@frontmcp/sdk 0.7.2 → 0.8.0

package/auth/flows/session.verify.flow.d.ts

@@ -53,6 +53,10 @@ declare const stateSchema: z.ZodObject<{
                 "generic-mcp": "generic-mcp";
                 "ext-apps": "ext-apps";
             }>>;
+            clientName: z.ZodOptional<z.ZodString>;
+            clientVersion: z.ZodOptional<z.ZodString>;
+            supportsElicitation: z.ZodOptional<z.ZodBoolean>;
+            skillsOnlyMode: z.ZodOptional<z.ZodBoolean>;
         }, z.core.$strip>>;
     }, z.core.$strip>>;
 }, z.core.$strip>;
@@ -89,6 +93,10 @@ export declare const sessionVerifyOutputSchema: z.ZodUnion<readonly [z.ZodObject
                     "generic-mcp": "generic-mcp";
                     "ext-apps": "ext-apps";
                 }>>;
+                clientName: z.ZodOptional<z.ZodString>;
+                clientVersion: z.ZodOptional<z.ZodString>;
+                supportsElicitation: z.ZodOptional<z.ZodBoolean>;
+                skillsOnlyMode: z.ZodOptional<z.ZodBoolean>;
             }, z.core.$strip>>;
         }, z.core.$strip>>;
         user: z.ZodObject<{

package/auth/flows/session.verify.flow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session.verify.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/session.verify.flow.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,QAAQ,EACR,cAAc,EAaf,MAAM,cAAc,CAAC;AACtB,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,QAAA,MAAM,WAAW;;iBAAyB,CAAC;AAE3C,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAYf,CAAC;AAgBH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAAkD,CAAC;AAEzF,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,gBAAgB,EAAE,cAAc,CAC9B,iBAAiB,EACjB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,yBAAyB,EAChC,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,gBAAyB,CAAC;AAyBvC,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAClE;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAmExB,UAAU;IAwChB;;;;;;;OAOG;IAEG,gBAAgB;IAsBtB;;;OAGG;IAUG,uBAAuB;IA2BvB,+BAA+B;IAOrC;;;;;;;OAOG;IAEG,WAAW;IA0DX,UAAU;IAIhB;;;;;OAKG;IAEG,kBAAkB;IAalB,qBAAqB;CAe5B"}
+{"version":3,"file":"session.verify.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/session.verify.flow.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,QAAQ,EACR,cAAc,EAaf,MAAM,cAAc,CAAC;AACtB,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,QAAA,MAAM,WAAW;;iBAAyB,CAAC;AAE3C,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAYf,CAAC;AAgBH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAAkD,CAAC;AAEzF,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,gBAAgB,EAAE,cAAc,CAC9B,iBAAiB,EACjB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,yBAAyB,EAChC,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,gBAAyB,CAAC;AAyBvC,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAClE;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAmExB,UAAU;IAwChB;;;;;;;OAOG;IAEG,gBAAgB;IAsBtB;;;OAGG;IAUG,uBAAuB;IA2BvB,+BAA+B;IAOrC;;;;;;;OAOG;IAEG,WAAW;IAqEX,UAAU;IAIhB;;;;;OAKG;IAEG,kBAAkB;IAalB,qBAAqB;CAe5B"}

package/auth/flows/well-known.jwks.flow.d.ts

@@ -23,8 +23,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;
@@ -44,8 +44,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;
@@ -64,8 +64,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;

package/auth/flows/well-known.oauth-authorization-server.flow.d.ts

@@ -47,8 +47,8 @@ export declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;
@@ -68,8 +68,8 @@ export declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;
@@ -86,6 +86,7 @@ export declare const wellKnownAsStateSchema: z.ZodObject<{
     }>>>;
     dcrEnabled: z.ZodDefault<z.ZodBoolean>;
     isOrchestrated: z.ZodBoolean;
+    cimdEnabled: z.ZodDefault<z.ZodBoolean>;
 }, z.core.$strip>;
 declare const wellKnownAsPlan: {
     readonly pre: ["parseInput"];

