@lanonasis/oauth-client 1.2.0 → 1.2.1

package/README.md

@@ -1,15 +1,12 @@
 # @lanonasis/oauth-client
 
-Drop-in OAuth + API Key authentication client for the Lanonasis ecosystem. Supports dual authentication modes: OAuth2 PKCE flow for pre-registered clients and direct API key authentication for dashboard users. Handles browser/desktop/terminal flows, token lifecycle, secure storage, and MCP WebSocket/SSE connections.
+Drop-in OAuth + MCP connectivity client for the Lanonasis ecosystem. Handles browser/desktop/terminal flows, token lifecycle, secure (hashed) API key storage, and MCP WebSocket/SSE connections so other projects can integrate without re-implementing auth.
 
 ## Features
-- **Dual Authentication**: OAuth2 PKCE flow OR direct API key authentication
 - OAuth flows for terminal and desktop (Electron-friendly) environments
-- API key authentication for new users with dashboard-generated keys
 - Token storage with secure backends (Keytar, encrypted files, Electron secure store, mobile secure storage, WebCrypto in browsers)
 - API key storage that normalizes to SHA-256 digests before persisting
 - MCP client that connects over WebSocket (`/ws`) or SSE (`/sse`) with auto-refreshing tokens
-- Automatic auth mode detection based on configuration
 - ESM + CJS bundles with TypeScript types
 
 ## Installation
@@ -20,24 +17,6 @@ bun add @lanonasis/oauth-client
 ```
 
 ## Quick Start
-
-### Option 1: API Key Authentication (Recommended for New Users)
-```ts
-import { MCPClient } from '@lanonasis/oauth-client';
-
-// Simple API key mode - perfect for dashboard users
-const client = new MCPClient({
-  apiKey: 'lano_abc123xyz',  // Get from dashboard
-  mcpEndpoint: 'wss://mcp.lanonasis.com'
-});
-
-await client.connect();  // Automatically uses API key auth
-
-// Make requests
-const memories = await client.searchMemories('test query');
-```
-
-### Option 2: OAuth Authentication (For Pre-registered Clients)
 ```ts
 import { MCPClient } from '@lanonasis/oauth-client';
 
@@ -48,7 +27,7 @@ const client = new MCPClient({
   scope: 'mcp:read mcp:write api_keys:manage'
 });
 
-await client.connect(); // Triggers OAuth flow, handles refresh
+await client.connect(); // handles auth, refresh, and MCP connect
 ```
 
 ### Terminal OAuth flow
@@ -95,20 +74,12 @@ const hashed = await apiKeys.getApiKey(); // returns sha256 hex digest
 ```
 
 ## Configuration
-
-### API Key Mode
-- `apiKey` (required): Your dashboard-generated API key (starts with `lano_`).
-- `mcpEndpoint` (optional): defaults to `wss://mcp.lanonasis.com` and can also be `https://...` for SSE.
-
-### OAuth Mode
 - `clientId` (required): OAuth client id issued by Lanonasis Auth.
 - `authBaseUrl` (optional): defaults to `https://auth.lanonasis.com`.
 - `mcpEndpoint` (optional): defaults to `wss://mcp.lanonasis.com` and can also be `https://...` for SSE.
 - `scope` (optional): defaults to `mcp:read mcp:write api_keys:manage`.
 - `autoRefresh` (MCPClient): refresh tokens 5 minutes before expiry (default `true`).
 
-**Note**: Auth mode is automatically detected - if you provide `apiKey`, it uses API key authentication. If you provide `clientId`, it uses OAuth.
-
 ## Publishing (maintainers)
 1) Build artifacts: `npm install && npm run build`
 2) Verify contents: ensure `dist`, `README.md`, `LICENSE` are present.

package/dist/index.cjs

@@ -440,9 +440,6 @@ var TokenStorage = class {
     }
   }
   isTokenExpired(tokens) {
-    if (tokens.token_type === "api-key" || tokens.expires_in === 0) {
-      return false;
-    }
     if (!tokens.expires_in) return false;
     if (!tokens.issued_at) {
       console.warn("Token missing issued_at timestamp, treating as expired");
@@ -1074,66 +1071,9 @@ var ApiKeyStorage = class {
   }
 };
 
