@inspectr/mcplab 1.5.1 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/assets/index-CYs1291A.css +1 -0
- package/dist/app/assets/index-Fe4npghI.js +249 -0
- package/dist/app/index.html +2 -2
- package/dist/app-server/app-context.d.ts +77 -129
- package/dist/app-server/app-context.d.ts.map +1 -1
- package/dist/app-server/oauth-debugger-domain.d.ts +174 -194
- package/dist/app-server/oauth-debugger-domain.d.ts.map +1 -1
- package/dist/app-server/oauth-debugger-domain.js +105 -32
- package/dist/app-server/oauth-debugger-domain.js.map +1 -1
- package/dist/app-server/oauth-runtime-domain.d.ts +60 -0
- package/dist/app-server/oauth-runtime-domain.d.ts.map +1 -0
- package/dist/app-server/oauth-runtime-domain.js +198 -0
- package/dist/app-server/oauth-runtime-domain.js.map +1 -0
- package/dist/app-server/oauth-runtime-routes.d.ts +18 -0
- package/dist/app-server/oauth-runtime-routes.d.ts.map +1 -0
- package/dist/app-server/oauth-runtime-routes.js +109 -0
- package/dist/app-server/oauth-runtime-routes.js.map +1 -0
- package/dist/app-server/router.d.ts.map +1 -1
- package/dist/app-server/router.js +18 -0
- package/dist/app-server/router.js.map +1 -1
- package/dist/app-server/runs-routes.d.ts +30 -54
- package/dist/app-server/runs-routes.d.ts.map +1 -1
- package/dist/app-server/runs-routes.js +38 -7
- package/dist/app-server/runs-routes.js.map +1 -1
- package/dist/app-server/tool-analysis-domain.d.ts +179 -120
- package/dist/app-server/tool-analysis-domain.d.ts.map +1 -1
- package/dist/app-server/tool-analysis-domain.js +186 -31
- package/dist/app-server/tool-analysis-domain.js.map +1 -1
- package/dist/app-server/tool-analysis.d.ts +12 -19
- package/dist/app-server/tool-analysis.d.ts.map +1 -1
- package/dist/app-server/tool-analysis.js +25 -2
- package/dist/app-server/tool-analysis.js.map +1 -1
- package/dist/cli.js +18 -0
- package/dist/cli.js.map +1 -1
- package/package.json +4 -4
- package/dist/app/assets/index-B2nN65ad.css +0 -1
- package/dist/app/assets/index-KAvcXAwp.js +0 -249
|
@@ -1,230 +1,210 @@
|
|
|
1
1
|
import type { ServerResponse } from 'node:http';
|
|
2
2
|
import type { EvalConfig } from '@inspectr/mcplab-core';
|
|
3
|
-
type SessionStatus =
|
|
4
|
-
| 'configuring'
|
|
5
|
-
| 'running'
|
|
6
|
-
| 'waiting_for_user'
|
|
7
|
-
| 'waiting_for_browser_callback'
|
|
8
|
-
| 'completed'
|
|
9
|
-
| 'error'
|
|
10
|
-
| 'stopped';
|
|
3
|
+
type SessionStatus = 'configuring' | 'running' | 'waiting_for_user' | 'waiting_for_browser_callback' | 'completed' | 'error' | 'stopped';
|
|
11
4
|
type RegistrationMethod = 'pre_registered' | 'dcr' | 'cimd';
|
|
12
5
|
export interface OAuthDebuggerSessionConfigInput {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
6
|
+
profile: 'latest';
|
|
7
|
+
target: {
|
|
8
|
+
serverName: string;
|
|
9
|
+
overrides?: {
|
|
10
|
+
authorizationServerMetadataUrl?: string;
|
|
11
|
+
authorizationEndpoint?: string;
|
|
12
|
+
tokenEndpoint?: string;
|
|
13
|
+
registrationEndpoint?: string;
|
|
14
|
+
cimdUrl?: string;
|
|
15
|
+
resourceBaseUrl?: string;
|
|
16
|
+
};
|
|
23
17
|
};
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
18
|
+
registrationMethod: RegistrationMethod;
|
|
19
|
+
clientConfig: {
|
|
20
|
+
preRegistered?: {
|
|
21
|
+
clientId: string;
|
|
22
|
+
clientSecret?: string;
|
|
23
|
+
tokenEndpointAuthMethod?: string;
|
|
24
|
+
};
|
|
25
|
+
dcr?: {
|
|
26
|
+
metadata?: Record<string, unknown>;
|
|
27
|
+
tokenEndpointAuthMethod?: string;
|
|
28
|
+
};
|
|
29
|
+
cimd?: {
|
|
30
|
+
cimdUrl?: string;
|
|
31
|
+
expectedClientId?: string;
|
|
32
|
+
};
|
|
31
33
|
};
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
34
|
+
runtime: {
|
|
35
|
+
redirectMode: 'local_callback' | 'manual';
|
|
36
|
+
scopes?: string[];
|
|
37
|
+
resource?: string;
|
|
38
|
+
usePkce?: boolean;
|
|
39
|
+
codeChallengeMethod?: 'S256';
|
|
40
|
