@corbat-tech/coco 2.25.6 → 2.25.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +14 -8
- package/dist/cli/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli/index.js
CHANGED
|
@@ -21110,7 +21110,7 @@ async function authenticateMcpOAuth(params) {
|
|
|
21110
21110
|
const resource = canonicalizeResourceUrl(params.resourceUrl);
|
|
21111
21111
|
const store = await loadStore2();
|
|
21112
21112
|
const stored = store.tokens[getResourceKey(resource)];
|
|
21113
|
-
if (stored && !isTokenExpired2(stored)) {
|
|
21113
|
+
if (stored && !params.forceRefresh && !isTokenExpired2(stored)) {
|
|
21114
21114
|
return stored.accessToken;
|
|
21115
21115
|
}
|
|
21116
21116
|
if (!process.stdout.isTTY) {
|
|
@@ -21135,7 +21135,7 @@ async function authenticateMcpOAuth(params) {
|
|
|
21135
21135
|
authorizationMetadata = await discoverAuthorizationServerMetadata(resource);
|
|
21136
21136
|
}
|
|
21137
21137
|
authorizationServer = authorizationServer ?? authorizationMetadata.issuer ?? new URL(resource).origin;
|
|
21138
|
-
if (stored &&
|
|
21138
|
+
if (stored && stored.refreshToken && stored.clientId && (params.forceRefresh || isTokenExpired2(stored))) {
|
|
21139
21139
|
try {
|
|
21140
21140
|
const refreshed = await refreshAccessToken2({
|
|
21141
21141
|
tokenEndpoint: authorizationMetadata.token_endpoint,
|
|
@@ -21280,18 +21280,22 @@ var init_http = __esm({
|
|
|
21280
21280
|
}
|
|
21281
21281
|
return true;
|
|
21282
21282
|
}
|
|
21283
|
-
async ensureOAuthToken(wwwAuthenticateHeader) {
|
|
21284
|
-
if (this.oauthToken) {
|
|
21283
|
+
async ensureOAuthToken(wwwAuthenticateHeader, options) {
|
|
21284
|
+
if (this.oauthToken && !options?.forceRefresh) {
|
|
21285
21285
|
return this.oauthToken;
|
|
21286
21286
|
}
|
|
21287
21287
|
if (this.oauthInFlight) {
|
|
21288
21288
|
return this.oauthInFlight;
|
|
21289
21289
|
}
|
|
21290
21290
|
const serverName = this.config.name ?? this.config.url;
|
|
21291
|
+
if (options?.forceRefresh) {
|
|
21292
|
+
this.oauthToken = void 0;
|
|
21293
|
+
}
|
|
21291
21294
|
this.oauthInFlight = authenticateMcpOAuth({
|
|
21292
21295
|
serverName,
|
|
21293
21296
|
resourceUrl: this.config.url,
|
|
21294
|
-
wwwAuthenticateHeader
|
|
21297
|
+
wwwAuthenticateHeader,
|
|
21298
|
+
forceRefresh: options?.forceRefresh
|
|
21295
21299
|
}).then((token) => {
|
|
21296
21300
|
this.oauthToken = token;
|
|
21297
21301
|
return token;
|
|
@@ -21315,14 +21319,14 @@ var init_http = __esm({
|
|
|
21315
21319
|
}
|
|
21316
21320
|
return response;
|
|
21317
21321
|
}
|
|
21318
|
-
await this.ensureOAuthToken(response.headers.get("www-authenticate"));
|
|
21322
|
+
await this.ensureOAuthToken(response.headers.get("www-authenticate"), { forceRefresh: true });
|
|
21319
21323
|
response = await doFetch();
|
|
21320
21324
|
return response;
|
|
21321
21325
|
}
|
|
21322
21326
|
looksLikeAuthErrorMessage(message) {
|
|
21323
21327
|
if (!message) return false;
|
|
21324
21328
|
const msg = message.toLowerCase();
|
|
21325
|
-
const hasStrongAuthSignal = msg.includes("unauthorized") || msg.includes("unauthorised") || msg.includes("authentication") || msg.includes("oauth") || msg.includes("access token") || msg.includes("bearer") || msg.includes("not authenticated") || msg.includes("not logged") || msg.includes("login") || msg.includes("generate") && msg.includes("token");
|
|
21329
|
+
const hasStrongAuthSignal = msg.includes("unauthorized") || msg.includes("unauthorised") || msg.includes("authentication") || msg.includes("oauth") || msg.includes("access token") || msg.includes("invalid_token") || msg.includes("invalid token") || msg.includes("token expired") || msg.includes("bearer") || msg.includes("not authenticated") || msg.includes("not logged") || msg.includes("login") || msg.includes("generate") && msg.includes("token");
|
|
21326
21330
|
const hasVendorHint = msg.includes("gemini cli") || msg.includes("jira") || msg.includes("confluence") || msg.includes("atlassian");
|
|
21327
21331
|
const hasWeakAuthSignal = msg.includes("authenticate") || msg.includes("token") || msg.includes("authorization");
|
|
21328
21332
|
return hasStrongAuthSignal || // Vendor-specific hints alone are not enough; require an auth-related token too.
|
|
@@ -21396,7 +21400,9 @@ var init_http = __esm({
|
|
|
21396
21400
|
}
|
|
21397
21401
|
const data = await response.json();
|
|
21398
21402
|
if (this.shouldAttemptOAuth() && this.isJsonRpcAuthError(data)) {
|
|
21399
|
-
await this.ensureOAuthToken(response.headers.get("www-authenticate")
|
|
21403
|
+
await this.ensureOAuthToken(response.headers.get("www-authenticate"), {
|
|
21404
|
+
forceRefresh: true
|
|
21405
|
+
});
|
|
21400
21406
|
const retryResponse = await this.sendRequestWithOAuthRetry(
|
|
21401
21407
|
"POST",
|
|
21402
21408
|
JSON.stringify(message),
|