@cesteral/amazon-dsp-mcp 1.0.0

package/LICENSE.md

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1.  Definitions.
+
+    "License" shall mean the terms and conditions for use, reproduction,
+    and distribution as defined by Sections 1 through 9 of this document.
+
+    "Licensor" shall mean the copyright owner or entity authorized by
+    the copyright owner that is granting the License.
+
+    "Legal Entity" shall mean the union of the acting entity and all
+    other entities that control, are controlled by, or are under common
+    control with that entity. For the purposes of this definition,
+    "control" means (i) the power, direct or indirect, to cause the
+    direction or management of such entity, whether by contract or
+    otherwise, or (ii) ownership of fifty percent (50%) or more of the
+    outstanding shares, or (iii) beneficial ownership of such entity.
+
+    "You" (or "Your") shall mean an individual or Legal Entity
+    exercising permissions granted by this License.
+
+    "Source" form shall mean the preferred form for making modifications,
+    including but not limited to software source code, documentation
+    source, and configuration files.
+
+    "Object" form shall mean any form resulting from mechanical
+    transformation or translation of a Source form, including but
+    not limited to compiled object code, generated documentation,
+    and conversions to other media types.
+
+    "Work" shall mean the work of authorship, whether in Source or
+    Object form, made available under the License, as indicated by a
+    copyright notice that is included in or attached to the work
+    (an example is provided in the Appendix below).
+
+    "Derivative Works" shall mean any work, whether in Source or Object
+    form, that is based on (or derived from) the Work and for which the
+    editorial revisions, annotations, elaborations, or other modifications
+    represent, as a whole, an original work of authorship. For the purposes
+    of this License, Derivative Works shall not include works that remain
+    separable from, or merely link (or bind by name) to the interfaces of,
+    the Work and Derivative Works thereof.
+
+    "Contribution" shall mean any work of authorship, including
+    the original version of the Work and any modifications or additions
+    to that Work or Derivative Works thereof, that is intentionally
+    submitted to Licensor for inclusion in the Work by the copyright owner
+    or by an individual or Legal Entity authorized to submit on behalf of
+    the copyright owner. For the purposes of this definition, "submitted"
+    means any form of electronic, verbal, or written communication sent
+    to the Licensor or its representatives, including but not limited to
+    communication on electronic mailing lists, source code control systems,
+    and issue tracking systems that are managed by, or on behalf of, the
+    Licensor for the purpose of discussing and improving the Work, but
+    excluding communication that is conspicuously marked or otherwise
+    designated in writing by the copyright owner as "Not a Contribution."
+
+    "Contributor" shall mean Licensor and any individual or Legal Entity
+    on behalf of whom a Contribution has been received by Licensor and
+    subsequently incorporated within the Work.
+
+2.  Grant of Copyright License. Subject to the terms and conditions of
+    this License, each Contributor hereby grants to You a perpetual,
+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+    copyright license to reproduce, prepare Derivative Works of,
+    publicly display, publicly perform, sublicense, and distribute the
+    Work and such Derivative Works in Source or Object form.
+
+3.  Grant of Patent License. Subject to the terms and conditions of
+    this License, each Contributor hereby grants to You a perpetual,
+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+    (except as stated in this section) patent license to make, have made,
+    use, offer to sell, sell, import, and otherwise transfer the Work,
+    where such license applies only to those patent claims licensable
+    by such Contributor that are necessarily infringed by their
+    Contribution(s) alone or by combination of their Contribution(s)
+    with the Work to which such Contribution(s) was submitted. If You
+    institute patent litigation against any entity (including a