+
state?: string;
|
|
41
|
+
nonce?: string;
|
|
42
|
+
extraAuthParams?: Record<string, string>;
|
|
35
43
|
};
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
expectedClientId?: string;
|
|
44
|
+
display?: {
|
|
45
|
+
showSensitiveValues?: boolean;
|
|
39
46
|
};
|
|
40
|
-
};
|
|
41
|
-
runtime: {
|
|
42
|
-
redirectMode: 'local_callback' | 'manual';
|
|
43
|
-
scopes?: string[];
|
|
44
|
-
resource?: string;
|
|
45
|
-
usePkce?: boolean;
|
|
46
|
-
codeChallengeMethod?: 'S256';
|
|
47
|
-
state?: string;
|
|
48
|
-
nonce?: string;
|
|
49
|
-
extraAuthParams?: Record<string, string>;
|
|
50
|
-
};
|
|
51
|
-
display?: {
|
|
52
|
-
showSensitiveValues?: boolean;
|
|
53
|
-
};
|
|
54
47
|
}
|
|
55
48
|
export interface OAuthNetworkExchange {
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
49
|
+
id: string;
|
|
50
|
+
stepId: string;
|
|
51
|
+
kind: 'http';
|
|
52
|
+
phase: 'request' | 'response';
|
|
53
|
+
label: string;
|
|
54
|
+
method?: string;
|
|
55
|
+
url: string;
|
|
56
|
+
headers: Record<string, string>;
|
|
57
|
+
bodyText?: string;
|
|
58
|
+
status?: number;
|
|
59
|
+
durationMs?: number;
|
|
60
|
+
timestamp: string;
|
|
61
|
+
sensitiveFields?: Array<{
|
|
62
|
+
path: string;
|
|
63
|
+
type: 'token' | 'secret' | 'authorization_header';
|
|
64
|
+
}>;
|
|
72
65
|
}
|
|
73
66
|
export interface OAuthValidationFinding {
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
67
|
+
id: string;
|
|
68
|
+
stepId: string;
|
|
69
|
+
severity: 'error' | 'warning' | 'info';
|
|
70
|
+
code: string;
|
|
71
|
+
title: string;
|
|
72
|
+
detail: string;
|
|
73
|
+
specReference?: string;
|
|
74
|
+
recommendation?: string;
|
|
82
75
|
}
|
|
83
76
|
export interface OAuthDebuggerStepState {
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
77
|
+
id: string;
|
|
78
|
+
title: string;
|
|
79
|
+
description: string;
|
|
80
|
+
status: 'pending' | 'active' | 'completed' | 'failed' | 'skipped';
|
|
81
|
+
startedAt?: string;
|
|
82
|
+
finishedAt?: string;
|
|
83
|
+
outcomeSummary?: string;
|
|
84
|
+
teachableMoment?: string;
|
|
85
|
+
networkExchangeIds: string[];
|
|
86
|
+
validationIds: string[];
|
|
94
87
|
}
|
|
95
88
|
export interface OAuthSequenceEvent {
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
89
|
+
id: string;
|
|
90
|
+
ts: string;
|
|
91
|
+
from: 'User' | 'Debugger' | 'Auth Server' | 'Token Endpoint' | 'MCP/Resource';
|
|
92
|
+
to: 'User' | 'Debugger' | 'Auth Server' | 'Token Endpoint' | 'MCP/Resource';
|
|
93
|
+
label: string;
|
|
94
|
+
stepId?: string;
|
|
95
|
+
networkExchangeId?: string;
|
|
103
96
|
}
|
|
104
97
|
export interface OAuthDebuggerSession {
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
>
|
|
119
|
-
> &
|
|
120
|
-
Omit<
|
|
121
|
-
OAuthDebuggerSessionConfigInput['runtime'],
|
|
122
|
-
'redirectMode' | 'usePkce' | 'codeChallengeMethod'
|
|
123
|
-
>;
|
|
124
|
-
display: {
|
|
125
|
-
showSensitiveValues: boolean;
|
|
98
|
+
id: string;
|
|
99
|
+
createdAt: number;
|
|
100
|
+
updatedAt: number;
|
|
101
|
+
status: SessionStatus;
|
|
102
|
+
config: {
|
|
103
|
+
profile: 'latest';
|
|
104
|
+
target: OAuthDebuggerSessionConfigInput['target'];
|
|
105
|
+
registrationMethod: RegistrationMethod;
|
|
106
|
+
clientConfig: OAuthDebuggerSessionConfigInput['clientConfig'];
|
|
107
|
+
runtime: Required<Pick<OAuthDebuggerSessionConfigInput['runtime'], 'redirectMode' | 'usePkce' | 'codeChallengeMethod'>> & Omit<OAuthDebuggerSessionConfigInput['runtime'], 'redirectMode' | 'usePkce' | 'codeChallengeMethod'>;
|
|
108
|
+
display: {
|
|
109
|
+
showSensitiveValues: boolean;
|
|
110
|
+
};
|
|
126
111
|
};
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
112
|
+
steps: OAuthDebuggerStepState[];
|
|
113
|
+
validations: OAuthValidationFinding[];
|
|
114
|
+
network: OAuthNetworkExchange[];
|
|
115
|
+
sequence: OAuthSequenceEvent[];