package/auth/flows/well-known.oauth-authorization-server.flow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"well-known.oauth-authorization-server.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/well-known.oauth-authorization-server.flow.ts"],"names":[],"mappings":"AACA,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAKL,QAAQ,EACR,cAAc,EACd,UAAU,EACV,aAAa,EAMd,MAAM,cAAc,CAAC;AAEtB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AA4BpC,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAA0E,CAAC;AAEpG,eAAO,MAAM,sBAAsB;;;;;;;;;;iBAQjC,CAAC;AAEH,QAAA,MAAM,eAAe;;;CAGgB,CAAC;AAEtC,KAAK,eAAe,GAAG,OAAO,eAAe,CAAC;AAC9C,KAAK,sBAAsB,GAAG,cAAc,CAC1C,eAAe,EACf,eAAe,EACf,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,sBAAsB,CAC9B,CAAC;AAEF,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,uCAAuC,EAAE,sBAAsB,CAAC;KACjE;CACF;AAED,QAAA,MAAM,IAAI,EAAG,uCAAgD,CAAC;AAa9D,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAChE,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU;IAKtD,UAAU;IAiBV,WAAW;CA4BlB"}
+{"version":3,"file":"well-known.oauth-authorization-server.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/well-known.oauth-authorization-server.flow.ts"],"names":[],"mappings":"AACA,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAKL,QAAQ,EACR,cAAc,EACd,UAAU,EACV,aAAa,EAOd,MAAM,cAAc,CAAC;AAEtB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AA4BpC,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAA0E,CAAC;AAEpG,eAAO,MAAM,sBAAsB;;;;;;;;;;;iBAUjC,CAAC;AAEH,QAAA,MAAM,eAAe;;;CAGgB,CAAC;AAEtC,KAAK,eAAe,GAAG,OAAO,eAAe,CAAC;AAC9C,KAAK,sBAAsB,GAAG,cAAc,CAC1C,eAAe,EACf,eAAe,EACf,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,sBAAsB,CAC9B,CAAC;AAEF,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,uCAAuC,EAAE,sBAAsB,CAAC;KACjE;CACF;AAED,QAAA,MAAM,IAAI,EAAG,uCAAgD,CAAC;AAa9D,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAChE,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU;IAKtD,UAAU;IA0BV,WAAW;CA+BlB"}

package/auth/flows/well-known.prm.flow.d.ts

@@ -25,8 +25,8 @@ declare const outputSchema: z.ZodObject<{
         httpOnly: z.ZodDefault<z.ZodBoolean>;
         secure: z.ZodOptional<z.ZodBoolean>;
         sameSite: z.ZodOptional<z.ZodEnum<{
-            lax: "lax";
             strict: "strict";
+            lax: "lax";
             none: "none";
         }>>;
         maxAge: z.ZodOptional<z.ZodNumber>;

