@egain/egain-mcp-server 1.0.24 → 1.0.26

package/src/hooks/auth-hook.ts

@@ -346,6 +346,26 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
   }
 
 
+  /**
+   * Clean environment URL by removing protocol (https://, http://) and trailing slashes
+   * This ensures the domain_hint parameter works correctly
+   */
+  private cleanEnvironmentUrl(url: string | undefined): string | undefined {
+    if (!url) {
+      return url;
+    }
+    
+    let cleaned = url.trim();
+    
+    // Remove protocol (https:// or http://)
+    cleaned = cleaned.replace(/^https?:\/\//i, '');
+    
+    // Remove trailing slashes
+    cleaned = cleaned.replace(/\/+$/, '');
+    
+    return cleaned;
+  }
+
   /**
    * Save OAuth config to user's home directory (secure file storage)
    */
@@ -376,6 +396,15 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
       if (fs.existsSync(configPath)) {
         const configContent = fs.readFileSync(configPath, 'utf8');
         const config = JSON.parse(configContent) as AuthConfig;
+        // Clean environmentUrl if present
+        if (config.environmentUrl) {
+          const cleaned = this.cleanEnvironmentUrl(config.environmentUrl);
+          if (cleaned) {
+            config.environmentUrl = cleaned;
+          } else {
+            delete config.environmentUrl;
+          }
+        }
         console.error(`✅ Loaded config from: ${configPath}`);
         return config;
       }
@@ -421,9 +450,13 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
             
               switch (cleanKey) {
                 // New variable names (preferred)
-                case 'EGAIN_URL':
-                  config.environmentUrl = cleanValue;
+                case 'EGAIN_URL': {
+                  const cleaned = this.cleanEnvironmentUrl(cleanValue);
+                  if (cleaned) {
+                    config.environmentUrl = cleaned;
+                  }
                   break;
+                }
                 case 'CLIENT_ID':
                   config.clientId = cleanValue;
                   break;
@@ -441,9 +474,13 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
                   break;
                 
                 // Backward compatibility with old names
-                case 'EGAIN_ENVIRONMENT_URL':
-                  config.environmentUrl = cleanValue;
+                case 'EGAIN_ENVIRONMENT_URL': {
+                  const cleaned = this.cleanEnvironmentUrl(cleanValue);
+                  if (cleaned) {
+                    config.environmentUrl = cleaned;
+                  }
                   break;
+                }
                 case 'EGAIN_CLIENT_ID':
                   config.clientId = cleanValue;
                   break;
@@ -578,7 +615,7 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
       const queryString = urlParts.slice(1).join('?'); // Handle multiple ? characters
       existingParams = new URLSearchParams(queryString);
       
-      // Remove domain_hint if it exists (we'll add our own)
+      // Remove domain_hint if it exists (we'll add our own cleaned version)
       if (existingParams.has('domain_hint')) {
         existingParams.delete('domain_hint');
         console.error('🔧 Removed existing domain_hint from authorization URL');
@@ -588,8 +625,14 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
     const prefix = scopePrefix || '';
     const scope = `${prefix}knowledge.portalmgr.manage ${prefix}knowledge.portalmgr.read ${prefix}core.aiservices.read`;
     
-    // Add our parameters
-    existingParams.set('domain_hint', environmentUrl!.trim());
+    // Clean and validate environmentUrl before using it as domain_hint
+    const cleanedEnvironmentUrl = this.cleanEnvironmentUrl(environmentUrl);
+    if (!cleanedEnvironmentUrl) {
+      throw new Error('Environment URL is required');
+    }
+    
+    // Add our parameters (ensure domain_hint is clean and not duplicated)
+    existingParams.set('domain_hint', cleanedEnvironmentUrl);
     existingParams.set('client_id', clientId!.trim());
     existingParams.set('response_type', 'code');
     existingParams.set('redirect_uri', cleanRedirectUri);
@@ -1027,14 +1070,17 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
               }
               
               // Update authConfig from browser form data
+              const cleanedEnvUrl = this.cleanEnvironmentUrl(config.egainUrl);
               this.authConfig = {
-                environmentUrl: config.egainUrl,
                 authUrl: config.authUrl,
                 accessUrl: config.accessTokenUrl,
                 clientId: config.clientId,
                 redirectUri: config.redirectUrl,
                 scopePrefix: config.scopePrefix || undefined
               };
+              if (cleanedEnvUrl) {
+                this.authConfig.environmentUrl = cleanedEnvUrl;
+              }
               
               // Save config to secure file storage (home directory)
               try {
@@ -1874,50 +1920,61 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
           }
         }
         