-// src/flows/apikey-flow.ts
-var APIKeyFlow = class extends BaseOAuthFlow {
-  constructor(apiKey, authBaseUrl = "https://mcp.lanonasis.com") {
-    super({
-      clientId: "api-key-client",
-      authBaseUrl
-    });
-    this.apiKey = apiKey;
-  }
-  /**
-   * "Authenticate" by returning the API key as a virtual token
-   * The API key will be used directly in request headers
-   */
-  async authenticate() {
-    if (!this.apiKey || !this.apiKey.startsWith("lano_") && !this.apiKey.startsWith("vx_")) {
-      throw new Error(
-        'Invalid API key format. Must start with "lano_" or "vx_". Please regenerate your API key from the dashboard.'
-      );
-    }
-    if (this.apiKey.startsWith("vx_")) {
-      console.warn(
-        '\u26A0\uFE0F  DEPRECATION WARNING: API keys with "vx_" prefix are deprecated and will stop working soon. Please regenerate your API key from the dashboard to get a "lano_" prefixed key. Support for "vx_" keys will be removed in a future version.'
-      );
-    }
-    return {
-      access_token: this.apiKey,
-      token_type: "api-key",
-      expires_in: 0,
-      // API keys don't expire
-      issued_at: Date.now()
-    };
-  }
-  /**
-   * API keys don't need refresh
-   */
-  async refreshToken(refreshToken) {
-    throw new Error("API keys do not support token refresh");
-  }
-  /**
-   * Optional: Validate API key by making a test request
-   */
-  async validateAPIKey() {
-    try {
-      const response = await fetch(`${this.config.authBaseUrl}/api/v1/health`, {
-        headers: {
-          "x-api-key": this.apiKey
-        }
-      });
-      return response.ok;
-    } catch (error) {
-      console.error("API key validation failed:", error);
-      return false;
-    }
-  }
-};
-
 // src/client/mcp-client.ts
 var MCPClient = class {
   constructor(config = {}) {
-    // ← NEW: Track auth mode
     this.ws = null;
     this.eventSource = null;
     this.accessToken = null;
@@ -1144,45 +1084,30 @@ var MCPClient = class {
       ...config
     };
     this.tokenStorage = new TokenStorage();
-    this.authMode = config.apiKey ? "apikey" : "oauth";
-    if (this.authMode === "apikey") {
-      this.authFlow = new APIKeyFlow(
-        config.apiKey,
-        config.authBaseUrl || "https://mcp.lanonasis.com"
-      );
+    if (this.isTerminal()) {
+      this.authFlow = new TerminalOAuthFlow(config);
     } else {
-      if (this.isTerminal()) {
-        this.authFlow = new TerminalOAuthFlow(config);
-      } else {
-        this.authFlow = new DesktopOAuthFlow(config);
-      }
+      this.authFlow = new DesktopOAuthFlow(config);
     }
   }
   async connect() {
     try {
       let tokens = await this.tokenStorage.retrieve();
-      if (this.authMode === "apikey") {
-        if (!tokens) {
-          tokens = await this.authenticate();
-        }
-        this.accessToken = tokens.access_token;
-      } else {
-        if (!tokens || this.tokenStorage.isTokenExpired(tokens)) {
-          if (tokens?.refresh_token) {
-            try {
-              tokens = await this.authFlow.refreshToken(tokens.refresh_token);
-              await this.tokenStorage.store(tokens);
-            } catch (error) {
-              tokens = await this.authenticate();
-            }
-          } else {
+      if (!tokens || this.tokenStorage.isTokenExpired(tokens)) {
+        if (tokens?.refresh_token) {
+          try {
+            tokens = await this.authFlow.refreshToken(tokens.refresh_token);
+            await this.tokenStorage.store(tokens);
+          } catch (error) {
             tokens = await this.authenticate();
           }
+        } else {
+          tokens = await this.authenticate();
         }
-        this.accessToken = tokens.access_token;
-        if (this.config.autoRefresh && tokens.expires_in) {
-          this.scheduleTokenRefresh(tokens);
-        }
+      }
+      this.accessToken = tokens.access_token;
+      if (this.config.autoRefresh && tokens.expires_in) {
+        this.scheduleTokenRefresh(tokens);
       }
       await this.establishConnection();
     } catch (error) {
@@ -1202,10 +1127,6 @@ var MCPClient = class {
     if (!tokens) {
       throw new Error("Not authenticated");
     }
-    if (this.authMode === "apikey") {
-      this.accessToken = tokens.access_token;
-      return;
-    }
     if (this.tokenStorage.isTokenExpired(tokens)) {
       if (tokens.refresh_token) {
         try {
@@ -1262,19 +1183,11 @@ var MCPClient = class {
       this.ws = new WebSocket(wsUrl.toString());
     } else {
       const { default: WS } = await import("ws");
-      if (this.authMode === "apikey") {
-        this.ws = new WS(wsUrl.toString(), {
-          headers: {
-            "x-api-key": this.accessToken
-          }
-        });
-      } else {
-        this.ws = new WS(wsUrl.toString(), {
-          headers: {
-            "Authorization": `Bearer ${this.accessToken}`
-          }
-        });
-      }
+      this.ws = new WS(wsUrl.toString(), {
+        headers: {
+          "Authorization": `Bearer ${this.accessToken}`
+        }
+      });
     }
     return new Promise((resolve, reject) => {
       if (!this.ws) {
@@ -1308,19 +1221,11 @@ var MCPClient = class {
     } else {
       const EventSourceModule = await import("eventsource");
       const ES = EventSourceModule.default || EventSourceModule;
-      if (this.authMode === "apikey") {
-        this.eventSource = new ES(sseUrl.toString(), {
-          headers: {
-            "x-api-key": this.accessToken
-          }
-        });
-      } else {
-        this.eventSource = new ES(sseUrl.toString(), {
-          headers: {
-            "Authorization": `Bearer ${this.accessToken}`
-          }
-        });
-      }
+      this.eventSource = new ES(sseUrl.toString(), {
+        headers: {
+          "Authorization": `Bearer ${this.accessToken}`
+        }
+      });
     }
     this.eventSource.onopen = () => {
       console.log("MCP SSE connected");
@@ -1350,17 +1255,12 @@ var MCPClient = class {
     if (!this.accessToken) {
       throw new Error("Not authenticated");
     }
-    const headers = {
-      "Content-Type": "application/json"
-    };
-    if (this.authMode === "apikey") {
-      headers["x-api-key"] = this.accessToken;
-    } else {
-      headers["Authorization"] = `Bearer ${this.accessToken}`;
-    }
     const response = await fetch(`${this.config.mcpEndpoint}/api`, {
       method: "POST",
-      headers,
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`,
+        "Content-Type": "application/json"
+      },
       body: JSON.stringify({
         jsonrpc: "2.0",
         id: this.generateId(),
@@ -1369,9 +1269,6 @@ var MCPClient = class {
       })
     });
     if (response.status === 401) {
-      if (this.authMode === "apikey") {
-        throw new Error("Invalid API key - please check your credentials");
-      }
       const tokens = await this.tokenStorage.retrieve();
       if (tokens?.refresh_token) {
         const newTokens = await this.authFlow.refreshToken(tokens.refresh_token);

