@frontmcp/auth 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__test-utils__/assertion.helpers.d.ts +2 -0
- package/__test-utils__/assertion.helpers.d.ts.map +1 -0
- package/authorization/authorization.class.d.ts +122 -0
- package/authorization/authorization.class.d.ts.map +1 -0
- package/authorization/authorization.types.d.ts +65 -1
- package/authorization/authorization.types.d.ts.map +1 -1
- package/authorization/index.d.ts +11 -2
- package/authorization/index.d.ts.map +1 -1
- package/authorization/orchestrated.accessor.d.ts +161 -0
- package/authorization/orchestrated.accessor.d.ts.map +1 -0
- package/authorization/orchestrated.authorization.d.ts +257 -0
- package/authorization/orchestrated.authorization.d.ts.map +1 -0
- package/authorization/public.authorization.d.ts +92 -0
- package/authorization/public.authorization.d.ts.map +1 -0
- package/authorization/transparent.authorization.d.ts +130 -0
- package/authorization/transparent.authorization.d.ts.map +1 -0
- package/common/auth-logger.interface.d.ts +15 -0
- package/common/auth-logger.interface.d.ts.map +1 -0
- package/common/index.d.ts +6 -0
- package/common/index.d.ts.map +1 -0
- package/common/jwt.types.d.ts +87 -0
- package/common/jwt.types.d.ts.map +1 -0
- package/common/session-user.types.d.ts +17 -0
- package/common/session-user.types.d.ts.map +1 -0
- package/common/session.types.d.ts +190 -0
- package/common/session.types.d.ts.map +1 -0
- package/common/zod-utils.d.ts +5 -0
- package/common/zod-utils.d.ts.map +1 -0
- package/consent/consent.types.d.ts +112 -0
- package/consent/consent.types.d.ts.map +1 -0
- package/consent/index.d.ts +2 -0
- package/consent/index.d.ts.map +1 -0
- package/detection/auth-provider-detection.d.ts +53 -0
- package/detection/auth-provider-detection.d.ts.map +1 -0
- package/detection/index.d.ts +3 -0
- package/detection/index.d.ts.map +1 -0
- package/errors/auth-internal.error.d.ts +33 -0
- package/errors/auth-internal.error.d.ts.map +1 -0
- package/errors/auth-internal.errors.d.ts +123 -0
- package/errors/auth-internal.errors.d.ts.map +1 -0
- package/errors/index.d.ts +3 -0
- package/errors/index.d.ts.map +1 -0
- package/esm/index.mjs +5473 -1204
- package/esm/package.json +18 -3
- package/index.d.ts +18 -5
- package/index.d.ts.map +1 -1
- package/index.js +5351 -961
- package/jwks/jwks.service.d.ts +1 -0
- package/jwks/jwks.service.d.ts.map +1 -1
- package/jwks/jwks.types.d.ts +3 -0
- package/jwks/jwks.types.d.ts.map +1 -1
- package/machine-id/index.d.ts +2 -0
- package/machine-id/index.d.ts.map +1 -0
- package/machine-id/machine-id.d.ts +28 -0
- package/machine-id/machine-id.d.ts.map +1 -0
- package/options/app-auth.schema.d.ts +272 -0
- package/options/app-auth.schema.d.ts.map +1 -0
- package/options/index.d.ts +15 -0
- package/options/index.d.ts.map +1 -0
- package/options/interfaces.d.ts +250 -0
- package/options/interfaces.d.ts.map +1 -0
- package/options/orchestrated.schema.d.ts +446 -0
- package/options/orchestrated.schema.d.ts.map +1 -0
- package/options/public.schema.d.ts +19 -0
- package/options/public.schema.d.ts.map +1 -0
- package/options/schema.d.ts +265 -0
- package/options/schema.d.ts.map +1 -0
- package/options/shared.schemas.d.ts +128 -0
- package/options/shared.schemas.d.ts.map +1 -0
- package/options/transparent.schema.d.ts +33 -0
- package/options/transparent.schema.d.ts.map +1 -0
- package/options/typecheck.d.ts +2 -0
- package/options/typecheck.d.ts.map +1 -0
- package/options/utils.d.ts +33 -0
- package/options/utils.d.ts.map +1 -0
- package/package.json +18 -3
- package/session/encrypted-authorization-vault.d.ts +182 -0
- package/session/encrypted-authorization-vault.d.ts.map +1 -0
- package/session/federated-auth.session.d.ts +252 -0
- package/session/federated-auth.session.d.ts.map +1 -0
- package/session/index.d.ts +21 -1
- package/session/index.d.ts.map +1 -1
- package/session/orchestrated-token.store.d.ts +155 -0
- package/session/orchestrated-token.store.d.ts.map +1 -0
- package/session/redis-session.store.d.ts +93 -0
- package/session/redis-session.store.d.ts.map +1 -0
- package/session/session-crypto.d.ts +84 -0
- package/session/session-crypto.d.ts.map +1 -0
- package/session/session-rate-limiter.d.ts +114 -0
- package/session/session-rate-limiter.d.ts.map +1 -0