package/auth/instances/instance.local-primary-auth.d.ts

@@ -2,7 +2,9 @@ import { URL } from 'url';
 import { FrontMcpAuth, FrontMcpLogger, ScopeEntry, ServerRequest, JWK } from '../../common';
 import { PublicAuthOptions, OrchestratedLocalOptions, OrchestratedRemoteOptions } from '../../common/types/options/auth';
 import ProviderRegistry from '../../provider/provider.registry';
-import { AuthorizationStore } from '../session/authorization.store';
+import { AuthorizationStore } from '@frontmcp/auth';
+import { type FederatedAuthSessionStore } from '../session';
+import { TokenStore } from '../authorization/orchestrated.authorization';
 /**
  * Options type for LocalPrimaryAuth - can be public, orchestrated local, or orchestrated remote
  */
@@ -37,6 +39,42 @@ export interface ConsentMetadata {
     consentEnabled?: boolean;
     federatedLoginUsed?: boolean;
 }
+/**
+ * Extended token response from upstream providers (includes id_token)
+ */
+export interface UpstreamTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+    id_token?: string;
+}
+/**
+ * Provider configuration for upstream OAuth providers
+ */
+export interface UpstreamProviderConfig {
+    /** Provider ID */
+    id: string;
+    /** Display name */
+    name: string;
+    /** Authorization endpoint */
+    authorizationEndpoint: string;
+    /** Token endpoint */
+    tokenEndpoint: string;
+    /** User info endpoint (optional) */
+    userInfoEndpoint?: string;
+    /** JWKS URI for ID token validation (optional) */
+    jwksUri?: string;
+    /** Client ID */
+    clientId: string;
+    /** Client secret (for confidential clients) */
+    clientSecret?: string;
+    /** Default scopes to request */
+    scopes: string[];
+    /** Callback URL for this provider */
+    callbackUrl: string;
+}
 export declare class LocalPrimaryAuth extends FrontMcpAuth<LocalPrimaryAuthOptions> {
     private scope;
     private providers;
@@ -48,6 +86,13 @@ export declare class LocalPrimaryAuth extends FrontMcpAuth<LocalPrimaryAuthOptio
     readonly logger: FrontMcpLogger;
     readonly authorizationStore: AuthorizationStore;
     private jwks;
+    private cimdService;
+    /** Federated auth session store for multi-provider flows */
+    readonly federatedSessionStore: FederatedAuthSessionStore;
+    /** Token store for upstream provider tokens */
+    readonly orchestratedTokenStore: TokenStore;
+    /** Provider configurations (indexed by provider ID) */
+    private readonly providerConfigs;
     /** Default access token TTL (1 hour) */
     private readonly accessTokenTtlSeconds;
     /** Default refresh token TTL (30 days) */
@@ -99,10 +144,52 @@ export declare class LocalPrimaryAuth extends FrontMcpAuth<LocalPrimaryAuthOptio
         skippedProviderIds?: string[];
         consentEnabled?: boolean;
         federatedLoginUsed?: boolean;
+        pendingAuthId?: string;
     }): Promise<string>;
     protected initialize(): Promise<void>;
     fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
     validate(request: ServerRequest): Promise<void>;
     private registerAuthFlows;
+    /**
+     * Register an upstream OAuth provider configuration
+     */
+    registerProvider(config: UpstreamProviderConfig): void;
+    /**
+     * Get provider configuration
+     */
+    getProviderConfig(providerId: string): UpstreamProviderConfig | undefined;
+    /**
+     * Build OAuth authorize URL for an upstream provider
+     */
+    buildProviderAuthorizeUrl(providerId: string, params: {
+        state: string;
+        codeChallenge: string;
+        codeChallengeMethod: 'S256';
+        scopes?: string[];
+    }): Promise<string | null>;
+    /**
+     * Exchange authorization code with upstream provider for tokens
+     */
+    exchangeProviderCode(providerId: string, code: string, codeVerifier?: string): Promise<UpstreamTokenResponse | {
+        error: string;
+        error_description: string;
+    }>;
+    /**
+     * Get user info from upstream provider
+     */
+    getProviderUserInfo(providerId: string, accessToken: string, idToken?: string): Promise<{
+        sub: string;
+        email?: string;
+        name?: string;
+        picture?: string;
+        claims?: Record<string, unknown>;
+    }>;
+    /**
+     * Refresh tokens from upstream provider
+     */
+    refreshProviderToken(providerId: string, refreshToken: string): Promise<UpstreamTokenResponse | {
+        error: string;
+        error_description: string;
+    }>;
 }
 //# sourceMappingURL=instance.local-primary-auth.d.ts.map