+    cross-claim or counterclaim in a lawsuit) alleging that the Work
+    or a Contribution incorporated within the Work constitutes direct
+    or contributory patent infringement, then any patent licenses
+    granted to You under this License for that Work shall terminate
+    as of the date such litigation is filed.
+
+4.  Redistribution. You may reproduce and distribute copies of the
+    Work or Derivative Works thereof in any medium, with or without
+    modifications, and in Source or Object form, provided that You
+    meet the following conditions:
+
+    (a) You must give any other recipients of the Work or
+    Derivative Works a copy of this License; and
+
+    (b) You must cause any modified files to carry prominent notices
+    stating that You changed the files; and
+
+    (c) You must retain, in the Source form of any Derivative Works
+    that You distribute, all copyright, patent, trademark, and
+    attribution notices from the Source form of the Work,
+    excluding those notices that do not pertain to any part of
+    the Derivative Works; and
+
+    (d) If the Work includes a "NOTICE" text file as part of its
+    distribution, then any Derivative Works that You distribute must
+    include a readable copy of the attribution notices contained
+    within such NOTICE file, excluding those notices that do not
+    pertain to any part of the Derivative Works, in at least one
+    of the following places: within a NOTICE text file distributed
+    as part of the Derivative Works; within the Source form or
+    documentation, if provided along with the Derivative Works; or,
+    within a display generated by the Derivative Works, if and
+    wherever such third-party notices normally appear. The contents
+    of the NOTICE file are for informational purposes only and
+    do not modify the License. You may add Your own attribution
+    notices within Derivative Works that You distribute, alongside
+    or as an addendum to the NOTICE text from the Work, provided
+    that such additional attribution notices cannot be construed
+    as modifying the License.
+
+    You may add Your own copyright statement to Your modifications and
+    may provide additional or different license terms and conditions
+    for use, reproduction, or distribution of Your modifications, or
+    for any such Derivative Works as a whole, provided Your use,
+    reproduction, and distribution of the Work otherwise complies with
+    the conditions stated in this License.
+
+5.  Submission of Contributions. Unless You explicitly state otherwise,
+    any Contribution intentionally submitted for inclusion in the Work
+    by You to the Licensor shall be under the terms and conditions of
+    this License, without any additional terms or conditions.
+    Notwithstanding the above, nothing herein shall supersede or modify
+    the terms of any separate license agreement you may have executed
+    with Licensor regarding such Contributions.
+
+6.  Trademarks. This License does not grant permission to use the trade
+    names, trademarks, service marks, or product names of the Licensor,
+    except as required for reasonable and customary use in describing the
+    origin of the Work and reproducing the content of the NOTICE file.
+
+7.  Disclaimer of Warranty. Unless required by applicable law or
+    agreed to in writing, Licensor provides the Work (and each
+    Contributor provides its Contributions) on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+    implied, including, without limitation, any warranties or conditions
+    of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+    PARTICULAR PURPOSE. You are solely responsible for determining the
+    appropriateness of using or redistributing the Work and assume any
+    risks associated with Your exercise of permissions under this License.
+
+8.  Limitation of Liability. In no event and under no legal theory,
+    whether in tort (including negligence), contract, or otherwise,
+    unless required by applicable law (such as deliberate and grossly
+    negligent acts) or agreed to in writing, shall any Contributor be
+    liable to You for damages, including any direct, indirect, special,
+    incidental, or consequential damages of any character arising as a
+    result of this License or out of the use or inability to use the
+    Work (including but not limited to damages for loss of goodwill,
+    work stoppage, computer failure or malfunction, or any and all