package/dist/index.d.cts

@@ -172,13 +172,11 @@ declare class ApiKeyStorage {
 interface MCPClientConfig extends Partial<OAuthConfig> {
     mcpEndpoint?: string;
     autoRefresh?: boolean;
-    apiKey?: string;
 }
 declare class MCPClient {
     private tokenStorage;
     private authFlow;
     private config;
-    private authMode;
     private ws;
     private eventSource;
     private accessToken;

package/dist/index.d.ts

@@ -172,13 +172,11 @@ declare class ApiKeyStorage {
 interface MCPClientConfig extends Partial<OAuthConfig> {
     mcpEndpoint?: string;
     autoRefresh?: boolean;
-    apiKey?: string;
 }
 declare class MCPClient {
     private tokenStorage;
     private authFlow;
     private config;
-    private authMode;
     private ws;
     private eventSource;
     private accessToken;

package/dist/{index.js → index.mjs}

@@ -406,9 +406,6 @@ var TokenStorage = class {
     }
   }
   isTokenExpired(tokens) {
-    if (tokens.token_type === "api-key" || tokens.expires_in === 0) {
-      return false;
-    }
     if (!tokens.expires_in) return false;
     if (!tokens.issued_at) {
       console.warn("Token missing issued_at timestamp, treating as expired");
@@ -1040,66 +1037,9 @@ var ApiKeyStorage = class {
   }
 };
 