package/auth/instances/instance.local-primary-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"instance.local-primary-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/instances/instance.local-primary-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAE1B,OAAO,EAAE,YAAY,EAAE,cAAc,EAAiB,UAAU,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,yBAAyB,EAI1B,MAAM,iCAAiC,CAAC;AACzC,OAAO,gBAAgB,MAAM,kCAAkC,CAAC;AAUhE,OAAO,EACL,kBAAkB,EAInB,MAAM,gCAAgC,CAAC;AAExC;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG,wBAAwB,GAAG,yBAAyB,CAAC;AAI/G;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,qBAAa,gBAAiB,SAAQ,YAAY,CAAC,uBAAuB,CAAC;IA0B7D,OAAO,CAAC,KAAK;IAAc,OAAO,CAAC,SAAS;IAzBxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,GAAG,EAAE,CAAM;IAC1B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IAChD,OAAO,CAAC,IAAI,CAAqB;IAEjC,wCAAwC;IACxC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAQ;IAC9C,0CAA0C;IAC1C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAEzD;;;OAGG;IACH,OAAO,CAAC,gBAAgB;gBAOJ,KAAK,EAAE,UAAU,EAAU,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB;IAoB5G;;OAEG;IACH,OAAO,CAAC,YAAY;IAmBd,gBAAgB;IAUtB;;OAEG;IACG,eAAe,CACnB,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,MAAM,CAAC;IA0ClB;;OAEG;IACG,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,aAAa,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IA8FxE;;OAEG;IACG,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IA2CxE;;OAEG;IACG,uBAAuB,CAAC,MAAM,EAAE;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;KAC9B,GAAG,OAAO,CAAC,MAAM,CAAC;cA0BH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAgBlC,KAAK,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAItE,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;YAI1C,iBAAiB;CAchC"}
+{"version":3,"file":"instance.local-primary-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/instances/instance.local-primary-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAE1B,OAAO,EAAE,YAAY,EAAE,cAAc,EAAiB,UAAU,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAC3G,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,yBAAyB,EAI1B,MAAM,iCAAiC,CAAC;AACzC,OAAO,gBAAgB,MAAM,kCAAkC,CAAC;AAShE,OAAO,EAEL,kBAAkB,EAInB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAGL,KAAK,yBAAyB,EAC/B,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,MAAM,6CAA6C,CAAC;AAGzE;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG,wBAAwB,GAAG,yBAAyB,CAAC;AAI/G;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,oCAAoC;IACpC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,gBAAiB,SAAQ,YAAY,CAAC,uBAAuB,CAAC;IAqCvE,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,SAAS;IArCnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,GAAG,EAAE,CAAM;IAC1B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IAChD,OAAO,CAAC,IAAI,CAAqB;IACjC,OAAO,CAAC,WAAW,CAA0B;IAE7C,4DAA4D;IAC5D,QAAQ,CAAC,qBAAqB,EAAE,yBAAyB,CAAC;IAE1D,+CAA+C;IAC/C,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC;IAE5C,uDAAuD;IACvD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA6C;IAE7E,wCAAwC;IACxC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAQ;IAC9C,0CAA0C;IAC1C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAEzD;;;OAGG;IACH,OAAO,CAAC,gBAAgB;gBAQd,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,gBAAgB,EACnC,OAAO,EAAE,uBAAuB;IAiClC;;OAEG;IACH,OAAO,CAAC,YAAY;IAmBd,gBAAgB;IAUtB;;OAEG;IACG,eAAe,CACnB,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,EACjB,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,MAAM,CAAC;IA0ClB;;OAEG;IACG,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,aAAa,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IA+GxE;;OAEG;IACG,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IA2CxE;;OAEG;IACG,uBAAuB,CAAC,MAAM,EAAE;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAE7B,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,GAAG,OAAO,CAAC,MAAM,CAAC;cA4BH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA6BlC,KAAK,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAItE,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;YAI1C,iBAAiB;IAoB/B;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,IAAI;IAKtD;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,sBAAsB,GAAG,SAAS;IAIzE;;OAEG;IACG,yBAAyB,CAC7B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;QACtB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,GACA,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAwBzB;;OAEG;IACG,oBAAoB,CACxB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IA6DhF;;OAEG;IACG,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IAsD9G;;OAEG;IACG,oBAAoB,CACxB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,qBAAqB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;CA8CjF"}

package/auth/machine-id.d.ts

@@ -1,3 +1,17 @@
+/**
+ * Machine ID Utility
+ *
+ * Single source of truth for the machine ID used across session management.
+ *
+ * Configuration Priority:
+ * 1. MACHINE_ID environment variable (highest priority, recommended for production)
+ * 2. File persistence in dev mode (.frontmcp/machine-id)
+ * 3. Random UUID (ephemeral, invalidates sessions on restart)
+ *
+ * For distributed deployments with Redis session storage, set MACHINE_ID
+ * to the same value across all instances to allow session portability,
+ * or use unique values per instance to enforce session affinity.
+ */
 /**
  * Get the current machine ID.
  * This value is stable for the lifetime of the process.

package/auth/machine-id.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"machine-id.d.ts","sourceRoot":"","sources":["../../src/auth/machine-id.ts"],"names":[],"mappings":"AAuBA;;;GAGG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC"}
+{"version":3,"file":"machine-id.d.ts","sourceRoot":"","sources":["../../src/auth/machine-id.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;GAaG;AA4GH;;;GAGG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC"}