- package/session/session.transport.d.ts +11 -0
- package/session/session.transport.d.ts.map +1 -0
- package/session/session.types.d.ts +66 -0
- package/session/session.types.d.ts.map +1 -0
- package/session/token.refresh.d.ts +61 -0
- package/session/token.refresh.d.ts.map +1 -0
- package/session/transport-session.types.d.ts +479 -0
- package/session/transport-session.types.d.ts.map +1 -0
- package/session/utils/auth-token.utils.d.ts +12 -0
- package/session/utils/auth-token.utils.d.ts.map +1 -0
- package/session/utils/index.d.ts +2 -0
- package/session/utils/index.d.ts.map +1 -1
- package/session/utils/session-crypto.utils.d.ts +30 -0
- package/session/utils/session-crypto.utils.d.ts.map +1 -0
- package/session/vercel-kv-session.store.d.ts +123 -0
- package/session/vercel-kv-session.store.d.ts.map +1 -0
- package/utils/authorization-id.utils.d.ts +12 -0
- package/utils/authorization-id.utils.d.ts.map +1 -0
- package/utils/index.d.ts +1 -0
- package/utils/index.d.ts.map +1 -1
- package/vault/auth-providers.accessor.d.ts +154 -0
- package/vault/auth-providers.accessor.d.ts.map +1 -0
- package/vault/auth-providers.accessor.impl.d.ts +54 -0
- package/vault/auth-providers.accessor.impl.d.ts.map +1 -0
- package/vault/auth-providers.registry.d.ts +111 -0
- package/vault/auth-providers.registry.d.ts.map +1 -0
- package/vault/auth-providers.types.d.ts +3 -3
- package/vault/auth-providers.vault.d.ts +94 -0
- package/vault/auth-providers.vault.d.ts.map +1 -0
- package/vault/credential-loaders/eager-loader.d.ts +47 -0
- package/vault/credential-loaders/eager-loader.d.ts.map +1 -0
- package/vault/credential-loaders/index.d.ts +7 -0
- package/vault/credential-loaders/index.d.ts.map +1 -0
- package/vault/credential-loaders/lazy-loader.d.ts +54 -0
- package/vault/credential-loaders/lazy-loader.d.ts.map +1 -0
- package/vault/index.d.ts +9 -0
- package/vault/index.d.ts.map +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assertion.helpers.d.ts","sourceRoot":"","sources":["../../src/__test-utils__/assertion.helpers.ts"],"names":[],"mappings":"AAAA,wBAAgB,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,IAAI,GAAG,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,CAAC,CAIlG"}
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
import { Authorization, AuthorizationCreateCtx, AuthorizedPrompt, AuthorizedTool, AuthUser, LLMSafeAuthContext, AuthMode } from './authorization.types';
|
|
2
|
+
import type { TransportSession, TransportProtocol } from '../session/transport-session.types';
|
|
3
|
+
import type { ProviderSnapshot } from '../session/session.types';
|
|
4
|
+
export { getMachineId } from '../machine-id';
|
|
5
|
+
/**
|
|
6
|
+
* Base Authorization class - represents authenticated user context
|
|
7
|
+
* Subclasses implement mode-specific behavior (Public, Transparent, Orchestrated)
|
|
8
|
+
*/
|
|
9
|
+
export declare abstract class AuthorizationBase implements Authorization {
|
|
10
|
+
#private;
|
|
11
|
+
readonly id: string;
|
|
12
|
+
abstract readonly mode: AuthMode;
|
|
13
|
+
readonly isAnonymous: boolean;
|
|
14
|
+
readonly user: AuthUser;
|
|
15
|
+
readonly claims?: Record<string, unknown>;
|
|
16
|
+
readonly expiresAt?: number;
|
|
17
|
+
readonly scopes: string[];
|
|
18
|
+
readonly authorizedProviders: Record<string, ProviderSnapshot>;
|
|
19
|
+
readonly authorizedProviderIds: string[];
|
|
20
|
+
readonly authorizedApps: Record<string, {
|
|
21
|
+
id: string;
|
|
22
|
+
toolIds: string[];
|
|
23
|
+
}>;
|
|
24
|
+
readonly authorizedAppIds: string[];
|
|
25
|
+
readonly authorizedTools: Record<string, AuthorizedTool>;
|
|
26
|
+
readonly authorizedToolIds: string[];
|
|
27
|
+
readonly authorizedPrompts: Record<string, AuthorizedPrompt>;
|
|
28
|
+
readonly authorizedPromptIds: string[];
|
|
29
|
+
readonly authorizedResources: string[];
|
|
30
|
+
/** The original bearer token (for transparent mode) */
|
|
31
|
+
protected readonly token?: string;
|
|
32
|
+
/** Creation timestamp */
|
|
33
|
+
readonly createdAt: number;
|
|
34
|
+
protected constructor(ctx: AuthorizationCreateCtx);
|
|
35
|
+
/**
|
|
36
|
+
* Create a new transport session for this authorization
|
|
37
|
+
* @param protocol - Transport protocol (sse, streamable-http, etc.)