|
|
116
|
+
events: Array<{
|
|
117
|
+
type: string;
|
|
118
|
+
ts: string;
|
|
119
|
+
payload: Record<string, unknown>;
|
|
120
|
+
}>;
|
|
121
|
+
clients: Set<ServerResponse>;
|
|
122
|
+
abortController: AbortController;
|
|
123
|
+
serverConfig?: EvalConfig['servers'][string];
|
|
124
|
+
context: {
|
|
125
|
+
resourceMetadata?: any;
|
|
126
|
+
authServerMetadata?: any;
|
|
127
|
+
registration?: any;
|
|
128
|
+
resolvedClient?: {
|
|
129
|
+
clientId: string;
|
|
130
|
+
clientSecret?: string;
|
|
131
|
+
tokenEndpointAuthMethod?: string;
|
|
132
|
+
};
|
|
133
|
+
pkce?: {
|
|
134
|
+
verifier: string;
|
|
135
|
+
challenge: string;
|
|
136
|
+
method: 'S256';
|
|
137
|
+
};
|
|
138
|
+
authorizationRequestUrl?: string;
|
|
139
|
+
callbackResult?: {
|
|
140
|
+
rawUrl?: string;
|
|
141
|
+
code?: string;
|
|
142
|
+
state?: string;
|
|
143
|
+
error?: string;
|
|
144
|
+
errorDescription?: string;
|
|
145
|
+
};
|
|
146
|
+
tokenResponse?: any;
|
|
147
|
+
probeResponse?: {
|
|
148
|
+
status: number;
|
|
149
|
+
bodyText: string;
|
|
150
|
+
url: string;
|
|
151
|
+
};
|
|
152
|
+
callbackUrl?: string;
|
|
148
153
|
};
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
154
|
+
}
|
|
155
|
+
export interface OAuthDebuggerSessionView {
|
|
156
|
+
id: string;
|
|
157
|
+
status: SessionStatus;
|
|
158
|
+
createdAt: string;
|
|
159
|
+
updatedAt: string;
|
|
160
|
+
profile: 'latest';
|
|
161
|
+
registrationMethod: RegistrationMethod;
|
|
162
|
+
stepStates: OAuthDebuggerStepState[];
|
|
163
|
+
validations: OAuthValidationFinding[];
|
|
164
|
+
network: OAuthNetworkExchange[];
|
|
165
|
+
networkSummary: {
|
|
166
|
+
requestCount: number;
|
|
167
|
+
errorCount: number;
|
|
153
168
|
};
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
errorDescription?: string;
|
|
169
|
+
sequence: OAuthSequenceEvent[];
|
|
170
|
+
uiHints: {
|
|
171
|
+
nextAction?: 'start' | 'open_authorize_url' | 'paste_callback_url' | 'none';
|
|
172
|
+
authorizationUrl?: string;
|
|
173
|
+
callbackMode?: 'local_callback' | 'manual';
|
|
174
|
+
callbackUrl?: string;
|
|
161
175
|
};
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
176
|
+
summary?: {
|
|
177
|
+
issuer?: string;
|
|
178
|
+
clientId?: string;
|
|
179
|
+
redirectUri?: string;
|
|
180
|
+
tokenEndpointStatus?: number;
|
|
181
|
+
tokenType?: string;
|
|
182
|
+
grantedScopes?: string[];
|
|
183
|
+
accessToken?: string;
|
|
167
184
|
};
|
|
168
|
-
callbackUrl?: string;
|
|
169
|
-
};
|
|
170
185
|
}
|
|
171
|
-
export
|
|
172
|
-
id: string;
|
|
173
|
-
status: SessionStatus;
|
|
174
|
-
createdAt: string;
|
|
175
|
-
updatedAt: string;
|
|
176
|
-
profile: 'latest';
|
|
177
|
-
registrationMethod: RegistrationMethod;
|
|
178
|
-
stepStates: OAuthDebuggerStepState[];
|
|
179
|
-
validations: OAuthValidationFinding[];
|
|
180
|
-
network: OAuthNetworkExchange[];
|
|
181
|
-
networkSummary: {
|
|
182
|
-
requestCount: number;
|
|
183
|
-
errorCount: number;
|
|
184
|
-
};
|
|
185
|
-
sequence: OAuthSequenceEvent[];
|
|
186
|
-
uiHints: {
|
|
187
|
-
nextAction?: 'start' | 'open_authorize_url' | 'paste_callback_url' | 'none';
|
|
188
|
-
authorizationUrl?: string;
|
|
189
|
-
callbackMode?: 'local_callback' | 'manual';
|
|
190
|
-
callbackUrl?: string;
|
|
191
|
-
};
|
|
192
|
-
summary?: {
|
|
193
|
-
issuer?: string;
|
|
194
|
-
clientId?: string;
|
|
195
|
-
redirectUri?: string;
|
|
196
|
-
tokenEndpointStatus?: number;
|
|
197
|
-
tokenType?: string;
|
|
198
|
-
grantedScopes?: string[];
|
|
199
|
-
};
|
|
200
|
-
}
|
|
201
|
-
export declare function cleanupOAuthDebuggerSessions(
|
|
202
|
-
sessions: Map<string, OAuthDebuggerSession>,
|
|
203
|
-
now?: number
|
|
204
|
-
): void;
|
|
186
|
+
export declare function cleanupOAuthDebuggerSessions(sessions: Map<string, OAuthDebuggerSession>, now?: number): void;
|
|