+    other commercial damages or losses), even if such Contributor
+    has been advised of the possibility of such damages.
+
+9.  Accepting Warranty or Additional Liability. While redistributing
+    the Work or Derivative Works thereof, You may choose to offer,
+    and charge a fee for, acceptance of support, warranty, indemnity,
+    or other liability obligations and/or rights consistent with this
+    License. However, in accepting such obligations, You may act only
+    on Your own behalf and on Your sole responsibility, not on behalf
+    of any other Contributor, and only if You agree to indemnify,
+    defend, and hold each Contributor harmless for any liability
+    incurred by, or claims asserted against, such Contributor by reason
+    of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,59 @@
+# @cesteral/amazon-dsp-mcp
+
+Amazon DSP MCP server for campaign management and reporting through the Amazon Ads API.
+
+## Current Scope
+
+The server currently exposes generic CRUD-style MCP tools for these Amazon DSP entities:
+
+- `campaign` and `order` as backward-compatible aliases for the same management object
+- `adGroup` and `lineItem` as backward-compatible aliases for the same management object
+- `creative`
+- `target`
+- `creativeAssociation`
+
+The implementation keeps the older `order` / `lineItem` names for compatibility while accepting Amazon-style `campaign` / `adGroup` inputs.
+
+## Reporting
+
+Amazon Ads reporting uses reporting v3:
+
+- Submit: `POST /reporting/reports`
+- Poll: `GET /reporting/reports/{reportId}`
+- Required `Content-Type`: `application/vnd.createasyncreportrequest.v3+json`
+- Status values: `PENDING`, `PROCESSING`, `COMPLETED`, `FAILED`
+
+Downloaded reports are handled as raw JSON after decompression, with CSV-style fallback parsing for defensive compatibility.
+
+The `amazon_dsp_get_report`, `amazon_dsp_get_report_breakdowns`, and `amazon_dsp_download_report` tools all return data using the shared bounded report-view contract: `mode` (`"summary"` default — headers + counts + 10-row preview, or `"rows"` for a paginated rows page), `columns` (project to selected columns), `offset` (zero-based pagination), and `maxRows` (page size; default 10 for summary, 50 for rows; hard cap 200).
+
+## Auth And Headers
+
+All upstream requests carry:
+
+- `Authorization: Bearer <access token>`
+- `Amazon-Advertising-API-Scope: <profile id>`
+- `Amazon-Advertising-API-ClientId: <client id>`
+
+The MCP server does not inject profile IDs into request bodies — scope is conveyed through Amazon's required headers.
+
+### Auth flows
+
+Amazon access tokens expire after **60 minutes** (hard limit, per [Amazon Ads API docs](https://advertising.amazon.com/API/docs/en-us/guides/get-started/retrieve-access-token)). Refresh tokens **do not expire** unless revoked. The server supports two flows:
+
+**Flow A — LwA refresh-token (recommended).** Provide `AMAZON_DSP_APP_ID` + `AMAZON_DSP_APP_SECRET` + `AMAZON_DSP_REFRESH_TOKEN` + `AMAZON_DSP_PROFILE_ID`. The adapter mints access tokens via `POST https://api.amazon.com/auth/o2/token` and auto-refreshes them before the 60-minute expiry. In HTTP mode, pass these as `X-AmazonDsp-App-Id` / `-App-Secret` / `-Refresh-Token` headers plus `Amazon-Advertising-API-Scope`.
+
+**Flow B — static access token (CI / short sessions).** Provide `AMAZON_DSP_ACCESS_TOKEN` + `AMAZON_DSP_PROFILE_ID` (+ optional `AMAZON_DSP_CLIENT_ID`). Server starts returning 401 after 60 minutes — re-mint manually. In HTTP mode, use a standard `Authorization: Bearer …` header.
+
+Stdio prefers Flow A when its three env vars are set, falling back to Flow B.
+
+### Producing a refresh token
+
+The fastest path is Amazon's [Postman collection](https://github.com/amzn/ads-advanced-tools-docs) — its auth scripts walk through the OAuth grant flow, exchange the auth code, and store the resulting refresh token in environment variables. Alternatively follow steps 1–2 of the [official getting-started guide](https://advertising.amazon.com/API/docs/en-us/guides/get-started/overview) with `curl`.
+
+## Notes
+
+- Amazon DSP campaign management is modeled through the order object.
+- Amazon DSP ad group management is modeled through the line item object.
+- Performance+ support is represented through optional order fields such as `automatedAdGroupCreation`.
+- Guidance, Quick Actions, and some newer DSP APIs are not yet implemented in this package.