|
|
38
|
+
* @param fingerprint - Optional client fingerprint for tracking
|
|
39
|
+
*/
|
|
40
|
+
createTransportSession(protocol: TransportProtocol, fingerprint?: string): TransportSession;
|
|
41
|
+
/**
|
|
42
|
+
* Get existing transport session by ID
|
|
43
|
+
*/
|
|
44
|
+
getTransportSession(sessionId: string): TransportSession | undefined;
|
|
45
|
+
/**
|
|
46
|
+
* Get all active transport sessions
|
|
47
|
+
*/
|
|
48
|
+
getAllSessions(): TransportSession[];
|
|
49
|
+
/**
|
|
50
|
+
* Remove a transport session
|
|
51
|
+
*/
|
|
52
|
+
removeTransportSession(sessionId: string): boolean;
|
|
53
|
+
/**
|
|
54
|
+
* Get count of active sessions
|
|
55
|
+
*/
|
|
56
|
+
get sessionCount(): number;
|
|
57
|
+
/**
|
|
58
|
+
* Abstract: Get access token for a provider
|
|
59
|
+
* Implementation varies by mode:
|
|
60
|
+
* - Public: throws (no tokens)
|
|
61
|
+
* - Transparent: returns the original bearer token
|
|
62
|
+
* - Orchestrated: retrieves from vault/store
|
|
63
|
+
*/
|
|
64
|
+
abstract getToken(providerId?: string): Promise<string>;
|
|
65
|
+
/**
|
|
66
|
+
* Check if a scope is granted
|
|
67
|
+
*/
|
|
68
|
+
hasScope(scope: string): boolean;
|
|
69
|
+
/**
|
|
70
|
+
* Check if all scopes are granted
|
|
71
|
+
*/
|
|
72
|
+
hasAllScopes(scopes: string[]): boolean;
|
|
73
|
+
/**
|
|
74
|
+
* Check if any scope is granted
|
|
75
|
+
*/
|
|
76
|
+
hasAnyScope(scopes: string[]): boolean;
|
|
77
|
+
/**
|
|
78
|
+
* Check if a tool is authorized
|
|
79
|
+
*/
|
|
80
|
+
canAccessTool(toolId: string): boolean;
|
|
81
|
+
/**
|
|
82
|
+
* Check if a prompt is authorized
|
|
83
|
+
*/
|
|
84
|
+
canAccessPrompt(promptId: string): boolean;
|
|
85
|
+
/**
|
|
86
|
+
* Check if an app is authorized.
|
|
87
|
+
* Used for progressive authorization to determine if tools from this app can be executed.
|
|
88
|
+
* @param appId - App ID to check
|
|
89
|
+
*/
|
|
90
|
+
isAppAuthorized(appId: string): boolean;
|
|
91
|
+
/**
|
|
92
|
+
* Build URL for progressive/incremental authorization.
|
|
93
|
+
* Used when a tool requires authorization for an app that was skipped during initial auth.