205
187
|
export declare function createOAuthDebuggerSession(params: {
|
|
206
|
-
|
|
207
|
-
|
|
188
|
+
config: OAuthDebuggerSessionConfigInput;
|
|
189
|
+
serverConfig?: EvalConfig['servers'][string];
|
|
208
190
|
}): OAuthDebuggerSession;
|
|
209
|
-
export declare function oauthDebuggerSessionView(
|
|
210
|
-
session: OAuthDebuggerSession
|
|
211
|
-
): OAuthDebuggerSessionView;
|
|
191
|
+
export declare function oauthDebuggerSessionView(session: OAuthDebuggerSession): OAuthDebuggerSessionView;
|
|
212
192
|
export declare function startOrResumeOAuthDebuggerSession(params: {
|
|
213
|
-
|
|
214
|
-
|
|
193
|
+
session: OAuthDebuggerSession;
|
|
194
|
+
appBaseUrl: string;
|
|
215
195
|
}): Promise<void>;
|
|
216
196
|
export declare function submitManualCallbackToSession(params: {
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
197
|
+
session: OAuthDebuggerSession;
|
|
198
|
+
redirectUrl?: string;
|
|
199
|
+
code?: string;
|
|
200
|
+
state?: string;
|
|
221
201
|
}): void;
|
|
222
202
|
export declare function submitBrowserCallbackToSession(params: {
|
|
223
|
-
|
|
224
|
-
|
|
203
|
+
session: OAuthDebuggerSession;
|
|
204
|
+
rawUrl: string;
|
|
225
205
|
}): void;
|
|
226
206
|
export declare function stopOAuthDebuggerSession(session: OAuthDebuggerSession): void;
|
|
227
207
|
export declare function oauthDebuggerExportMarkdown(session: OAuthDebuggerSession): string;
|
|
228
208
|
export declare function oauthDebuggerExportRawTrace(session: OAuthDebuggerSession): string;
|
|
229
209
|
export {};
|
|
230
|
-
//# sourceMappingURL=oauth-debugger-domain.d.ts.map
|
|
210
|
+
//# sourceMappingURL=oauth-debugger-domain.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-debugger-domain.d.ts","sourceRoot":"","sources":["../../src/app-server/oauth-debugger-domain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGhD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGxD,KAAK,aAAa,GACd,aAAa,GACb,SAAS,GACT,kBAAkB,GAClB,8BAA8B,GAC9B,WAAW,GACX,OAAO,GACP,SAAS,CAAC;AAEd,KAAK,kBAAkB,GAAG,gBAAgB,GAAG,KAAK,GAAG,MAAM,CAAC;AAE5D,MAAM,WAAW,+BAA+B;IAC9C,OAAO,EAAE,QAAQ,CAAC;IAClB,MAAM,EAAE;QACN,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE;YACV,8BAA8B,CAAC,EAAE,MAAM,CAAC;YACxC,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;YAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,eAAe,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;KACH,CAAC;IACF,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,YAAY,EAAE;QACZ,aAAa,CAAC,EAAE;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,uBAAuB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC;QACF,GAAG,CAAC,EAAE;YACJ,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACnC,uBAAuB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC;QACF,IAAI,CAAC,EAAE;YACL,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,YAAY,EAAE,gBAAgB,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;IACF,OAAO,CAAC,EAAE;QACR,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,SAAS,GAAG,UAAU,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,sBAAsB,CAAA;KAAE,CAAC,CAAC;CAC9F;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IAClE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC9E,EAAE,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC5E,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE;QACN,OAAO,EAAE,QAAQ,CAAC;QAClB,MAAM,EAAE,+BAA+B,CAAC,QAAQ,CAAC,CAAC;QAClD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,YAAY,EAAE,+BAA+B,CAAC,cAAc,CAAC,CAAC;QAC9D,OAAO,EAAE,QAAQ,CACf,IAAI,CACF,+BAA+B,CAAC,SAAS,CAAC,EAC1C,cAAc,GAAG,SAAS,GAAG,qBAAqB,CACnD,CACF,GACC,IAAI,CACF,+BAA+B,CAAC,SAAS,CAAC,EAC1C,cAAc,GAAG,SAAS,GAAG,qBAAqB,CACnD,CAAC;QACJ,OAAO,EAAE;YACP,mBAAmB,EAAE,OAAO,CAAC;SAC9B,CAAC;KACH,CAAC;IACF,KAAK,EAAE,sBAAsB,EAAE,CAAC;IAChC,WAAW,EAAE,sBAAsB,EAAE,CAAC;IACtC,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAChC,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC;IAC9E,OAAO,EAAE,GAAG,CAAC,cAAc,CAAC,CAAC;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,YAAY,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,EAAE;QACP,gBAAgB,CAAC,EAAE,GAAG,CAAC;QACvB,kBAAkB,CAAC,EAAE,GAAG,CAAC;QACzB,YAAY,CAAC,EAAE,GAAG,CAAC;QACnB,cAAc,CAAC,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAC;YAAC,uBAAuB,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/F,IAAI,CAAC,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/D,uBAAuB,CAAC,EAAE,MAAM,CAAC;QACjC,cAAc,CAAC,EAAE;YACf,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;QACF,aAAa,CAAC,EAAE,GAAG,CAAC;QACpB,aAAa,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QAClE,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,aAAa,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,QAAQ,CAAC;IAClB,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,UAAU,EAAE,sBAAsB,EAAE,CAAC;IACrC,WAAW,EAAE,sBAAsB,EAAE,CAAC;IACtC,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAChC,cAAc,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7D,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,OAAO,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,MAAM,CAAC;QAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,YAAY,CAAC,EAAE,gBAAgB,GAAG,QAAQ,CAAC;QAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth-debugger-domain.d.ts","sourceRoot":"","sources":["../../src/app-server/oauth-debugger-domain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGhD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGxD,KAAK,aAAa,GACd,aAAa,GACb,SAAS,GACT,kBAAkB,GAClB,8BAA8B,GAC9B,WAAW,GACX,OAAO,GACP,SAAS,CAAC;AAEd,KAAK,kBAAkB,GAAG,gBAAgB,GAAG,KAAK,GAAG,MAAM,CAAC;AAE5D,MAAM,WAAW,+BAA+B;IAC9C,OAAO,EAAE,QAAQ,CAAC;IAClB,MAAM,EAAE;QACN,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE;YACV,8BAA8B,CAAC,EAAE,MAAM,CAAC;YACxC,qBAAqB,CAAC,EAAE,MAAM,CAAC;YAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;YAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,eAAe,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;KACH,CAAC;IACF,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,YAAY,EAAE;QACZ,aAAa,CAAC,EAAE;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,uBAAuB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC;QACF,GAAG,CAAC,EAAE;YACJ,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACnC,uBAAuB,CAAC,EAAE,MAAM,CAAC;SAClC,CAAC;QACF,IAAI,CAAC,EAAE;YACL,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,YAAY,EAAE,gBAAgB,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;IACF,OAAO,CAAC,EAAE;QACR,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,SAAS,GAAG,UAAU,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,sBAAsB,CAAA;KAAE,CAAC,CAAC;CAC9F;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IAClE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC9E,EAAE,EAAE,MAAM,GAAG,UAAU,GAAG,aAAa,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC5E,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE;QACN,OAAO,EAAE,QAAQ,CAAC;QAClB,MAAM,EAAE,+BAA+B,CAAC,QAAQ,CAAC,CAAC;QAClD,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,YAAY,EAAE,+BAA+B,CAAC,cAAc,CAAC,CAAC;QAC9D,OAAO,EAAE,QAAQ,CACf,IAAI,CACF,+BAA+B,CAAC,SAAS,CAAC,EAC1C,cAAc,GAAG,SAAS,GAAG,qBAAqB,CACnD,CACF,GACC,IAAI,CACF,+BAA+B,CAAC,SAAS,CAAC,EAC1C,cAAc,GAAG,SAAS,GAAG,qBAAqB,CACnD,CAAC;QACJ,OAAO,EAAE;YACP,mBAAmB,EAAE,OAAO,CAAC;SAC9B,CAAC;KACH,CAAC;IACF,KAAK,EAAE,sBAAsB,EAAE,CAAC;IAChC,WAAW,EAAE,sBAAsB,EAAE,CAAC;IACtC,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAChC,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC;IAC9E,OAAO,EAAE,GAAG,CAAC,cAAc,CAAC,CAAC;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,YAAY,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,EAAE;QACP,gBAAgB,CAAC,EAAE,GAAG,CAAC;QACvB,kBAAkB,CAAC,EAAE,GAAG,CAAC;QACzB,YAAY,CAAC,EAAE,GAAG,CAAC;QACnB,cAAc,CAAC,