21 -35
  2. package/package.json +1 -1
package/build/auth.js CHANGED
@@ -99,50 +99,36 @@ export var AuthMode;
99
99
  const TOKEN_ENDPOINT = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
100
100
  const AUTHORIZE_ENDPOINT = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
101
101
  const REFRESH_BUFFER_SECONDS = 300; // refresh 5 minutes before expiry
102
- // Default scopes for interactive auth offline_access is required for refresh tokens
103
- const DEFAULT_INTERACTIVE_SCOPES = [
102
+ // Read-only scopes — auto-approved, used by default
103
+ const DEFAULT_READ_SCOPES = [
104
104
  "Calendars.Read",
105
- "Calendars.Read.Shared",
105
+ "Chat.Read",
106
+ "Contacts.Read",
107
+ "Files.Read",
108
+ "Mail.Read",
109
+ "Tasks.Read",
110
+ "User.Read",
111
+ "Calendars.ReadWrite",
112
+ "Mail.ReadWrite"
113
+ ];
114
+ // Write scopes — auto-approved but not included by default
115
+ const DEFAULT_WRITE_SCOPES = [
106
116
  "Calendars.ReadWrite",
117
+ "Mail.ReadWrite",
118
+ "Mail.Send",
119
+ ];
120
+ // Scopes that require explicit user consent via interactive auth prompt
121
+ const USER_CONSENT_SCOPES = [
122
+ "Calendars.Read.Shared",
107
123
  "Calendars.ReadWrite.Shared",
108
- "Channel.ReadBasic.All",
109
- "ChannelMessage.Send",
110
- "Chat.Read",
111
124
  "Chat.ReadWrite",
112
- "ChatMessage.Send",
113
- "Contacts.Read",
114
125
  "Contacts.Read.Shared",
115
126
  "Contacts.ReadWrite",
116
127
  "Contacts.ReadWrite.Shared",
117
- "EAS.AccessAsUser.All",
118
- "EWS.AccessAsUser.All",
119
- "Files.Read",
120
- "Files.Read.All",
121
- "Files.Read.Selected",
122
128
  "Files.ReadWrite",
123
- "Files.ReadWrite.All",
124
- "Files.ReadWrite.Selected",
125
- "Mail.Read",
126
129
  "Mail.Read.Shared",
127
- "Mail.ReadBasic",
128
- "Mail.ReadBasic.Shared",
129
- "Mail.ReadWrite",
130
130
  "Mail.ReadWrite.Shared",
131
- "Mail.Send",
132
131
  "Mail.Send.Shared",
133
- "MailboxSettings.Read",
134
- "MailboxSettings.ReadWrite",
135
- "Notes.Read.All",
136
- "OnlineMeetingArtifact.Read.All",
137
- "OnlineMeetingTranscript.Read.All",
138
- "OnlineMeetings.Read",
139
- "OnlineMeetings.ReadWrite",
140
- "Sites.Read.All",
141
- "Sites.ReadWrite.All",
142
- "Tasks.Read",
143
- "Team.ReadBasic.All",
144
- "User.Read",
145
- "User.ReadBasic.All"
146
132
  ];
147
133
  /**
148
134
  * TokenCredential that persists tokens to disk and refreshes via HTTP.
@@ -223,7 +209,7 @@ export class PersistentTokenCredential {
223
209
  client_id: this.cachedToken.client_id || this.clientId,
224
210
  grant_type: "refresh_token",
225
211
  refresh_token: this.cachedToken.refresh_token,
226
- scope: this.cachedToken.scope || DEFAULT_INTERACTIVE_SCOPES.join(" "),
212
+ scope: this.cachedToken.scope || DEFAULT_READ_SCOPES.join(" "),
227
213
  });
228
214
  try {
229
215
  const response = await fetch(TOKEN_ENDPOINT, {
@@ -262,7 +248,7 @@ export class PersistentTokenCredential {
262
248
  // Generate PKCE challenge
263
249
  const codeVerifier = randomBytes(32).toString("base64url");
264
250
  const codeChallenge = createHash("sha256").update(codeVerifier).digest("base64url");
265
- const scopes = DEFAULT_INTERACTIVE_SCOPES.join(" ");
251
+ const scopes = DEFAULT_READ_SCOPES.join(" ");
266
252
  // Start local server to capture the redirect
267
253
  return new Promise((resolve, reject) => {
268
254
  const server = createServer(async (req, res) => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bugroger/lokka",
3
- "version": "0.3.10",
3
+ "version": "0.3.12",
4
4
  "description": "Lokka is a Model Context Protocol (MCP) server for Microsoft Graph.",
5
5
  "license": "MIT",
6
6
  "author": "Merill",