|
|
94
|
+
* @param appId - App ID that requires authorization
|
|
95
|
+
* @param baseUrl - Base URL of the server
|
|
96
|
+
*/
|
|
97
|
+
getProgressiveAuthUrl(appId: string, baseUrl: string): string;
|
|
98
|
+
/**
|
|
99
|
+
* Check if the authorization is expired
|
|
100
|
+
*/
|
|
101
|
+
isExpired(): boolean;
|
|
102
|
+
/**
|
|
103
|
+
* Get time until expiration in milliseconds
|
|
104
|
+
* Returns undefined if no expiration, negative if expired
|
|
105
|
+
*/
|
|
106
|
+
getTimeToExpiry(): number | undefined;
|
|
107
|
+
/**
|
|
108
|
+
* Convert a transport session to encrypted session JWT
|
|
109
|
+
* This is what gets sent in the Mcp-Session-Id header
|
|
110
|
+
*/
|
|
111
|
+
toSessionJwt(session: TransportSession): string;
|
|
112
|
+
/**
|
|
113
|
+
* Convert to LLM-safe context (no tokens exposed)
|
|
114
|
+
*/
|
|
115
|
+
toLLMSafeContext(session: TransportSession): LLMSafeAuthContext;
|
|
116
|
+
/**
|
|
117
|
+
* Validate that no tokens are leaked in data
|
|
118
|
+
* Throws if JWT pattern detected
|
|
119
|
+
*/
|
|
120
|
+
static validateNoTokenLeakage(data: unknown): void;
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=authorization.class.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorization.class.d.ts","sourceRoot":"","sources":["../../src/authorization/authorization.class.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,cAAc,EACd,QAAQ,EACR,kBAAkB,EAClB,QAAQ,EACT,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAqB,MAAM,oCAAoC,CAAC;AACjH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAMjE,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C;;;GAGG;AACH,8BAAsB,iBAAkB,YAAW,aAAa;;IAC9D,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACjC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC/D,QAAQ,CAAC,qBAAqB,EAAE,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC3E,QAAQ,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACzD,QAAQ,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IACrC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC7D,QAAQ,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IACvC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAEvC,uDAAuD;IACvD,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAKlC,yBAAyB;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,SAAS,aAAa,GAAG,EAAE,sBAAsB;IAsBjD;;;;OAIG;IACH,sBAAsB,CAAC,QAAQ,EAAE,iBAAiB,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,gBAAgB;IAiB3F;;OAEG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAIpE;;OAEG;IACH,cAAc,IAAI,gBAAgB,EAAE;IAIpC;;OAEG;IACH,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED;;;;;;OAMG;IACH,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAEvD;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO;IAIvC;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO;IAItC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAItC;;OAEG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI1C;;;;OAIG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIvC;;;;;OAKG;IACH,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM;IAI7D;;OAEG;IACH,SAAS,IAAI,OAAO;IAKpB;;;OAGG;IACH,eAAe,IAAI,MAAM,GAAG,SAAS;IAKrC;;;OAGG;IACH,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM;IAY/C;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,GAAG,kBAAkB;IAgB/D;;;OAGG;IACH,MAAM,CAAC,sBAAsB,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;CAcnD"}
|
|
@@ -5,6 +5,8 @@
|
|
|
5
5
|
* These types are portable and can be used across different implementations.
|
|
6
6
|
*/
|
|
7
7
|
import { z } from 'zod';
|
|
8
|
+
import type { ProviderSnapshot } from '../session/session.types';
|
|
9
|
+
import type { TransportSession, TransportProtocol } from '../session/transport-session.types';
|
|
8
10
|
/**
|
|
9
11
|
* Authentication mode determining how tokens are handled
|
|
10
12
|
*/
|
|
@@ -198,7 +200,7 @@ export declare const progressiveAuthStateSchema: z.ZodObject<{
|
|
|
198
200
|
initiallySkipped: z.ZodArray<z.ZodString>;
|
|
199
201
|
}, z.core.$strip>;
|
|
200
202
|
/**
|
|
201
|
-
* Context for creating an authorization
|
|
203
|
+
* Context for creating an authorization
|
|
202
204
|
*/
|
|
203
205
|
export interface AuthorizationCreateCtx {
|
|
204
206
|
/** Unique ID (typically token signature fingerprint) */
|
|
@@ -215,6 +217,10 @@ export interface AuthorizationCreateCtx {
|
|
|
215
217
|
scopes?: string[];
|
|
216
218
|
/** The original token (for transparent mode) */
|
|
217
219
|
token?: string;
|
|
220
|
+
/** Authorized providers */
|
|
221
|
+
authorizedProviders?: Record<string, ProviderSnapshot>;
|
|
222
|
+
/** Authorized provider IDs */
|
|
223
|
+
authorizedProviderIds?: string[];
|
|
218
224
|
/** Authorized apps */
|
|
219
225
|
authorizedApps?: Record<string, {
|
|
220
226
|
id: string;
|
|
@@ -233,4 +239,62 @@ export interface AuthorizationCreateCtx {
|
|
|
233
239
|
/** Authorized resources */
|
|
234
240
|
authorizedResources?: string[];
|
|
235
241
|
}
|
|
242
|
+
/**
|
|
243
|
+
* Authorization represents the authenticated user context.
|
|
244
|
+
* Created from JWT verification, independent of transport.
|
|
245
|
+
* One authorization can have multiple transport sessions.