package/auth/session/encrypted-authorization-vault.d.ts

@@ -23,8 +23,7 @@
  * ```
  */
 import { z } from 'zod';
-import { VaultEncryption } from './vault-encryption';
-import { AuthorizationVault, AuthorizationVaultEntry, AppCredential, VaultConsentRecord, VaultFederatedRecord, PendingIncrementalAuth } from './authorization-vault';
+import { VaultEncryption, AuthorizationVault, AuthorizationVaultEntry, AppCredential, VaultConsentRecord, VaultFederatedRecord, PendingIncrementalAuth } from '@frontmcp/auth';
 /**
  * What we store in Redis - minimal metadata + encrypted blob
  */
@@ -54,7 +53,7 @@ export type RedisVaultEntry = z.infer<typeof redisVaultEntrySchema>;
  */
 export interface EncryptionContext {
     /** Encryption key derived from JWT */
-    key: Buffer;
+    key: Uint8Array;
     /** Vault ID (from JWT jti claim) */
     vaultId: string;
 }

package/auth/session/encrypted-authorization-vault.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encrypted-authorization-vault.d.ts","sourceRoot":"","sources":["../../../src/auth/session/encrypted-authorization-vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,eAAe,EAA0D,MAAM,oBAAoB,CAAC;AAC7G,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EAEvB,MAAM,uBAAuB,CAAC;AAM/B;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;iBAuBhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAMpE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,sCAAsC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;CACjB;AAYD;;;;;;;GAOG;AACH,qBAAa,mBAAoB,YAAW,kBAAkB;IAG1D,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,KAAK,EAAE,GAAG,EACV,UAAU,EAAE,eAAe,EAC3B,SAAS,SAAW;IAGvC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACH,OAAO,CAAC,MAAM;IASd;;OAEG;IACH,OAAO,CAAC,QAAQ;IAIhB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAIxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAIxB;;OAEG;IACH,OAAO,CAAC,YAAY;IAoBpB;;OAEG;IACH,OAAO,CAAC,YAAY;IAuBpB;;OAEG;YACW,SAAS;IAKvB;;OAEG;YACW,SAAS;IAiBjB,MAAM,CAAC,MAAM,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,SAAS,CAAC,EAAE,oBAAoB,CAAC;QACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsB9B,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IAWxD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAU5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAS1E,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY3D,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GACA,OAAO,CAAC,sBAAsB,CAAC;IA0B5B,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAe9F,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB1E,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWxE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAajE,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA0BnE,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAa3E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUtF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAU3E,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAQhG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,UAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAgBrF,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,GAAG,SAAS,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC,CAAC,GAC3G,OAAO,CAAC,IAAI,CAAC;IAaV,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAgB3F,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvG,sBAAsB,CAC1B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,IAAI,CAAC;IAwBV,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAK/B;AAMD;;GAEG;AACH,wBAAgB,oBAAoB,CAElC,KAAK,EAAE,GAAG,EACV,MAAM,GAAE;IACN,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL;IAAE,KAAK,EAAE,mBAAmB,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAK7D"}
+{"version":3,"file":"encrypted-authorization-vault.d.ts","sourceRoot":"","sources":["../../../src/auth/session/encrypted-authorization-vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EACL,eAAe,EAIf,kBAAkB,EAClB,uBAAuB,EACvB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EAEvB,MAAM,gBAAgB,CAAC;AAMxB;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;iBAuBhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAMpE;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,sCAAsC;IACtC,GAAG,EAAE,UAAU,CAAC;IAChB,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;CACjB;AAYD;;;;;;;GAOG;AACH,qBAAa,mBAAoB,YAAW,kBAAkB;IAG1D,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,KAAK,EAAE,GAAG,EACV,UAAU,EAAE,eAAe,EAC3B,SAAS,SAAW;IAGvC;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACH,OAAO,CAAC,MAAM;IASd;;OAEG;IACH,OAAO,CAAC,QAAQ;IAIhB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;YACW,gBAAgB;IAI9B;;OAEG;YACW,gBAAgB;IAI9B;;OAEG;YACW,YAAY;IAoB1B;;OAEG;YACW,YAAY;IAuB1B;;OAEG;YACW,SAAS;IAKvB;;OAEG;YACW,SAAS;IAiBjB,MAAM,CAAC,MAAM,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,SAAS,CAAC,EAAE,oBAAoB,CAAC;QACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsB9B,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IAWxD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAU5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAS1E,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY3D,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GACA,OAAO,CAAC,sBAAsB,CAAC;IA0B5B,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAe9F,