npm - @leanmcp/auth - Versions diffs - 0.4.3 → 0.4.4-alpha.8.f4673cd - Mend

@leanmcp/auth 0.4.3 → 0.4.4-alpha.8.f4673cd

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/LICENSE +21 -21
package/README.md +410 -396
package/dist/{auth0-UTD4QBG6.mjs → auth0-DWCHZ7IN.mjs} +1 -1
package/dist/{chunk-RGCCBQWG.mjs → chunk-MXTUNMHA.mjs} +4 -4
package/dist/{chunk-P4HFKA5R.mjs → chunk-ZJYMG6ZM.mjs} +4 -4
package/dist/{clerk-3SDKGD6C.mjs → clerk-YVTZMRLF.mjs} +1 -1
package/dist/client/index.js +56 -56
package/dist/client/index.mjs +53 -53
package/dist/{cognito-QQT7LK2Y.mjs → cognito-XKPEG6UH.mjs} +1 -1
package/dist/index.js +8 -8
package/dist/index.mjs +1 -1
package/dist/{leanmcp-Y7TXNSTD.mjs → leanmcp-73RUGZ2B.mjs} +9 -9
package/dist/proxy/index.js +36 -36
package/dist/proxy/index.mjs +36 -36
package/dist/server/index.js +69 -69
package/dist/server/index.mjs +69 -69
package/dist/storage/index.js +24 -24
package/dist/storage/index.mjs +21 -21
package/package.json +121 -121

package/dist/server/index.mjs CHANGED Viewed

@@ -114,11 +114,11 @@ var DynamicClientRegistration = class {
     };
   }
   /**
-   * Register a new OAuth client (stateless)
-   *
-   * @param request - Client registration request per RFC 7591
-   * @returns Client registration response with JWT credentials
-   */
+  * Register a new OAuth client (stateless)
+  *
+  * @param request - Client registration request per RFC 7591
+  * @returns Client registration response with JWT credentials
+  */
   register(request) {
     const now = Date.now();
     const nowSeconds = Math.floor(now / 1e3);
@@ -160,12 +160,12 @@ var DynamicClientRegistration = class {
     return response;
   }
   /**
-   * Validate client credentials (stateless)
-   *
-   * @param clientId - Client ID (JWT with prefix)
-   * @param clientSecret - Client secret (optional for public clients)
-   * @returns Whether credentials are valid
-   */
+  * Validate client credentials (stateless)
+  *
+  * @param clientId - Client ID (JWT with prefix)
+  * @param clientSecret - Client secret (optional for public clients)
+  * @returns Whether credentials are valid
+  */
   validate(clientId, clientSecret) {
     try {
       const jwtWithoutPrefix = this.extractJWT(clientId);
@@ -182,8 +182,8 @@ var DynamicClientRegistration = class {
     }
   }
   /**
-   * Get a registered client by ID (stateless)
-   */
+  * Get a registered client by ID (stateless)
+  */
   getClient(clientId) {
     try {
       const jwtWithoutPrefix = this.extractJWT(clientId);
@@ -205,8 +205,8 @@ var DynamicClientRegistration = class {
     }
   }
   /**
-   * Validate redirect URI for a client
-   */
+  * Validate redirect URI for a client
+  */
   validateRedirectUri(clientId, redirectUri) {
     const client = this.getClient(clientId);
     if (!client) return false;
@@ -214,29 +214,29 @@ var DynamicClientRegistration = class {
     return client.redirect_uris.includes(redirectUri);
   }
   /**
-   * Delete a client (no-op in stateless mode)
-   *
-   * In stateless mode, clients cannot be truly "deleted" because
-   * their credentials are self-contained. They will expire naturally
-   * or when the signing secret is rotated.
-   */
+  * Delete a client (no-op in stateless mode)
+  *
+  * In stateless mode, clients cannot be truly "deleted" because
+  * their credentials are self-contained. They will expire naturally
+  * or when the signing secret is rotated.
+  */
   delete(clientId) {
     return this.getClient(clientId) !== void 0;
   }
   /**
-   * List all registered clients (not supported in stateless mode)
-   */
+  * List all registered clients (not supported in stateless mode)
+  */
   listClients() {
     throw new Error("listClients() is not supported in stateless DCR mode");
   }
   /**
-   * Clear all clients (no-op in stateless mode)
-   */
+  * Clear all clients (no-op in stateless mode)
+  */
   clearAll() {
   }
   /**
-   * Extract JWT from prefixed client_id
-   */
+  * Extract JWT from prefixed client_id
+  */
   extractJWT(clientId) {
     if (!clientId.startsWith(this.options.clientIdPrefix)) {
       return null;
@@ -244,11 +244,11 @@ var DynamicClientRegistration = class {
     return clientId.slice(this.options.clientIdPrefix.length);
   }
   /**
-   * Derive client secret from client_id JWT
-   *
-   * Uses HMAC to create a deterministic secret that can be
-   * validated without storage.
-   */
+  * Derive client secret from client_id JWT
+  *
+  * Uses HMAC to create a deterministic secret that can be
+  * validated without storage.
+  */
   deriveClientSecret(clientIdJWT) {
     const { createHmac: createHmac3 } = __require("crypto");
     return createHmac3("sha256", this.options.signingSecret).update(clientIdJWT).digest("hex");
@@ -297,16 +297,16 @@ var OAuthAuthorizationServer = class {
     });
   }
   /**
-   * Generate state parameter with HMAC signature
-   */
+  * Generate state parameter with HMAC signature
+  */
   generateState() {
     const nonce = randomUUID2();
     const signature = createHmac2("sha256", this.options.sessionSecret).update(nonce).digest("hex").substring(0, 8);
     return `${nonce}.${signature}`;
   }
   /**
-   * Verify state parameter signature
-   */
+  * Verify state parameter signature
+  */
   verifyState(state) {
     const [nonce, signature] = state.split(".");
     if (!nonce || !signature) return false;
@@ -314,14 +314,14 @@ var OAuthAuthorizationServer = class {
     return signature === expectedSignature;
   }
   /**
-   * Generate an authorization code
-   */
+  * Generate an authorization code
+  */
   generateAuthCode() {
     return randomBytes2(32).toString("hex");
   }
   /**
-   * Generate JWT access token with encrypted upstream credentials
-   */
+  * Generate JWT access token with encrypted upstream credentials
+  */
   generateAccessToken(claims, upstreamToken) {
     const now = Math.floor(Date.now() / 1e3);
     const jwtSigningSecret = this.options.jwtSigningSecret || this.options.sessionSecret;
@@ -348,8 +348,8 @@ var OAuthAuthorizationServer = class {
     return signJWT(payload, jwtSigningSecret);
   }
   /**
-   * Get authorization server metadata (RFC 8414)
-   */
+  * Get authorization server metadata (RFC 8414)
+  */
   getMetadata() {
     const issuer = this.options.issuer;
     return {
@@ -376,8 +376,8 @@ var OAuthAuthorizationServer = class {
     };
   }
   /**
-   * Get Express router with all OAuth endpoints
-   */
+  * Get Express router with all OAuth endpoints
+  */
   getRouter() {
     const router = express.Router();
     router.get("/.well-known/oauth-authorization-server", (_req, res) => {
@@ -410,8 +410,8 @@ var OAuthAuthorizationServer = class {
     return router;
   }
   /**
-   * Handle authorization request
-   */
+  * Handle authorization request
+  */
   handleAuthorize(req, res) {
     const { response_type, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, resource } = req.query;
     if (response_type !== "code") {
@@ -480,8 +480,8 @@ var OAuthAuthorizationServer = class {
     res.redirect(authUrl.toString());
   }
   /**
-   * Handle callback from upstream provider
-   */
+  * Handle callback from upstream provider
+  */
   async handleCallback(req, res) {
     const { code, state, error, error_description } = req.query;
     if (error) {
@@ -533,7 +533,7 @@ var OAuthAuthorizationServer = class {
       const tokenResponse = await fetch(upstream.tokenEndpoint, {
         method: "POST",
         headers: {
-          "Accept": "application/json",
+          Accept: "application/json",
           "Content-Type": "application/x-www-form-urlencoded"
         },
         body: new URLSearchParams({
@@ -553,8 +553,8 @@ var OAuthAuthorizationServer = class {
       if (upstream.userInfoEndpoint && upstreamTokens.access_token) {
         const userInfoResponse = await fetch(upstream.userInfoEndpoint, {
           headers: {
-            "Authorization": `Bearer ${upstreamTokens.access_token}`,
-            "Accept": "application/json"
+            Authorization: `Bearer ${upstreamTokens.access_token}`,
+            Accept: "application/json"
           }
         });
         if (userInfoResponse.ok) {
@@ -591,8 +591,8 @@ var OAuthAuthorizationServer = class {
     }
   }
   /**
-   * Handle token request
-   */
+  * Handle token request
+  */
   async handleToken(req, res) {
     const { grant_type, code, redirect_uri, client_id, client_secret, code_verifier } = req.body;
     let clientId = client_id;
@@ -638,8 +638,8 @@ var OAuthAuthorizationServer = class {
     }
   }
   /**
-   * Handle authorization code grant
-   */
+  * Handle authorization code grant
+  */
   async handleAuthCodeGrant(res, clientId, code, redirectUri, codeVerifier) {
     if (!code) {
       res.status(400).json({
@@ -742,11 +742,11 @@ var TokenVerifier = class {
     };
   }
   /**
-   * Verify a JWT access token
-   *
-   * @param token - The JWT access token to verify
-   * @returns Verification result with claims and decrypted upstream token if valid
-   */
+  * Verify a JWT access token
+  *
+  * @param token - The JWT access token to verify
+  * @returns Verification result with claims and decrypted upstream token if valid
+  */
   async verify(token) {
     if (!token) {
       return {
@@ -809,13 +809,13 @@ var TokenVerifier = class {
     }
   }
   /**
-   * Generate WWW-Authenticate header for 401 responses
-   *
-   * Per RFC 9728, this should include the resource_metadata URL
-   *
-   * @param options - Header options
-   * @returns WWW-Authenticate header value
-   */
+  * Generate WWW-Authenticate header for 401 responses
+  *
+  * Per RFC 9728, this should include the resource_metadata URL
+  *
+  * @param options - Header options
+  * @returns WWW-Authenticate header value
+  */
   static getWWWAuthenticateHeader(options) {
     const parts = [
       `Bearer resource_metadata="${options.resourceMetadataUrl}"`
@@ -832,8 +832,8 @@ var TokenVerifier = class {
     return parts.join(", ");
   }
   /**
-   * Check if token has required scopes
-   */
+  * Check if token has required scopes
+  */
   hasScopes(claims, requiredScopes) {
     if (requiredScopes.length === 0) return true;
     const tokenScopes = typeof claims.scope === "string" ? claims.scope.split(" ") : claims.scope || [];

package/dist/storage/index.js CHANGED Viewed

@@ -59,14 +59,14 @@ var MemoryStorage = class {
   tokens = /* @__PURE__ */ new Map();
   clients = /* @__PURE__ */ new Map();
   /**
-   * Normalize server URL for consistent key lookup
-   */
+  * Normalize server URL for consistent key lookup
+  */
   normalizeUrl(serverUrl) {
     return serverUrl.replace(/\/+$/, "").toLowerCase();
   }
   /**
-   * Check if an entry is expired
-   */
+  * Check if an entry is expired
+  */
   isExpired(entry) {
     if (!entry) return true;
     if (!entry.expiresAt) return false;
@@ -162,8 +162,8 @@ var FileStorage = class {
     }
   }
   /**
-   * Expand ~ to home directory
-   */
+  * Expand ~ to home directory
+  */
   expandPath(filePath) {
     if (filePath.startsWith("~")) {
       const home = process.env.HOME || process.env.USERPROFILE || "";
@@ -172,14 +172,14 @@ var FileStorage = class {
     return filePath;
   }
   /**
-   * Normalize server URL for consistent key lookup
-   */
+  * Normalize server URL for consistent key lookup
+  */
   normalizeUrl(serverUrl) {
     return serverUrl.replace(/\/+$/, "").toLowerCase();
   }
   /**
-   * Encrypt data
-   */
+  * Encrypt data
+  */
   encrypt(data) {
     if (!this.encryptionKey) return data;
     const iv = (0, import_crypto.randomBytes)(16);
@@ -190,8 +190,8 @@ var FileStorage = class {
     return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
   }
   /**
-   * Decrypt data
-   */
+  * Decrypt data
+  */
   decrypt(data) {
     if (!this.encryptionKey) return data;
     const [ivHex, authTagHex, encrypted] = data.split(":");
@@ -204,8 +204,8 @@ var FileStorage = class {
     return decrypted;
   }
   /**
-   * Read data from file
-   */
+  * Read data from file
+  */
   async readFile() {
     if (this.cache) return this.cache;
     try {
@@ -225,8 +225,8 @@ var FileStorage = class {
     }
   }
   /**
-   * Write data to file (coalesced to avoid race conditions)
-   */
+  * Write data to file (coalesced to avoid race conditions)
+  */
   async writeFile(data) {
     this.cache = data;
     if (this.writePromise) {
@@ -361,8 +361,8 @@ var KeychainStorage = class {
     this.serviceName = options.serviceName ?? SERVICE_NAME;
   }
   /**
-   * Initialize keytar (lazy load)
-   */
+  * Initialize keytar (lazy load)
+  */
   async init() {
     if (this.keytar) return;
     if (this.initPromise) {
@@ -379,20 +379,20 @@ var KeychainStorage = class {
     await this.initPromise;
   }
   /**
-   * Normalize server URL for consistent key lookup
-   */
+  * Normalize server URL for consistent key lookup
+  */
   normalizeUrl(serverUrl) {
     return serverUrl.replace(/\/+$/, "").toLowerCase();
   }
   /**
-   * Get account key for tokens
-   */
+  * Get account key for tokens
+  */
   getTokensAccount(serverUrl) {
     return `tokens:${this.normalizeUrl(serverUrl)}`;
   }
   /**
-   * Get account key for client info
-   */
+  * Get account key for client info
+  */
   getClientAccount(serverUrl) {
     return `client:${this.normalizeUrl(serverUrl)}`;
   }