|
|
246
|
+
*/
|
|
247
|
+
export interface Authorization {
|
|
248
|
+
/** Unique authorization ID (derived from token signature) */
|
|
249
|
+
readonly id: string;
|
|
250
|
+
/** Auth mode that created this authorization */
|
|
251
|
+
readonly mode: AuthMode;
|
|
252
|
+
/** Whether this is an anonymous/public authorization */
|
|
253
|
+
readonly isAnonymous: boolean;
|
|
254
|
+
/** User identity */
|
|
255
|
+
readonly user: AuthUser;
|
|
256
|
+
/** JWT claims */
|
|
257
|
+
readonly claims?: Record<string, unknown>;
|
|
258
|
+
/** Token expiration (epoch ms) */
|
|
259
|
+
readonly expiresAt?: number;
|
|
260
|
+
/** Granted scopes */
|
|
261
|
+
readonly scopes: string[];
|
|
262
|
+
/** Authorized providers (for orchestrated mode) */
|
|
263
|
+
readonly authorizedProviders: Record<string, ProviderSnapshot>;
|
|
264
|
+
/** Authorized provider IDs */
|
|
265
|
+
readonly authorizedProviderIds: string[];
|
|
266
|
+
/** Authorized apps */
|
|
267
|
+
readonly authorizedApps: Record<string, {
|
|
268
|
+
id: string;
|
|
269
|
+
toolIds: string[];
|
|
270
|
+
}>;
|
|
271
|
+
/** Authorized app IDs */
|
|
272
|
+
readonly authorizedAppIds: string[];
|
|
273
|
+
/** Authorized tools */
|
|
274
|
+
readonly authorizedTools: Record<string, AuthorizedTool>;
|
|
275
|
+
/** Authorized tool IDs */
|
|
276
|
+
readonly authorizedToolIds: string[];
|
|
277
|
+
/** Authorized prompts */
|
|
278
|
+
readonly authorizedPrompts: Record<string, AuthorizedPrompt>;
|
|
279
|
+
/** Authorized prompt IDs */
|
|
280
|
+
readonly authorizedPromptIds: string[];
|
|
281
|
+
/** Authorized resources */
|
|
282
|
+
readonly authorizedResources: string[];
|
|
283
|
+
/** Get access token for a provider (orchestrated mode) */
|
|
284
|
+
getToken(providerId?: string): Promise<string>;
|
|
285
|
+
/** Create a new transport session for this authorization */
|
|
286
|
+
createTransportSession(protocol: TransportProtocol, fingerprint?: string): TransportSession;
|
|
287
|
+
/** Get existing transport session by ID */
|
|
288
|
+
getTransportSession(sessionId: string): TransportSession | undefined;
|
|
289
|
+
/** Check if a scope is granted */
|
|
290
|
+
hasScope(scope: string): boolean;
|
|
291
|
+
/** Check if all scopes are granted */
|
|
292
|
+
hasAllScopes(scopes: string[]): boolean;
|
|
293
|
+
/** Check if any scope is granted */
|
|
294
|
+
hasAnyScope(scopes: string[]): boolean;
|
|
295
|
+
/** Check if a tool is authorized */
|
|
296
|
+
canAccessTool(toolId: string): boolean;
|
|
297
|
+
/** Check if a prompt is authorized */
|
|
298
|
+
canAccessPrompt(promptId: string): boolean;
|
|
299
|
+
}
|
|
236
300
|
//# sourceMappingURL=authorization.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.types.d.ts","sourceRoot":"","sources":["../../src/authorization/authorization.types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization.types.d.ts","sourceRoot":"","sources":["../../src/authorization/authorization.types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAM9F;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,aAAa,GAAG,cAAc,CAAC;AAEjE;;GAEG;AACH,eAAO,MAAM,cAAc;;;;EAAoD,CAAC;AAMhF;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,yBAAyB;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;iBAMzB,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;iBAI/B,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wCAAwC;IACxC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACjD,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;iBAIjC,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uBAAuB;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB;IAChB,IAAI,EAAE,QAAQ,CAAC;IACf,wBAAwB;IACxB,WAAW,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACrC,qBAAqB;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,0BAA0B;IAC1B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,4BAA4B;IAC5B,mBAAmB,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;iBAYnC,CAAC;AAMH;;;GAGG;AACH,oBAAY,YAAY;IACtB,uDAAuD;IACvD,UAAU,eAAe;IACzB,2DAA2D;IAC3D,OAAO,YAAY;IACnB,+DAA+D;IAC/D,OAAO,YAAY;CACpB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,gCAA6B,CAAC;AAE7D;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,aAAa;IACb,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,KAAK,EAAE,YAAY,CAAC;IACpB,iDAAiD;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,kCAAkC;IAClC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yDAAyD;IACzD,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;iBAOvC,CAAC;AAEH;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IAC7C,0CAA0C;IAC1C,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;iBAIrC,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,wDAAwD;IACxD,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB;IACpB,IAAI,EAAE,QAAQ,CAAC;IACf,iBAAiB;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,gDAAgD;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACvD,8BAA8B;IAC9B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnE,yBAAyB;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,uBAAuB;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACjD,0BAA0B;IAC1B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,yBAAyB;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACrD,4BAA4B;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,2BAA2B;IAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC;AAMD;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,oBAAoB;IACpB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,iBAAiB;IACjB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,kCAAkC;IAClC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAC1B,mDAAmD;IACnD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC/D,8BAA8B;IAC9B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,EAAE,CAAC;IACzC,sBAAsB;IACtB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC3E,yBAAyB;IACzB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IACpC,uBAAuB;IACvB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACzD,0BAA0B;IAC1B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IACrC,yBAAyB;IACzB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC7D,4BAA4B;IAC5B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IACvC,2BAA2B;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IACvC,0DAA0D;IAC1D,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/C,4DAA4D;IAC5D,sBAAsB,CAAC,QAAQ,EAAE,iBAAiB,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAAC;IAC5F,2CAA2C;IAC3C,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAAC;IACrE,kCAAkC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,sCAAsC;IACtC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACxC,oCAAoC;IACpC,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACvC,oCAAoC;IACpC,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IACvC,sCAAsC;IACtC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;CAC5C"}
|
package/authorization/index.d.ts
CHANGED
|
@@ -1,9 +1,18 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Authorization Module
|
|
3
3
|
*
|
|
4
|
-
* Core types
|
|
4
|
+
* Core types, base class, and mode-specific implementations for authorization.