package/dist/auth/amazon-dsp-auth-adapter.d.ts

@@ -0,0 +1,42 @@
+import { OAuth2RefreshAdapterBase } from "@cesteral/shared";
+export interface AmazonDspAuthAdapter {
+    getAccessToken(): Promise<string>;
+    validate(): Promise<void>;
+    readonly userId: string;
+    readonly profileId: string;
+    readonly clientId: string;
+}
+export declare class AmazonDspAccessTokenAdapter implements AmazonDspAuthAdapter {
+    private readonly accessToken;
+    private readonly _profileId;
+    private readonly baseUrl;
+    private readonly _clientId;
+    private validated;
+    private _userId;
+    constructor(accessToken: string, _profileId: string, baseUrl?: string, _clientId?: string);
+    get userId(): string;
+    get profileId(): string;
+    get clientId(): string;
+    getAccessToken(): Promise<string>;
+    validate(): Promise<void>;
+}
+export interface AmazonDspRefreshCredentials {
+    appId: string;
+    appSecret: string;
+    refreshToken: string;
+}
+export declare class AmazonDspRefreshTokenAdapter extends OAuth2RefreshAdapterBase<AmazonDspRefreshCredentials> implements AmazonDspAuthAdapter {
+    private readonly _profileId;
+    private readonly baseUrl;
+    private _userId;
+    constructor(credentials: AmazonDspRefreshCredentials, _profileId: string, baseUrl?: string);
+    get userId(): string;
+    get profileId(): string;
+    get clientId(): string;
+    validate(): Promise<void>;
+}
+export declare function parseAmazonDspRefreshCredentialsFromHeaders(headers: Record<string, string | string[] | undefined>): AmazonDspRefreshCredentials | undefined;
+export declare function parseAmazonDspTokenFromHeaders(headers: Record<string, string | string[] | undefined>): string;
+export declare function getAmazonDspProfileIdFromHeaders(headers: Record<string, string | string[] | undefined>): string;
+export declare function getAmazonDspCredentialFingerprint(accessToken: string, profileId: string): string;
+//# sourceMappingURL=amazon-dsp-auth-adapter.d.ts.map

package/dist/auth/amazon-dsp-auth-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"amazon-dsp-auth-adapter.d.ts","sourceRoot":"","sources":["../../src/auth/amazon-dsp-auth-adapter.ts"],"names":[],"mappings":"AAiBA,OAAO,EAML,wBAAwB,EACzB,MAAM,kBAAkB,CAAC;AAa1B,MAAM,WAAW,oBAAoB;IACnC,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AA4CD,qBAAa,2BAA4B,YAAW,oBAAoB;IAKpE,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAP5B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAM;gBAGF,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,MAA6C,EACtD,SAAS,GAAE,MAAW;IAGzC,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,QAAQ,IAAI,MAAM,CAErB;IAEK,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAIjC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAUhC;AAKD,MAAM,WAAW,2BAA2B;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB;AAMD,qBAAa,4BACX,SAAQ,wBAAwB,CAAC,2BAA2B,CAC5D,YAAW,oBAAoB;IAM7B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO;IAL1B,OAAO,CAAC,OAAO,CAAM;gBAGnB,WAAW,EAAE,2BAA2B,EACvB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,MAA6C;IAqCzE,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,QAAQ,IAAI,MAAM,CAErB;IAEK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAUhC;AAMD,wBAAgB,2CAA2C,CACzD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,2BAA2B,GAAG,SAAS,CAUzC;AAMD,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,MAAM,CAgBR;AAMD,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,MAAM,CAcR;AAKD,wBAAgB,iCAAiC,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEhG"}