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB1E,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWxE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAajE,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA0BnE,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAa3E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUtF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAU3E,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAQhG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,UAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAgBrF,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,GAAG,SAAS,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC,CAAC,GAC3G,OAAO,CAAC,IAAI,CAAC;IAaV,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAgB3F,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvG,sBAAsB,CAC1B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,IAAI,CAAC;IAwBV,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAK/B;AAMD;;GAEG;AACH,wBAAgB,oBAAoB,CAElC,KAAK,EAAE,GAAG,EACV,MAAM,GAAE;IACN,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL;IAAE,KAAK,EAAE,mBAAmB,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAK7D"}

package/auth/session/federated-auth.session.d.ts

@@ -0,0 +1,252 @@
+/**
+ * Federated Auth Session
+ *
+ * Manages state during multi-provider OAuth flows where a user needs to
+ * authenticate with multiple upstream OAuth providers sequentially.
+ *
+ * Flow:
+ * 1. User selects providers on federated login page
+ * 2. System stores FederatedAuthSession with provider queue
+ * 3. User is redirected to first provider's OAuth authorize endpoint
+ * 4. After provider callback, tokens are stored and next provider is processed
+ * 5. When all providers complete, FrontMCP JWT is issued
+ */
+/**
+ * PKCE data for upstream provider OAuth flow
+ */
+export interface ProviderPkce {
+    /** Code verifier (used in token exchange) */
+    verifier: string;
+    /** Code challenge (sent to authorize endpoint) */
+    challenge: string;
+    /** Challenge method (always S256) */
+    method: 'S256';
+}
+/**
+ * Token data received from an upstream provider
+ */
+export interface ProviderTokens {
+    /** Access token */
+    accessToken: string;
+    /** Refresh token (if provided) */
+    refreshToken?: string;
+    /** Token expiration (epoch ms) */
+    expiresAt?: number;
+    /** Token type (usually 'Bearer') */
+    tokenType?: string;
+    /** Granted scopes */
+    scopes?: string[];
+    /** ID token (for OIDC providers) */
+    idToken?: string;
+}
+/**
+ * User info from an upstream provider
+ */
+export interface ProviderUserInfo {
+    /** Subject identifier from provider */
+    sub: string;
+    /** User email */
+    email?: string;
+    /** Display name */
+    name?: string;
+    /** Profile picture URL */
+    picture?: string;
+    /** Additional claims */
+    claims?: Record<string, unknown>;
+}
+/**
+ * Completed provider entry in the federated session
+ */
+export interface CompletedProvider {
+    /** Provider ID */
+    providerId: string;
+    /** OAuth tokens from the provider */
+    tokens: ProviderTokens;
+    /** User info from the provider */
+    userInfo?: ProviderUserInfo;
+    /** Timestamp when provider auth completed */
+    completedAt: number;
+}
+/**
+ * Federated Auth Session state
+ *
+ * Stored during multi-provider OAuth flow to track progress
+ */
+export interface FederatedAuthSession {
+    /** Unique session ID */
+    id: string;
+    /** Original pending auth ID (from /oauth/authorize request) */
+    pendingAuthId: string;
+    /** Client ID that initiated the auth flow */
+    clientId: string;
+    /** Redirect URI for final callback */
+    redirectUri: string;
+    /** Requested scopes for FrontMCP token */
+    scopes: string[];
+    /** Original state parameter from client */
+    state?: string;
+    /** Resource/audience for final token */
+    resource?: string;
+    /** User info (email, name) from initial login form */
+    userInfo: {
+        email?: string;
+        name?: string;
+        sub?: string;
+    };
+    /** PKCE challenge for final FrontMCP token exchange */
+    frontmcpPkce: {
+        challenge: string;
+        method: 'S256';
+    };
+    /** Queue of provider IDs remaining to auth */
+    providerQueue: string[];
+    /** Map of completed providers with their tokens */
+    completedProviders: Map<string, CompletedProvider>;
+    /** Providers that user declined/skipped */
+    skippedProviders: string[];
+    /** Currently active provider (being authenticated) */
+    currentProviderId?: string;
+    /** PKCE data for current provider's OAuth flow */
+    currentProviderPkce?: ProviderPkce;
+    /** State parameter for current provider's OAuth flow */
+    currentProviderState?: string;
+    /** Session creation timestamp */
+    createdAt: number;
+    /** Session expiration timestamp */
+    expiresAt: number;
+}
+/**
+ * Serializable version of FederatedAuthSession for storage
+ */
+export interface FederatedAuthSessionRecord {
+    id: string;
+    pendingAuthId: string;
+    clientId: string;
+    redirectUri: string;
+    scopes: string[];
+    state?: string;
+    resource?: string;
+    userInfo: {
+        email?: string;
+        name?: string;