|
|
5
5
|
*/
|
|
6
|
-
export type { AuthMode, AuthUser, AuthorizedTool, AuthorizedPrompt, LLMSafeAuthContext, AppAuthorizationRecord, ProgressiveAuthState, AuthorizationCreateCtx, } from './authorization.types';
|
|
6
|
+
export type { AuthMode, AuthUser, AuthorizedTool, AuthorizedPrompt, LLMSafeAuthContext, AppAuthorizationRecord, ProgressiveAuthState, AuthorizationCreateCtx, Authorization, } from './authorization.types';
|
|
7
7
|
export { AppAuthState } from './authorization.types';
|
|
8
8
|
export { authModeSchema, authUserSchema, authorizedToolSchema, authorizedPromptSchema, llmSafeAuthContextSchema, appAuthStateSchema, appAuthorizationRecordSchema, progressiveAuthStateSchema, } from './authorization.types';
|
|
9
|
+
export { AuthorizationBase, getMachineId } from './authorization.class';
|
|
10
|
+
export { PublicAuthorization } from './public.authorization';
|
|
11
|
+
export type { PublicAuthorizationCreateCtx } from './public.authorization';
|
|
12
|
+
export { TransparentAuthorization } from './transparent.authorization';
|
|
13
|
+
export type { TransparentAuthorizationCreateCtx, TransparentVerifiedPayload } from './transparent.authorization';
|
|
14
|
+
export { OrchestratedAuthorization } from './orchestrated.authorization';
|
|
15
|
+
export type { OrchestratedAuthorizationCreateCtx, OrchestratedProviderState, TokenStore as OrchestratedTokenStore, TokenRefreshCallback, } from './orchestrated.authorization';
|
|
16
|
+
export type { OrchestratedAuthAccessor } from './orchestrated.accessor';
|
|
17
|
+
export { OrchestratedAuthAccessorAdapter, NullOrchestratedAuthAccessor, ORCHESTRATED_AUTH_ACCESSOR, } from './orchestrated.accessor';
|
|
9
18
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authorization/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authorization/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,aAAa,GACd,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,EACxB,kBAAkB,EAClB,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,YAAY,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AAE3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAEjH,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzE,YAAY,EACV,kCAAkC,EAClC,yBAAyB,EACzB,UAAU,IAAI,sBAAsB,EACpC,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAGtC,YAAY,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EACL,+BAA+B,EAC/B,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OrchestratedAuthAccessor - Interface for accessing orchestrated authorization
|
|
3
|
+
*
|
|
4
|
+
* This interface provides the runtime API for tools to access upstream provider
|
|
5
|
+
* tokens in orchestrated mode. It supports:
|
|
6
|
+
* - Token retrieval by provider ID
|
|
7
|
+
* - App token retrieval for progressive auth
|
|
8
|
+
* - Automatic token refresh
|
|
9
|
+
* - Authorization checks
|
|
10
|
+
*/
|
|
11
|
+
import { Token } from '@frontmcp/di';
|
|
12
|
+
/**
|
|
13
|
+
* OrchestratedAuthAccessor - Runtime accessor for orchestrated authorization.