package/dist/auth/amazon-dsp-auth-adapter.js

@@ -0,0 +1,126 @@
+import { extractHeader, fetchWithTimeout, fingerprintCredentials, JsonRpcErrorCode, McpError, OAuth2RefreshAdapterBase, } from "@cesteral/shared";
+async function fetchAmazonDspUserId(token, baseUrl, profileId, clientId) {
+    const response = await fetchWithTimeout(`${baseUrl}/dsp/advertisers?startIndex=0&count=1`, 10_000, undefined, {
+        method: "GET",
+        headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json",
+            ...(clientId && { "Amazon-Advertising-API-ClientId": clientId }),
+            "Amazon-Advertising-API-Scope": profileId,
+        },
+    });
+    if (!response.ok) {
+        const errorBody = await response.text().catch(() => "");
+        throw new McpError(JsonRpcErrorCode.Unauthorized, `AmazonDsp token validation HTTP error: ${response.status} ${response.statusText}. ${errorBody.substring(0, 200)}`);
+    }
+    const data = (await response.json());
+    return data.response?.[0]?.name ?? "unknown";
+}
+export class AmazonDspAccessTokenAdapter {
+    accessToken;
+    _profileId;
+    baseUrl;
+    _clientId;
+    validated = false;
+    _userId = "";
+    constructor(accessToken, _profileId, baseUrl = "https://advertising-api.amazon.com", _clientId = "") {
+        this.accessToken = accessToken;
+        this._profileId = _profileId;
+        this.baseUrl = baseUrl;
+        this._clientId = _clientId;
+    }
+    get userId() {
+        return this._userId;
+    }
+    get profileId() {
+        return this._profileId;
+    }
+    get clientId() {
+        return this._clientId;
+    }
+    async getAccessToken() {
+        return this.accessToken;
+    }
+    async validate() {
+        if (this.validated)
+            return;
+        this._userId = await fetchAmazonDspUserId(this.accessToken, this.baseUrl, this._profileId, this._clientId);
+        this.validated = true;
+    }
+}
+export class AmazonDspRefreshTokenAdapter extends OAuth2RefreshAdapterBase {
+    _profileId;
+    baseUrl;
+    _userId = "";
+    constructor(credentials, _profileId, baseUrl = "https://advertising-api.amazon.com") {
+        super({
+            platformName: "AmazonDsp",
+            credentials,
+            requestToken: async (refreshToken) => {
+                const response = await fetchWithTimeout("https://api.amazon.com/auth/o2/token", 10_000, undefined, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    body: new URLSearchParams({
+                        grant_type: "refresh_token",
+                        client_id: credentials.appId,
+                        client_secret: credentials.appSecret,
+                        refresh_token: refreshToken,
+                    }).toString(),
+                });
+                if (!response.ok) {
+                    const errorBody = await response.text().catch(() => "");
+                    throw new McpError(JsonRpcErrorCode.InternalError, `AmazonDsp token refresh failed: ${response.status} ${response.statusText}. ${errorBody.substring(0, 200)}`);
+                }
+                return (await response.json());
+            },
+        });
+        this._profileId = _profileId;
+        this.baseUrl = baseUrl;
+    }
+    get userId() {
+        return this._userId;
+    }
+    get profileId() {
+        return this._profileId;
+    }
+    get clientId() {
+        return this.credentials.appId;
+    }
+    async validate() {
+        const token = await this.getAccessToken();
+        this._userId = await fetchAmazonDspUserId(token, this.baseUrl, this._profileId, this.credentials.appId);
+    }
+}
+export function parseAmazonDspRefreshCredentialsFromHeaders(headers) {
+    const appId = extractHeader(headers, "x-amazondsp-app-id");
+    const appSecret = extractHeader(headers, "x-amazondsp-app-secret");
+    const refreshToken = extractHeader(headers, "x-amazondsp-refresh-token");
+    if (!appId || !appSecret || !refreshToken) {
+        return undefined;
+    }
+    return { appId, appSecret, refreshToken };
+}
+export function parseAmazonDspTokenFromHeaders(headers) {
+    const authHeader = extractHeader(headers, "authorization");
+    if (!authHeader) {
+        throw new McpError(JsonRpcErrorCode.Unauthorized, "Missing required Authorization header");
+    }
+    const match = authHeader.match(/^Bearer\s+(.+)$/i);
+    if (!match || !match[1]) {
+        throw new McpError(JsonRpcErrorCode.Unauthorized, "Authorization header must use Bearer scheme");
+    }
+    return match[1];
+}
+export function getAmazonDspProfileIdFromHeaders(headers) {
+    const profileId = extractHeader(headers, "amazon-advertising-api-scope") ??
+        extractHeader(headers, "Amazon-Advertising-API-Scope");
+    if (!profileId) {
+        throw new McpError(JsonRpcErrorCode.InvalidRequest, "Missing required Amazon-Advertising-API-Scope header (DSP entity ID / profile ID). " +
+            "Also ensure Amazon-Advertising-API-ClientId header is set.");
+    }
+    return profileId;
+}
+export function getAmazonDspCredentialFingerprint(accessToken, profileId) {
+    return fingerprintCredentials(accessToken, profileId);
+}
+//# sourceMappingURL=amazon-dsp-auth-adapter.js.map