+        sub?: string;
+    };
+    frontmcpPkce: {
+        challenge: string;
+        method: 'S256';
+    };
+    providerQueue: string[];
+    completedProviders: Array<[string, CompletedProvider]>;
+    skippedProviders: string[];
+    currentProviderId?: string;
+    currentProviderPkce?: ProviderPkce;
+    currentProviderState?: string;
+    createdAt: number;
+    expiresAt: number;
+}
+/**
+ * Federated Auth Session Store Interface
+ */
+export interface FederatedAuthSessionStore {
+    /** Store a federated auth session */
+    store(session: FederatedAuthSession): Promise<void>;
+    /** Get a federated auth session by ID */
+    get(id: string): Promise<FederatedAuthSession | null>;
+    /** Delete a federated auth session */
+    delete(id: string): Promise<void>;
+    /** Update a federated auth session */
+    update(session: FederatedAuthSession): Promise<void>;
+}
+/**
+ * Convert FederatedAuthSession to serializable record
+ */
+export declare function toSessionRecord(session: FederatedAuthSession): FederatedAuthSessionRecord;
+/**
+ * Convert serializable record back to FederatedAuthSession
+ */
+export declare function fromSessionRecord(record: FederatedAuthSessionRecord): FederatedAuthSession;
+/**
+ * Parameters for creating a federated auth session
+ */
+export interface FederatedAuthSessionCreateParams {
+    pendingAuthId: string;
+    clientId: string;
+    redirectUri: string;
+    scopes: string[];
+    state?: string;
+    resource?: string;
+    userInfo: {
+        email?: string;
+        name?: string;
+        sub?: string;
+    };
+    frontmcpPkce: {
+        challenge: string;
+        method: 'S256';
+    };
+    providerIds: string[];
+}
+/**
+ * In-Memory Federated Auth Session Store
+ *
+ * Development/testing implementation for federated auth session storage.
+ */
+export declare class InMemoryFederatedAuthSessionStore implements FederatedAuthSessionStore {
+    private readonly sessions;
+    /** Default TTL for sessions (15 minutes) */
+    private readonly sessionTtlMs;
+    /** Cleanup interval timer */
+    private cleanupTimer?;
+    constructor();
+    store(session: FederatedAuthSession): Promise<void>;
+    get(id: string): Promise<FederatedAuthSession | null>;
+    delete(id: string): Promise<void>;
+    update(session: FederatedAuthSession): Promise<void>;
+    /**
+     * Clean up expired sessions
+     */
+    cleanup(): Promise<void>;
+    /**
+     * Stop the cleanup timer
+     */
+    dispose(): void;
+    /**
+     * Create a new federated auth session
+     */
+    createSession(params: FederatedAuthSessionCreateParams): FederatedAuthSession;
+    /**
+     * Get count (for testing/monitoring)
+     */
+    get size(): number;
+    /**
+     * Clear all sessions (for testing)
+     */
+    clear(): void;
+}
+/**
+ * Create a new federated auth session object
+ *
+ * This is a standalone factory function that creates a FederatedAuthSession
+ * without requiring a store instance. Use this for type-safe session creation.
+ *
+ * @param params Session parameters
+ * @param ttlMs Session TTL in milliseconds (default: 15 minutes)
+ */
+export declare function createFederatedAuthSession(params: FederatedAuthSessionCreateParams, ttlMs?: number): FederatedAuthSession;
+/**
+ * Helper to check if all providers have been authenticated
+ */
+export declare function isSessionComplete(session: FederatedAuthSession): boolean;
+/**
+ * Helper to get the next provider to authenticate
+ */
+export declare function getNextProvider(session: FederatedAuthSession): string | undefined;
+/**
+ * Helper to mark current provider as complete and move to next
+ */
+export declare function completeCurrentProvider(session: FederatedAuthSession, tokens: ProviderTokens, userInfo?: ProviderUserInfo): void;
+/**
+ * Helper to start authentication with next provider
+ */
+export declare function startNextProvider(session: FederatedAuthSession, pkce: ProviderPkce, state: string): string;
+//# sourceMappingURL=federated-auth.session.d.ts.map

package/auth/session/federated-auth.session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"federated-auth.session.d.ts","sourceRoot":"","sources":["../../../src/auth/session/federated-auth.session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,SAAS,EAAE,MAAM,CAAC;IAClB,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oCAAoC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uCAAuC;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,MAAM,EAAE,cAAc,CAAC;IACvB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IAEX,+DAA+D;IAC/D,aAAa,EAAE,MAAM,CAAC;IAEtB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC;IAEjB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,0CAA0C;IAC1C,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,sDAAsD;IACtD,QAAQ,EAAE;QACR,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,uDAAuD;IACvD,YAAY,EAAE;QACZ,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IAEF,8CAA8C;IAC9C,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,mDAAmD;IACnD,kBAAkB,EAAE,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAEnD,2CAA2C;IAC3C,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAE3B,sDAAsD;IACtD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,kDAAkD;IAClD,mBAAmB,CAAC,EAAE,YAAY,CAAC;IAEnC,wDAAwD;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAElB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE;QACR,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;IACF,YAAY,EAAE;QACZ,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,kBAAkB,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;IACvD,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,YAAY,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,qCAAqC;IACrC,KAAK,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpD,yCAAyC;IACzC,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IAEtD,sCAAsC;IACtC,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElC,sCAAsC;IACtC,MAAM,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,oBAAoB,GAAG,0BAA0B,CAKzF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,0BAA0B,GAAG,oBAAoB,CAK1F;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC/C,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1D,YAAY,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACpD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;GAIG;AACH,qBAAa,iCAAkC,YAAW,yBAAyB;IACjF,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiD;IAE1E,4CAA4C;IAC5C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkB;IAE/C,6BAA6B;IAC7B,OAAO,CAAC,YAAY,CAAC,CAAiC;;IAahD,KAAK,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKnD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAerD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,MAAM,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAK1D;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAS9B;;OAEG;IACH,OAAO,IAAI,IAAI;IAOf;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,gCAAgC,GAAG,oBAAoB;IAoB7E;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED;;OAEG;IACH,KAAK,IAAI,IAAI;CAGd;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,gCAAgC,EACxC,KAAK,SAAiB,GACrB,oBAAoB,CAkBtB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAExE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,GAAG,SAAS,CAKjF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,oBAAoB,EAC7B,MAAM,EAAE,cAAc,EACtB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,IAAI,CAiBN;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAmB1G"}

package/auth/session/index.d.ts

@@ -2,8 +2,12 @@ export * from './transport-session.types';
 export { TransportSessionManager, InMemorySessionStore } from './transport-session.manager';
 export { RedisSessionStore, RedisSessionStoreConfig } from './redis-session.store';
 export { VercelKvSessionStore, VercelKvSessionConfig } from './vercel-kv-session.store';
+export { createSessionStore, createSessionStoreSync, createPubsubStore } from './session-store.factory';
 export { SessionRateLimiter, SessionRateLimiterConfig, RateLimitResult, defaultSessionRateLimiter, } from './session-rate-limiter';
 export { signSession, verifySession, verifyOrParseSession, isSignedSession, SignedSession, SessionSigningConfig, } from './session-crypto';
-export * from './authorization.store';
-export * from './authorization-vault';
+export { InMemoryAuthorizationStore, RedisAuthorizationStore, verifyPkce, generatePkceChallenge, pkceChallengeSchema, authorizationCodeRecordSchema, } from '@frontmcp/auth';
+export type { AuthorizationStore, PkceChallenge, AuthorizationCodeRecord, PendingAuthorizationRecord, RefreshTokenRecord, ConsentStateRecord, FederatedLoginStateRecord, } from '@frontmcp/auth';
+export { InMemoryOrchestratedTokenStore, type InMemoryOrchestratedTokenStoreOptions } from './orchestrated-token.store';
+export { InMemoryFederatedAuthSessionStore, toSessionRecord, fromSessionRecord, isSessionComplete, getNextProvider, completeCurrentProvider, startNextProvider, } from './federated-auth.session';
+export type { FederatedAuthSession, FederatedAuthSessionRecord, FederatedAuthSessionStore, FederatedAuthSessionCreateParams, ProviderPkce, ProviderTokens, ProviderUserInfo, CompletedProvider, } from './federated-auth.session';
 //# sourceMappingURL=index.d.ts.map

package/auth/session/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/session/index.ts"],"names":[],"mappings":"AACA,cAAc,2BAA2B,CAAC;AAC1C,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AACnF,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGxF,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,EACf,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAG1B,cAAc,uBAAuB,CAAC;AAGtC,cAAc,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/session/index.ts"],"names":[],"mappings":"AACA,cAAc,2BAA2B,CAAC;AAC1C,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AACnF,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGxF,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAGxG,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,EACf,yBAAyB,GAC1B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAEL,0BAA0B,EAC1B,uBAAuB,EAEvB,UAAU,EACV,qBAAqB,EAErB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACV,kBAAkB,EAClB,aAAa,EACb,uBAAuB,EACvB,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,8BAA8B,EAAE,KAAK,qCAAqC,EAAE,MAAM,4BAA4B,CAAC;AAGxH,OAAO,EACL,iCAAiC,EACjC,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,iBAAiB,GAClB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,gCAAgC,EAChC,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,0BAA0B,CAAC"}