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAC;YAAC,uBAAuB,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/F,IAAI,CAAC,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/D,uBAAuB,CAAC,EAAE,MAAM,CAAC;QACjC,cAAc,CAAC,EAAE;YACf,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;QACF,aAAa,CAAC,EAAE,GAAG,CAAC;QACpB,aAAa,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QAClE,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,aAAa,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,QAAQ,CAAC;IAClB,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,UAAU,EAAE,sBAAsB,EAAE,CAAC;IACrC,WAAW,EAAE,sBAAsB,EAAE,CAAC;IACtC,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAChC,cAAc,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7D,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,OAAO,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,MAAM,CAAC;QAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,YAAY,CAAC,EAAE,gBAAgB,GAAG,QAAQ,CAAC;QAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAk8BD,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,EAC3C,GAAG,SAAa,QAOjB;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE;IACjD,MAAM,EAAE,+BAA+B,CAAC;IACxC,YAAY,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;CAC9C,GAAG,oBAAoB,CAsDvB;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,oBAAoB,GAAG,wBAAwB,CAsDhG;AAED,wBAAsB,iCAAiC,CAAC,MAAM,EAAE;IAC9D,OAAO,EAAE,oBAAoB,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB,iBAsFA;AAED,wBAAgB,6BAA6B,CAAC,MAAM,EAAE;IACpD,OAAO,EAAE,oBAAoB,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,QAWA;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE;IACrD,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB,QAIA;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,oBAAoB,QAWrE;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,CA+BjF;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,CAiBjF"}
|
|
@@ -266,11 +266,24 @@ function inferResourceMetadataUrl(baseUrl) {
|
|
|
266
266
|
u.search = '';
|
|
267
267
|
return u.toString();
|
|
268
268
|
}
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
269
|
+
// Returns candidate URLs to try for auth server metadata, in priority order:
|
|
270
|
+
// 1. OIDC relative to issuer path — covers Keycloak, Auth0, and any path-based issuer
|
|
271
|
+
// 2. RFC 8414 path-based — /.well-known/oauth-authorization-server/{path}
|
|
272
|
+
// 3. RFC 8414 root — /.well-known/oauth-authorization-server
|
|
273
|
+
// 4. OIDC at origin — final fallback for root-only OIDC providers
|
|
274
|
+
function authServerMetadataCandidates(issuerUrl) {
|
|
275
|
+
const u = new URL(issuerUrl);
|
|
276
|
+
const base = issuerUrl.replace(/\/$/, '');
|
|
277
|
+
const hasPath = u.pathname && u.pathname !== '/';
|
|
278
|
+
const candidates = [
|
|
279
|
+
`${base}/.well-known/openid-configuration`,
|
|
280
|
+
...(hasPath
|
|
281
|
+
? [`${u.origin}/.well-known/oauth-authorization-server${u.pathname.replace(/\/$/, '')}`]
|
|
282
|
+
: []),
|
|
283
|
+
`${u.origin}/.well-known/oauth-authorization-server`,
|
|
284
|
+
...(hasPath ? [`${u.origin}/.well-known/openid-configuration`] : [])
|
|
285
|
+
];
|
|
286
|
+
return [...new Set(candidates)];
|
|
274
287
|
}
|
|
275
288
|
function localCallbackUrl(session, appBaseUrl) {
|
|
276
289
|
return `${appBaseUrl.replace(/\/$/, '')}/api/oauth-debugger/sessions/${session.id}/callback`;
|
|
@@ -361,9 +374,34 @@ async function stepResolveTargetMetadata(session) {
|
|
|
361
374
|
const server = session.serverConfig;
|
|
362
375
|
if (!server)
|
|
363
376
|
throw new Error(`MCP server '${session.config.target.serverName}' not found`);
|
|
377
|
+
// RFC 9728: probe the MCP server first. A 401/403 response may carry a
|
|
378
|
+
// WWW-Authenticate header with an explicit resource_metadata URL, which is
|
|
379
|
+
// more reliable than the inferred /.well-known path.