package/dist/auth/amazon-dsp-auth-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"amazon-dsp-auth-adapter.js","sourceRoot":"","sources":["../../src/auth/amazon-dsp-auth-adapter.ts"],"names":[],"mappings":"AAiBA,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,gBAAgB,EAChB,QAAQ,EACR,wBAAwB,GACzB,MAAM,kBAAkB,CAAC;AA0B1B,KAAK,UAAU,oBAAoB,CACjC,KAAa,EACb,OAAe,EACf,SAAiB,EACjB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,GAAG,OAAO,uCAAuC,EACjD,MAAM,EACN,SAAS,EACT;QACE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,cAAc,EAAE,kBAAkB;YAClC,GAAG,CAAC,QAAQ,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,CAAC;YAChE,8BAA8B,EAAE,SAAS;SAC1C;KACF,CACF,CAAC;IAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,YAAY,EAC7B,0CAA0C,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACnH,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoC,CAAC;IACxE,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,SAAS,CAAC;AAC/C,CAAC;AAMD,MAAM,OAAO,2BAA2B;IAKnB;IACA;IACA;IACA;IAPX,SAAS,GAAG,KAAK,CAAC;IAClB,OAAO,GAAG,EAAE,CAAC;IAErB,YACmB,WAAmB,EACnB,UAAkB,EAClB,UAAkB,oCAAoC,EACtD,YAAoB,EAAE;QAHtB,gBAAW,GAAX,WAAW,CAAQ;QACnB,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAA+C;QACtD,cAAS,GAAT,SAAS,CAAa;IACtC,CAAC;IAEJ,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,oBAAoB,CACvC,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,CACf,CAAC;QACF,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;CACF;AAeD,MAAM,OAAO,4BACX,SAAQ,wBAAqD;IAO1C;IACA;IALX,OAAO,GAAG,EAAE,CAAC;IAErB,YACE,WAAwC,EACvB,UAAkB,EAClB,UAAkB,oCAAoC;QAEvE,KAAK,CAAC;YACJ,YAAY,EAAE,WAAW;YACzB,WAAW;YACX,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE;gBACnC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,sCAAsC,EACtC,MAAM,EACN,SAAS,EACT;oBACE,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;wBACxB,UAAU,EAAE,eAAe;wBAC3B,SAAS,EAAE,WAAW,CAAC,KAAK;wBAC5B,aAAa,EAAE,WAAW,CAAC,SAAS;wBACpC,aAAa,EAAE,YAAY;qBAC5B,CAAC,CAAC,QAAQ,EAAE;iBACd,CACF,CAAC;gBACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;oBACxD,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,aAAa,EAC9B,mCAAmC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAC5G,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAI5B,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;QAnCc,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAA+C;IAmCzE,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,QAAQ;QAEZ,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,IAAI,CAAC,OAAO,GAAG,MAAM,oBAAoB,CACvC,KAAK,EACL,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,CAAC,KAAK,CACvB,CAAC;IACJ,CAAC;CACF;AAMD,MAAM,UAAU,2CAA2C,CACzD,OAAsD;IAEtD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;IAEzE,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;AAC5C,CAAC;AAMD,MAAM,UAAU,8BAA8B,CAC5C,OAAsD;IAEtD,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAE3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,QAAQ,CAAC,gBAAgB,CAAC,YAAY,EAAE,uCAAuC,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACnD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,YAAY,EAC7B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAMD,MAAM,UAAU,gCAAgC,CAC9C,OAAsD;IAEtD,MAAM,SAAS,GACb,aAAa,CAAC,OAAO,EAAE,8BAA8B,CAAC;QACtD,aAAa,CAAC,OAAO,EAAE,8BAA8B,CAAC,CAAC;IAEzD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,cAAc,EAC/B,qFAAqF;YACnF,4DAA4D,CAC/D,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAKD,MAAM,UAAU,iCAAiC,CAAC,WAAmB,EAAE,SAAiB;IACtF,OAAO,sBAAsB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AACxD,CAAC"}