-// src/flows/apikey-flow.ts
-var APIKeyFlow = class extends BaseOAuthFlow {
-  constructor(apiKey, authBaseUrl = "https://mcp.lanonasis.com") {
-    super({
-      clientId: "api-key-client",
-      authBaseUrl
-    });
-    this.apiKey = apiKey;
-  }
-  /**
-   * "Authenticate" by returning the API key as a virtual token
-   * The API key will be used directly in request headers
-   */
-  async authenticate() {
-    if (!this.apiKey || !this.apiKey.startsWith("lano_") && !this.apiKey.startsWith("vx_")) {
-      throw new Error(
-        'Invalid API key format. Must start with "lano_" or "vx_". Please regenerate your API key from the dashboard.'
-      );
-    }
-    if (this.apiKey.startsWith("vx_")) {
-      console.warn(
-        '\u26A0\uFE0F  DEPRECATION WARNING: API keys with "vx_" prefix are deprecated and will stop working soon. Please regenerate your API key from the dashboard to get a "lano_" prefixed key. Support for "vx_" keys will be removed in a future version.'
-      );
-    }
-    return {
-      access_token: this.apiKey,
-      token_type: "api-key",
-      expires_in: 0,
-      // API keys don't expire
-      issued_at: Date.now()
-    };
-  }
-  /**
-   * API keys don't need refresh
-   */
-  async refreshToken(refreshToken) {
-    throw new Error("API keys do not support token refresh");
-  }
-  /**
-   * Optional: Validate API key by making a test request
-   */
-  async validateAPIKey() {
-    try {
-      const response = await fetch(`${this.config.authBaseUrl}/api/v1/health`, {
-        headers: {
-          "x-api-key": this.apiKey
-        }
-      });
-      return response.ok;
-    } catch (error) {
-      console.error("API key validation failed:", error);
-      return false;
-    }
-  }
-};
-
 // src/client/mcp-client.ts
 var MCPClient = class {
   constructor(config = {}) {
-    // ← NEW: Track auth mode
     this.ws = null;
     this.eventSource = null;
     this.accessToken = null;
@@ -1110,45 +1050,30 @@ var MCPClient = class {
       ...config
     };
     this.tokenStorage = new TokenStorage();
-    this.authMode = config.apiKey ? "apikey" : "oauth";
-    if (this.authMode === "apikey") {
-      this.authFlow = new APIKeyFlow(
-        config.apiKey,
-        config.authBaseUrl || "https://mcp.lanonasis.com"
-      );
+    if (this.isTerminal()) {
+      this.authFlow = new TerminalOAuthFlow(config);
     } else {
-      if (this.isTerminal()) {
-        this.authFlow = new TerminalOAuthFlow(config);
-      } else {
-        this.authFlow = new DesktopOAuthFlow(config);
-      }
+      this.authFlow = new DesktopOAuthFlow(config);
     }
   }
   async connect() {
     try {
       let tokens = await this.tokenStorage.retrieve();
-      if (this.authMode === "apikey") {
-        if (!tokens) {
-          tokens = await this.authenticate();
-        }
-        this.accessToken = tokens.access_token;
-      } else {
-        if (!tokens || this.tokenStorage.isTokenExpired(tokens)) {
-          if (tokens?.refresh_token) {
-            try {
-              tokens = await this.authFlow.refreshToken(tokens.refresh_token);
-              await this.tokenStorage.store(tokens);
-            } catch (error) {
-              tokens = await this.authenticate();
-            }
-          } else {
+      if (!tokens || this.tokenStorage.isTokenExpired(tokens)) {
+        if (tokens?.refresh_token) {
+          try {
+            tokens = await this.authFlow.refreshToken(tokens.refresh_token);
+            await this.tokenStorage.store(tokens);
+          } catch (error) {
             tokens = await this.authenticate();
           }
+        } else {
+          tokens = await this.authenticate();
         }
-        this.accessToken = tokens.access_token;
-        if (this.config.autoRefresh && tokens.expires_in) {
-          this.scheduleTokenRefresh(tokens);
-        }
+      }
+      this.accessToken = tokens.access_token;
+      if (this.config.autoRefresh && tokens.expires_in) {
+        this.scheduleTokenRefresh(tokens);
       }
       await this.establishConnection();
     } catch (error) {
@@ -1168,10 +1093,6 @@ var MCPClient = class {
     if (!tokens) {
       throw new Error("Not authenticated");
     }