|
|
14
|
+
*
|
|
15
|
+
* Available in tool execution via `this.orchestration`:
|
|
16
|
+
* ```typescript
|
|
17
|
+
* @Tool({ name: 'my_tool' })
|
|
18
|
+
* class MyTool extends ToolContext {
|
|
19
|
+
* async execute(input: Input) {
|
|
20
|
+
* // Get upstream provider token
|
|
21
|
+
* const githubToken = await this.orchestration.getToken('github');
|
|
22
|
+
*
|
|
23
|
+
* // Check if provider is authorized
|
|
24
|
+
* const hasSlack = await this.orchestration.hasProvider('slack');
|
|
25
|
+
*
|
|
26
|
+
* // Get app-specific token (progressive auth)
|
|
27
|
+
* const jiraToken = await this.orchestration.getAppToken('jira');
|
|
28
|
+
* }
|
|
29
|
+
* }
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
32
|
+
export interface OrchestratedAuthAccessor {
|
|
33
|
+
/**
|
|
34
|
+
* Get access token for an upstream provider.
|
|
35
|
+
*
|
|
36
|
+
* @param providerId - Provider ID (e.g., 'github', 'slack')
|
|
37
|
+
* @returns Access token string
|
|
38
|
+
* @throws Error if provider not authorized or token unavailable
|
|
39
|
+
*
|
|
40
|
+
* @example
|
|
41
|
+
* ```typescript
|
|
42
|
+
* const token = await this.orchestration.getToken('github');
|
|
43
|
+
* const response = await fetch('https://api.github.com/user', {
|
|
44
|
+
* headers: { Authorization: `Bearer ${token}` },
|
|
45
|
+
* });
|
|
46
|
+
* ```
|
|
47
|
+
*/
|
|
48
|
+
getToken(providerId?: string): Promise<string>;
|
|
49
|
+
/**
|
|
50
|
+
* Try to get access token, returning null if not available.
|
|
51
|
+
*
|
|
52
|
+
* @param providerId - Provider ID
|
|
53
|
+
* @returns Access token or null
|
|
54
|
+
*/
|
|
55
|
+
tryGetToken(providerId?: string): Promise<string | null>;
|
|
56
|
+
/**
|
|
57
|
+
* Get access token for a specific app (progressive authorization).
|
|
58
|
+
*
|
|
59
|
+
* @param appId - App ID
|
|
60
|
+
* @returns Access token or null if app not authorized
|
|
61
|
+
*/
|
|
62
|
+
getAppToken(appId: string): Promise<string | null>;
|
|
63
|
+
/**
|
|
64
|
+
* Check if a provider is authorized.
|
|
65
|
+
*
|
|
66
|
+
* @param providerId - Provider ID
|
|
67
|
+
* @returns true if provider has tokens stored
|
|
68
|
+
*/
|
|
69
|
+
hasProvider(providerId: string): boolean;
|
|
70
|
+
/**
|
|
71
|
+
* Get all authorized provider IDs.
|
|
72
|
+
*/
|
|
73
|
+
getProviderIds(): string[];
|
|
74
|
+
/**
|
|
75
|
+
* Check if an app is authorized.
|
|
76
|
+
*
|
|
77
|
+
* @param appId - App ID
|
|
78
|
+
* @returns true if app is authorized
|
|
79
|
+
*/
|
|
80
|
+
isAppAuthorized(appId: string): boolean;
|
|
81
|
+
/**
|
|
82
|
+
* Get all authorized app IDs.
|
|
83
|
+
*/
|
|
84
|
+
getAllAuthorizedAppIds(): string[];
|
|
85
|
+
/**
|
|
86
|
+
* Get tool IDs authorized through a specific app.
|
|
87
|
+
*
|
|
88
|
+
* @param appId - App ID
|
|
89
|
+
* @returns Tool IDs or undefined if app not authorized
|
|
90
|
+
*/
|
|
91
|
+
getAppToolIds(appId: string): string[] | undefined;
|
|
92
|
+
/**
|
|
93
|
+
* Get the primary provider ID (default for getToken).
|
|
94
|
+
*/
|
|
95
|
+
readonly primaryProviderId?: string;
|
|
96
|
+
/**
|
|
97
|
+
* Get the issuer (local orchestrator).
|
|
98
|
+
*/
|
|
99
|
+
readonly issuer?: string;
|
|
100
|
+
/**
|
|
101
|
+
* Get authorization ID.
|
|
102
|
+
*/
|
|
103
|
+
readonly authorizationId: string;
|
|
104
|
+
/**
|
|
105
|
+
* Check if user is authenticated (not anonymous).
|
|
106
|
+
*/
|
|
107
|
+
readonly isAuthenticated: boolean;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* DI Token for OrchestratedAuthAccessor
|
|
111
|
+
*/
|
|
112
|
+
export declare const ORCHESTRATED_AUTH_ACCESSOR: Token<OrchestratedAuthAccessor>;
|
|
113
|
+
/**
|
|
114
|
+
* Null implementation for when orchestrated auth is not available.