package/dist/auth/amazon-dsp-auth-strategy.d.ts

@@ -0,0 +1,14 @@
+import type { Logger } from "pino";
+import { BearerAuthStrategyBase, type BearerAdapterResult } from "@cesteral/shared";
+export declare class AmazonDspBearerAuthStrategy extends BearerAuthStrategyBase {
+    private readonly baseUrl;
+    protected readonly authType = "amazon-dsp-bearer";
+    protected readonly platformName = "AmazonDsp";
+    constructor(baseUrl: string, logger?: Logger);
+    private getClientIdFromHeaders;
+    protected resolveRefreshBranch(headers: Record<string, string | string[] | undefined>): Promise<BearerAdapterResult | null>;
+    protected resolveAccessBranch(headers: Record<string, string | string[] | undefined>): Promise<BearerAdapterResult>;
+    protected getRefreshFingerprint(headers: Record<string, string | string[] | undefined>): string | undefined;
+    protected getTokenFingerprint(headers: Record<string, string | string[] | undefined>): string;
+}
+//# sourceMappingURL=amazon-dsp-auth-strategy.d.ts.map

package/dist/auth/amazon-dsp-auth-strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"amazon-dsp-auth-strategy.d.ts","sourceRoot":"","sources":["../../src/auth/amazon-dsp-auth-strategy.ts"],"names":[],"mappings":"AAkBA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,EAAE,sBAAsB,EAAE,KAAK,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAWpF,qBAAa,2BAA4B,SAAQ,sBAAsB;IAKnE,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJ1B,SAAS,CAAC,QAAQ,CAAC,QAAQ,uBAAuB;IAClD,SAAS,CAAC,QAAQ,CAAC,YAAY,eAAe;gBAG3B,OAAO,EAAE,MAAM,EAChC,MAAM,CAAC,EAAE,MAAM;IAKjB,OAAO,CAAC,sBAAsB;cAMd,oBAAoB,CAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;cAmBtB,mBAAmB,CACjC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,OAAO,CAAC,mBAAmB,CAAC;IAgB/B,SAAS,CAAC,qBAAqB,CAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,MAAM,GAAG,SAAS;IAOrB,SAAS,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,MAAM;CAK9F"}

package/dist/auth/amazon-dsp-auth-strategy.js

@@ -0,0 +1,58 @@
+import { BearerAuthStrategyBase } from "@cesteral/shared";
+import { extractHeader } from "@cesteral/shared";
+import { AmazonDspAccessTokenAdapter, AmazonDspRefreshTokenAdapter, parseAmazonDspTokenFromHeaders, parseAmazonDspRefreshCredentialsFromHeaders, getAmazonDspProfileIdFromHeaders, getAmazonDspCredentialFingerprint, } from "./amazon-dsp-auth-adapter.js";
+export class AmazonDspBearerAuthStrategy extends BearerAuthStrategyBase {
+    baseUrl;
+    authType = "amazon-dsp-bearer";
+    platformName = "AmazonDsp";
+    constructor(baseUrl, logger) {
+        super(logger);
+        this.baseUrl = baseUrl;
+    }
+    getClientIdFromHeaders(headers) {
+        return extractHeader(headers, "amazon-advertising-api-clientid");
+    }
+    async resolveRefreshBranch(headers) {
+        const refreshCreds = parseAmazonDspRefreshCredentialsFromHeaders(headers);
+        if (!refreshCreds)
+            return null;
+        const profileId = getAmazonDspProfileIdFromHeaders(headers);
+        const clientId = this.getClientIdFromHeaders(headers) ?? refreshCreds.appId;
+        const adapter = new AmazonDspRefreshTokenAdapter(refreshCreds, profileId, this.baseUrl);
+        await adapter.validate();
+        return {
+            adapter,
+            fingerprint: getAmazonDspCredentialFingerprint(refreshCreds.appId, profileId),
+            userId: adapter.userId,
+            authFlow: "refresh-token",
+            logContext: { profileId, clientId },
+        };
+    }
+    async resolveAccessBranch(headers) {
+        const token = parseAmazonDspTokenFromHeaders(headers);
+        const profileId = getAmazonDspProfileIdFromHeaders(headers);
+        const clientId = this.getClientIdFromHeaders(headers);
+        const adapter = new AmazonDspAccessTokenAdapter(token, profileId, this.baseUrl, clientId);
+        await adapter.validate();
+        return {
+            adapter,
+            fingerprint: getAmazonDspCredentialFingerprint(token, profileId),
+            userId: adapter.userId,
+            authFlow: "static-token",
+            logContext: { profileId, clientId },
+        };
+    }
+    getRefreshFingerprint(headers) {
+        const refreshCreds = parseAmazonDspRefreshCredentialsFromHeaders(headers);
+        if (!refreshCreds)
+            return undefined;
+        const profileId = getAmazonDspProfileIdFromHeaders(headers);
+        return getAmazonDspCredentialFingerprint(refreshCreds.appId, profileId);
+    }
+    getTokenFingerprint(headers) {
+        const token = parseAmazonDspTokenFromHeaders(headers);
+        const profileId = getAmazonDspProfileIdFromHeaders(headers);
+        return getAmazonDspCredentialFingerprint(token, profileId);
+    }
+}
+//# sourceMappingURL=amazon-dsp-auth-strategy.js.map