-        // Check for error parameters - only throw if this is a new error URL
+        // Check for error parameters
         if (currentUrl && currentUrl.includes('error=')) {
-          if (currentUrl !== lastErrorUrl) {
+          const errorMatch = currentUrl.match(/[?&]error=([^&]+)/);
+          const errorDescMatch = currentUrl.match(/error_description=([^&]+)/);
+          const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : 'unknown_error';
+          const errorDesc = errorDescMatch && errorDescMatch[1] ? decodeURIComponent(errorDescMatch[1]) : 'No description';
+          
+          // Scope errors are configuration issues - stop monitoring and let user see error
+          // Username/password errors can be retried - continue monitoring
+          const errorLower = error.toLowerCase();
+          const errorDescLower = errorDesc.toLowerCase();
+          const isScopeError = error === 'invalid_scope' || errorDescLower.includes('scope') || errorLower.includes('scope');
+          const isRetryableError = error === 'access_denied' || error === 'invalid_grant' || 
+                                  errorDescLower.includes('password') || errorLower.includes('password') ||
+                                  errorDescLower.includes('username') || errorLower.includes('username') ||
+                                  errorDescLower.includes('credential') || errorLower.includes('credential') ||
+                                  errorLower.includes('user not found') || errorDescLower.includes('user not found');
+          
+          // Check if this is a new error URL (different error message)
+          const isNewError = currentUrl !== lastErrorUrl;
+          if (isNewError) {
             lastErrorUrl = currentUrl;
-            const errorMatch = currentUrl.match(/[?&]error=([^&]+)/);
-            const errorDescMatch = currentUrl.match(/error_description=([^&]+)/);
-            const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : 'unknown_error';
-            const errorDesc = errorDescMatch && errorDescMatch[1] ? decodeURIComponent(errorDescMatch[1]) : 'No description';
-            
-            // Scope errors are configuration issues - stop monitoring and let user see error
-            // Username/password errors can be retried - continue monitoring
-            const isScopeError = error === 'invalid_scope' || errorDesc.toLowerCase().includes('scope');
-            const isRetryableError = error === 'access_denied' || error === 'invalid_grant' || 
-                                    errorDesc.toLowerCase().includes('password') || 
-                                    errorDesc.toLowerCase().includes('username') ||
-                                    errorDesc.toLowerCase().includes('credential');
-            
-            // Log error only once
-            if (!oAuthErrorLogged) {
+          }
+          
+          // Always check error type - stop immediately if non-retryable, continue if retryable
+          if (isScopeError) {
+            // Scope errors are configuration issues - stop monitoring
+            if (!oAuthErrorLogged || isNewError) {
               console.error('❌ OAuth authentication error:', `${error} - ${errorDesc}`);
-              
-              if (isScopeError) {
-                console.error('💡 This is a configuration error. Please check your scope settings and close this window.');
-                console.error('🛑 Stopping monitoring - please fix the configuration and try again.');
-                oAuthErrorLogged = true;
-                // Stop monitoring for scope errors - user needs to fix config
-                this.stopConfigServer();
-                return; // Exit the monitoring loop
-              } else if (isRetryableError) {
-                console.error('💡 The configuration server will remain running. Please try again with correct credentials.');
-                console.error('🔍 Continuing to monitor browser for authorization code...');
-                oAuthErrorLogged = true;
-              } else {
-                // Unknown error type - be conservative and stop
-                console.error('💡 Please check the error message displayed in your browser and close the window.');
-                console.error('🛑 Stopping monitoring.');
-                oAuthErrorLogged = true;
-                this.stopConfigServer();
-                return; // Exit the monitoring loop
-              }
+              console.error('💡 This is a configuration error. Please check your scope settings and close this window.');
+              console.error('🛑 Stopping monitoring - please fix the configuration and try again.');
+              oAuthErrorLogged = true;
+            }
+            this.stopConfigServer();
+            return; // Exit the monitoring loop
+          } else if (!isRetryableError) {
+            // Unknown/non-retryable error type - stop monitoring
+            if (!oAuthErrorLogged || isNewError) {
+              console.error('❌ OAuth authentication error:', `${error} - ${errorDesc}`);
+              console.error('💡 Please check the error message displayed in your browser and close the window.');
+              console.error('🛑 Stopping monitoring.');
+              oAuthErrorLogged = true;
             }
-            // Continue monitoring silently for retryable errors - don't throw, just keep checking
+            this.stopConfigServer();
+            return; // Exit the monitoring loop
+          }
+          
+          // Retryable error - log each new error attempt so user knows what happened
+          if (isNewError) {
+            console.error('❌ OAuth authentication error:', `${error} - ${errorDesc}`);
+            console.error('💡 The configuration server will remain running. Please try again with correct credentials.');
+            console.error('🔍 Continuing to monitor browser for authorization code...');
+            oAuthErrorLogged = true;
           }
-          // If it's the same error URL, continue monitoring silently
+          // Continue monitoring silently for retryable errors - don't throw, just keep checking
         } else {
           // Reset error tracking if URL no longer contains error
           if (lastErrorUrl !== null) {