|
|
115
|
+
*/
|
|
116
|
+
export declare class NullOrchestratedAuthAccessor implements OrchestratedAuthAccessor {
|
|
117
|
+
readonly primaryProviderId: undefined;
|
|
118
|
+
readonly issuer: undefined;
|
|
119
|
+
readonly authorizationId = "null";
|
|
120
|
+
readonly isAuthenticated = false;
|
|
121
|
+
getToken(providerId?: string): Promise<string>;
|
|
122
|
+
tryGetToken(providerId?: string): Promise<string | null>;
|
|
123
|
+
getAppToken(appId: string): Promise<string | null>;
|
|
124
|
+
hasProvider(providerId: string): boolean;
|
|
125
|
+
getProviderIds(): string[];
|
|
126
|
+
isAppAuthorized(appId: string): boolean;
|
|
127
|
+
getAllAuthorizedAppIds(): string[];
|
|
128
|
+
getAppToolIds(appId: string): string[] | undefined;
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Adapter that wraps OrchestratedAuthorization as OrchestratedAuthAccessor.
|
|
132
|
+
*/
|
|
133
|
+
export declare class OrchestratedAuthAccessorAdapter implements OrchestratedAuthAccessor {
|
|
134
|
+
private readonly authorization;
|
|
135
|
+
constructor(authorization: {
|
|
136
|
+
readonly id: string;
|
|
137
|
+
readonly isAnonymous: boolean;
|
|
138
|
+
readonly primaryProviderId?: string;
|
|
139
|
+
readonly issuer?: string;
|
|
140
|
+
hasProvider(providerId: string): boolean;
|
|
141
|
+
getProviderIds(): string[];
|
|
142
|
+
getToken(providerId?: string): Promise<string>;
|
|
143
|
+
getAppToken(appId: string): Promise<string | null>;
|
|
144
|
+
isAppAuthorized(appId: string): boolean;
|
|
145
|
+
getAllAuthorizedAppIds(): string[];
|
|
146
|
+
getAppToolIds(appId: string): string[] | undefined;
|
|
147
|
+
});
|
|
148
|
+
get primaryProviderId(): string | undefined;
|
|
149
|
+
get issuer(): string | undefined;
|
|
150
|
+
get authorizationId(): string;
|
|
151
|
+
get isAuthenticated(): boolean;
|
|
152
|
+
getToken(providerId?: string): Promise<string>;
|
|
153
|
+
tryGetToken(providerId?: string): Promise<string | null>;
|
|
154
|
+
getAppToken(appId: string): Promise<string | null>;
|
|
155
|
+
hasProvider(providerId: string): boolean;
|
|
156
|
+
getProviderIds(): string[];
|
|
157
|
+
isAppAuthorized(appId: string): boolean;
|
|
158
|
+
getAllAuthorizedAppIds(): string[];
|
|
159
|
+
getAppToolIds(appId: string): string[] | undefined;
|
|
160
|
+
}
|
|
161
|
+
//# sourceMappingURL=orchestrated.accessor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"orchestrated.accessor.d.ts","sourceRoot":"","sources":["../../src/authorization/orchestrated.accessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAGrC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE/C;;;;;OAKG;IACH,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzD;;;;;OAKG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEnD;;;;;OAKG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;IAEzC;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE,CAAC;IAE3B;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IAExC;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE,CAAC;IAEnC;;;;;OAKG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;IAEnD;;OAEG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAEpC;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEzB;;OAEG;IACH,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAEjC;;OAEG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAElC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAErC;;GAEG;AACH,qBAAa,4BAA6B,YAAW,wBAAwB;IAC3E,QAAQ,CAAC,iBAAiB,YAAa;IACvC,QAAQ,CAAC,MAAM,YAAa;IAC5B,QAAQ,CAAC,eAAe,UAAU;IAClC,QAAQ,CAAC,eAAe,SAAS;IAE3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI9C,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC,cAAc,IAAI,MAAM,EAAE;IAI1B,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIvC,sBAAsB,IAAI,MAAM,EAAE;IAIlC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;CAGnD;AAED;;GAEG;AACH,qBAAa,+BAAgC,YAAW,wBAAwB;IAE5E,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAAb,aAAa,EAAE;QAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;QACzC,cAAc,IAAI,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QACnD,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QACxC,sBAAsB,IAAI,MAAM,EAAE,CAAC;QACnC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;KACpD;IAGH,IAAI,iBAAiB,IAAI,MAAM,GAAG,SAAS,CAE1C;IAED,IAAI,MAAM,IAAI,MAAM,GAAG,SAAS,CAE/B;IAED,IAAI,eAAe,IAAI,MAAM,CAE5B;IAED,IAAI,eAAe,IAAI,OAAO,CAE7B;IAEK,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI9C,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAQxD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC,cAAc,IAAI,MAAM,EAAE;IAI1B,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIvC,sBAAsB,IAAI,MAAM,EAAE;IAIlC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;CAGnD"}
|