package/dist/auth/amazon-dsp-auth-strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"amazon-dsp-auth-strategy.js","sourceRoot":"","sources":["../../src/auth/amazon-dsp-auth-strategy.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,sBAAsB,EAA4B,MAAM,kBAAkB,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,8BAA8B,EAC9B,2CAA2C,EAC3C,gCAAgC,EAChC,iCAAiC,GAClC,MAAM,8BAA8B,CAAC;AAEtC,MAAM,OAAO,2BAA4B,SAAQ,sBAAsB;IAKlD;IAJA,QAAQ,GAAG,mBAAmB,CAAC;IAC/B,YAAY,GAAG,WAAW,CAAC;IAE9C,YACmB,OAAe,EAChC,MAAe;QAEf,KAAK,CAAC,MAAM,CAAC,CAAC;QAHG,YAAO,GAAP,OAAO,CAAQ;IAIlC,CAAC;IAEO,sBAAsB,CAC5B,OAAsD;QAEtD,OAAO,aAAa,CAAC,OAAO,EAAE,iCAAiC,CAAC,CAAC;IACnE,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,OAAsD;QAEtD,MAAM,YAAY,GAAG,2CAA2C,CAAC,OAAO,CAAC,CAAC;QAC1E,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,SAAS,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC;QAC5E,MAAM,OAAO,GAAG,IAAI,4BAA4B,CAAC,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACxF,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;QAEzB,OAAO;YACL,OAAO;YAEP,WAAW,EAAE,iCAAiC,CAAC,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;YAC7E,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,eAAe;YACzB,UAAU,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;SACpC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,OAAsD;QAEtD,MAAM,KAAK,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,2BAA2B,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC1F,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;QAEzB,OAAO;YACL,OAAO;YACP,WAAW,EAAE,iCAAiC,CAAC,KAAK,EAAE,SAAS,CAAC;YAChE,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,cAAc;YACxB,UAAU,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;SACpC,CAAC;IACJ,CAAC;IAES,qBAAqB,CAC7B,OAAsD;QAEtD,MAAM,YAAY,GAAG,2CAA2C,CAAC,OAAO,CAAC,CAAC;QAC1E,IAAI,CAAC,YAAY;YAAE,OAAO,SAAS,CAAC;QACpC,MAAM,SAAS,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;QAC5D,OAAO,iCAAiC,CAAC,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAC1E,CAAC;IAES,mBAAmB,CAAC,OAAsD;QAClF,MAAM,KAAK,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;QAC5D,OAAO,iCAAiC,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAC7D,CAAC;CACF"}

package/dist/auth/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./amazon-dsp-auth-adapter.js";
+export * from "./amazon-dsp-auth-strategy.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAGA,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,3 @@
+export * from "./amazon-dsp-auth-adapter.js";
+export * from "./amazon-dsp-auth-strategy.js";
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAGA,cAAc,8BAA8B,CAAC;AAC7C,cAAc,+BAA+B,CAAC"}