|
|
380
|
+
let probedResourceMetadataUrl;
|
|
381
|
+
if (!session.config.target.overrides?.authorizationServerMetadataUrl) {
|
|
382
|
+
const probeUrl = session.config.target.overrides?.resourceBaseUrl || server.url;
|
|
383
|
+
try {
|
|
384
|
+
const probeResponse = await fetchWithTrace({
|
|
385
|
+
session,
|
|
386
|
+
stepId,
|
|
387
|
+
label: 'MCP Server Probe',
|
|
388
|
+
url: probeUrl,
|
|
389
|
+
timeoutMs: 10_000
|
|
390
|
+
});
|
|
391
|
+
const wwwAuth = probeResponse.response.headers.get('www-authenticate') ?? '';
|
|
392
|
+
if (wwwAuth) {
|
|
393
|
+
const match = /resource_metadata=(?:"([^"]+)"|(\S+))/i.exec(wwwAuth);
|
|
394
|
+
if (match)
|
|
395
|
+
probedResourceMetadataUrl = match[1] ?? match[2];
|
|
396
|
+
}
|
|
397
|
+
}
|
|
398
|
+
catch {
|
|
399
|
+
// probe is best-effort — network errors are fine here
|
|
400
|
+
}
|
|
401
|
+
}
|
|
364
402
|
const resourceMetadataUrl = session.config.target.overrides?.authorizationServerMetadataUrl
|
|
365
403
|
? undefined
|
|
366
|
-
: inferResourceMetadataUrl(session.config.target.overrides?.resourceBaseUrl || server.url);
|
|
404
|
+
: probedResourceMetadataUrl ?? inferResourceMetadataUrl(session.config.target.overrides?.resourceBaseUrl || server.url);
|
|
367
405
|
if (resourceMetadataUrl) {
|
|
368
406
|
try {
|
|
369
407
|
const { response, responseJson, responseText } = await fetchWithTrace({
|
|
@@ -397,34 +435,50 @@ async function stepResolveTargetMetadata(session) {
|
|
|
397
435
|
});
|
|
398
436
|
}
|
|
399
437
|
}
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
session
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
438
|
+
// Build the ordered candidate list for auth server metadata.
|
|
439
|
+
// If the user supplied a direct metadata URL override, use it as-is.
|
|
440
|
+
// Otherwise derive candidates from the issuer URL found in resource metadata,
|
|
441
|
+
// or fall back to candidates based on the MCP server URL itself.
|
|
442
|
+
const overrideMetadataUrl = session.config.target.overrides?.authorizationServerMetadataUrl;
|
|
443
|
+
const issuerFromMetadata = session.context.resourceMetadata?.authorization_servers?.[0]
|
|
444
|
+
? String(session.context.resourceMetadata.authorization_servers[0])
|
|
445
|
+
: session.context.resourceMetadata?.authorization_server
|
|
446
|
+
? String(session.context.resourceMetadata.authorization_server)
|
|
447
|
+
: undefined;
|
|
448
|
+
const metadataCandidates = overrideMetadataUrl
|
|
449
|
+
? [overrideMetadataUrl]
|
|
450
|
+
: authServerMetadataCandidates(issuerFromMetadata ?? session.config.target.overrides?.resourceBaseUrl ?? server.url);
|
|
451
|
+
let authMetadataFetched = false;
|
|
452
|
+
for (const candidateUrl of metadataCandidates) {
|
|
453
|
+
try {
|
|
454
|
+
const { response, responseJson } = await fetchWithTrace({
|
|
455
|
+
session,
|
|
456
|
+
stepId,
|
|
457
|
+
label: 'Authorization Server Metadata',
|
|
458
|
+
url: candidateUrl
|
|
459
|
+
});
|
|
460
|
+
if (response.ok && responseJson?.authorization_endpoint) {
|
|
461
|
+
session.context.authServerMetadata = responseJson;
|
|
462
|
+
authMetadataFetched = true;
|
|
463
|
+
break;
|
|
464
|
+
}
|
|
465
|
+
}
|
|
466
|
+
catch {
|
|
467
|
+
// try next candidate
|
|
415
468
|
}
|
|
416
|
-
session.context.authServerMetadata = responseJson ?? { raw: responseText };
|
|
417
469
|
}
|
|
418
|
-
|
|
470
|
+
if (!authMetadataFetched) {
|
|
419
471
|
session.context.authServerMetadata = {};
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
472
|
+
if (!session.config.target.overrides?.authorizationEndpoint) {
|
|
473
|
+
addValidation(session, {
|
|
474
|
+
stepId,
|
|
475
|
+
severity: 'warning',
|
|
476
|
+
code: 'auth_metadata_missing',
|
|
477
|
+
title: 'Authorization metadata URL not discovered',
|
|
478
|
+
detail: 'Could not derive authorization server metadata URL automatically from the selected MCP server.',
|
|
479
|
+
recommendation: 'Use Advanced overrides to set authorization/token/registration endpoints.'
|
|
480
|
+
});
|
|
481
|
+
}
|
|
428
482
|
}
|
|
429
483
|
if (session.config.target.overrides?.authorizationEndpoint) {
|
|
430
484
|
session.context.authServerMetadata = {
|
|
@@ -444,6 +498,20 @@ async function stepResolveTargetMetadata(session) {
|
|
|
444
498
|
registration_endpoint: session.config.target.overrides.registrationEndpoint
|
|
445
499
|
};
|
|
446
500
|
}
|
|
501
|
+
// Scope auto-discovery: when no scopes are configured, derive them from
|
|
502
|
+
// discovered metadata so the authorization request isn't sent scope-less.
|
|
503
|
+
if ((session.config.runtime.scopes ?? []).length === 0) {
|
|
504
|
+
const fromResource = session.context.resourceMetadata?.scopes_supported;
|
|
505
|
+
const fromAuthServer = session.context.authServerMetadata?.scopes_supported;
|
|
506
|
+
const discovered = Array.isArray(fromResource)
|
|
507
|
+
? fromResource
|
|
508
|
+
: Array.isArray(fromAuthServer)
|
|
509
|
+
? fromAuthServer
|
|
510
|
+
: [];
|
|
511
|
+
if (discovered.length > 0) {
|
|
512
|
+
session.config.runtime.scopes = discovered;
|
|
513
|
+
}
|
|
514
|
+
}
|
|
447
515
|
markStepCompleted(session, stepId, 'Metadata resolution finished');
|
|
448
516
|
}
|
|
449
517
|
async function stepResolveRegistrationSource(session) {
|
|
@@ -502,7 +570,9 @@ async function stepDcr(session) {
|
|
|
502
570
|
const redirectUri = requiredString(session.context.callbackUrl, 'Callback URL not set');
|
|
503
571
|
const bodyObj = {
|
|
504
572
|
redirect_uris: [redirectUri],
|
|
505
|
-
|
|
573
|
+
...(session.config.clientConfig.dcr?.tokenEndpointAuthMethod
|
|
574
|
+
? { token_endpoint_auth_method: session.config.clientConfig.dcr.tokenEndpointAuthMethod }
|
|
575
|
+
: {}),
|
|
506
576
|
client_name: 'MCP Lab OAuth Debugger',
|
|
507
577
|
grant_types: ['authorization_code'],
|
|
508
578
|
response_types: ['code'],
|
|
@@ -920,6 +990,9 @@ export function oauthDebuggerSessionView(session) {
|
|
|
920
990
|
tokenType: typeof token?.token_type === 'string' ? token.token_type : undefined,
|
|
921
991
|
grantedScopes: typeof token?.scope === 'string'
|
|
922
992
|
? String(token.scope).split(/\s+/).filter(Boolean)
|
|
993
|
+
: undefined,
|
|
994
|
+
accessToken: session.config.display.showSensitiveValues && typeof token?.access_token === 'string'
|
|
995
|
+
? token.access_token
|
|
923
996
|
: undefined
|
|
924
997
|
}
|
|
925
998
|
};
|