-    if (this.authMode === "apikey") {
-      this.accessToken = tokens.access_token;
-      return;
-    }
     if (this.tokenStorage.isTokenExpired(tokens)) {
       if (tokens.refresh_token) {
         try {
@@ -1228,19 +1149,11 @@ var MCPClient = class {
       this.ws = new WebSocket(wsUrl.toString());
     } else {
       const { default: WS } = await import("ws");
-      if (this.authMode === "apikey") {
-        this.ws = new WS(wsUrl.toString(), {
-          headers: {
-            "x-api-key": this.accessToken
-          }
-        });
-      } else {
-        this.ws = new WS(wsUrl.toString(), {
-          headers: {
-            "Authorization": `Bearer ${this.accessToken}`
-          }
-        });
-      }
+      this.ws = new WS(wsUrl.toString(), {
+        headers: {
+          "Authorization": `Bearer ${this.accessToken}`
+        }
+      });
     }
     return new Promise((resolve, reject) => {
       if (!this.ws) {
@@ -1274,19 +1187,11 @@ var MCPClient = class {
     } else {
       const EventSourceModule = await import("eventsource");
       const ES = EventSourceModule.default || EventSourceModule;
-      if (this.authMode === "apikey") {
-        this.eventSource = new ES(sseUrl.toString(), {
-          headers: {
-            "x-api-key": this.accessToken
-          }
-        });
-      } else {
-        this.eventSource = new ES(sseUrl.toString(), {
-          headers: {
-            "Authorization": `Bearer ${this.accessToken}`
-          }
-        });
-      }
+      this.eventSource = new ES(sseUrl.toString(), {
+        headers: {
+          "Authorization": `Bearer ${this.accessToken}`
+        }
+      });
     }
     this.eventSource.onopen = () => {
       console.log("MCP SSE connected");
@@ -1316,17 +1221,12 @@ var MCPClient = class {
     if (!this.accessToken) {
       throw new Error("Not authenticated");
     }
-    const headers = {
-      "Content-Type": "application/json"
-    };
-    if (this.authMode === "apikey") {
-      headers["x-api-key"] = this.accessToken;
-    } else {
-      headers["Authorization"] = `Bearer ${this.accessToken}`;
-    }
     const response = await fetch(`${this.config.mcpEndpoint}/api`, {
       method: "POST",
-      headers,
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`,
+        "Content-Type": "application/json"
+      },
       body: JSON.stringify({
         jsonrpc: "2.0",
         id: this.generateId(),
@@ -1335,9 +1235,6 @@ var MCPClient = class {
       })
     });
     if (response.status === 401) {
-      if (this.authMode === "apikey") {
-        throw new Error("Invalid API key - please check your credentials");
-      }
       const tokens = await this.tokenStorage.retrieve();
       if (tokens?.refresh_token) {
         const newTokens = await this.authFlow.refreshToken(tokens.refresh_token);

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@lanonasis/oauth-client",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "type": "module",
-  "description": "OAuth and API Key authentication client for Lan Onasis MCP integration",
+  "description": "OAuth client for Lan Onasis MCP integration",
   "license": "MIT",
   "author": "Lan Onasis",
-  "main": "./dist/index.js",
+  "main": "./dist/index.cjs",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
   "files": [
@@ -15,7 +15,7 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/lanonasis/v-secure.git",
+    "url": "https://github.com/lanonasis/v-secure.git",
     "directory": "oauth-client"
   },
   "bugs": {
@@ -26,12 +26,12 @@
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
-      "require": "./dist/index.js"
+      "require": "./dist/index.cjs"
     }
   },
   "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean --external electron --external ws --external eventsource",
-    "dev": "tsup src/index.ts --format cjs,esm --dts --watch --external electron --external ws --external eventsource",
+    "build": "tsup --config tsup.config.ts",
+    "dev": "tsup --watch --config tsup.config.ts",
     "test": "bun test",
     "lint": "eslint src"
   },
@@ -62,6 +62,7 @@
     "@supabase/supabase-js": "^2.0.0"
   },
   "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
     "access": "public"
   }
 }