package/dist/storage/index.mjs CHANGED Viewed

@@ -2,7 +2,7 @@ import {
   MemoryStorage,
   isTokenExpired,
   withExpiresAt
-} from "../chunk-RGCCBQWG.mjs";
+} from "../chunk-MXTUNMHA.mjs";
 import {
   __name,
   __require
@@ -36,8 +36,8 @@ var FileStorage = class {
     }
   }
   /**
-   * Expand ~ to home directory
-   */
+  * Expand ~ to home directory
+  */
   expandPath(filePath) {
     if (filePath.startsWith("~")) {
       const home = process.env.HOME || process.env.USERPROFILE || "";
@@ -46,14 +46,14 @@ var FileStorage = class {
     return filePath;
   }
   /**
-   * Normalize server URL for consistent key lookup
-   */
+  * Normalize server URL for consistent key lookup
+  */
   normalizeUrl(serverUrl) {
     return serverUrl.replace(/\/+$/, "").toLowerCase();
   }
   /**
-   * Encrypt data
-   */
+  * Encrypt data
+  */
   encrypt(data) {
     if (!this.encryptionKey) return data;
     const iv = randomBytes(16);
@@ -64,8 +64,8 @@ var FileStorage = class {
     return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
   }
   /**
-   * Decrypt data
-   */
+  * Decrypt data
+  */
   decrypt(data) {
     if (!this.encryptionKey) return data;
     const [ivHex, authTagHex, encrypted] = data.split(":");
@@ -78,8 +78,8 @@ var FileStorage = class {
     return decrypted;
   }
   /**
-   * Read data from file
-   */
+  * Read data from file
+  */
   async readFile() {
     if (this.cache) return this.cache;
     try {
@@ -99,8 +99,8 @@ var FileStorage = class {
     }
   }
   /**
-   * Write data to file (coalesced to avoid race conditions)
-   */
+  * Write data to file (coalesced to avoid race conditions)
+  */
   async writeFile(data) {
     this.cache = data;
     if (this.writePromise) {
@@ -235,8 +235,8 @@ var KeychainStorage = class {
     this.serviceName = options.serviceName ?? SERVICE_NAME;
   }
   /**
-   * Initialize keytar (lazy load)
-   */
+  * Initialize keytar (lazy load)
+  */
   async init() {
     if (this.keytar) return;
     if (this.initPromise) {
@@ -253,20 +253,20 @@ var KeychainStorage = class {
     await this.initPromise;
   }
   /**
-   * Normalize server URL for consistent key lookup
-   */
+  * Normalize server URL for consistent key lookup
+  */
   normalizeUrl(serverUrl) {
     return serverUrl.replace(/\/+$/, "").toLowerCase();
   }
   /**
-   * Get account key for tokens
-   */
+  * Get account key for tokens
+  */
   getTokensAccount(serverUrl) {
     return `tokens:${this.normalizeUrl(serverUrl)}`;
   }
   /**
-   * Get account key for client info
-   */
+  * Get account key for client info
+  */
   getClientAccount(serverUrl) {
     return `client:${this.normalizeUrl(serverUrl)}`;
   }