@lifeaitools/clauth 1.5.17 → 1.5.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli/commands/serve.js +28 -6
  2. package/package.json +1 -1
package/cli/commands/serve.js CHANGED
@@ -2878,11 +2878,33 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2878
2878
  return res.end();
2879
2879
  }
2880
2880
 
2881
- // ── OAuth Discovery disabled (causes claude.ai OAuth loop) ──────────────
2882
- if (reqPath.startsWith("/.well-known/oauth-protected-resource") ||
2883
- reqPath === "/.well-known/oauth-authorization-server") {
2884
- res.writeHead(404, { "Content-Type": "application/json", ...CORS });
2885
- return res.end(JSON.stringify({ error: "not_found" }));
2881
+ // ── OAuth Discovery (RFC 9728 + RFC 8414) ──────────────
2882
+ // claude.ai probes these for ALL remote MCP connections.
2883
+ // resource MUST match the connector URL configured in claude.ai (/sse).
2884
+ if (reqPath.startsWith("/.well-known/oauth-protected-resource")) {
2885
+ const base = oauthBase();
2886
+ res.writeHead(200, { "Content-Type": "application/json", ...CORS });
2887
+ return res.end(JSON.stringify({
2888
+ resource: `${base}/sse`,
2889
+ authorization_servers: [base],
2890
+ scopes_supported: ["mcp:tools"],
2891
+ bearer_methods_supported: ["header"],
2892
+ }));
2893
+ }
2894
+
2895
+ if (reqPath === "/.well-known/oauth-authorization-server") {
2896
+ const base = oauthBase();
2897
+ res.writeHead(200, { "Content-Type": "application/json", ...CORS });
2898
+ return res.end(JSON.stringify({
2899
+ issuer: base,
2900
+ authorization_endpoint: `${base}/authorize`,
2901
+ token_endpoint: `${base}/token`,
2902
+ registration_endpoint: `${base}/register`,
2903
+ response_types_supported: ["code"],
2904
+ grant_types_supported: ["authorization_code"],
2905
+ code_challenge_methods_supported: ["S256"],
2906
+ scopes_supported: ["mcp:tools"],
2907
+ }));
2886
2908
  }
2887
2909
 
2888
2910
  // ── Dynamic Client Registration (RFC 7591) ──────────────
@@ -2982,7 +3004,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2982
3004
  oauthTokens.add(accessToken);
2983
3005
  saveTokens(oauthTokens);
2984
3006
 
2985
- const logMsg = `[${new Date().toISOString()}] OAuth: token issued for client ${stored.client_id}\n`;
3007
+ const logMsg = `[${new Date().toISOString()}] OAuth: token issued for client ${stored.client_id} (token=${accessToken.slice(0,8)}…)\n`;
2986
3008
  try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
2987
3009
  res.writeHead(200, { "Content-Type": "application/json", ...CORS });
2988
3010
  return res.end(JSON.stringify({ access_token: accessToken, token_type: "Bearer", expires_in: 86400 }));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "1.5.17",
3
+ "version": "1.5.19",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {