@lifeaitools/clauth 1.5.29 → 1.5.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +9 -10
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -2944,17 +2944,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
2944
2944
|
return res.end(JSON.stringify({ error: "not_found" }));
|
|
2945
2945
|
}
|
|
2946
2946
|
|
|
2947
|
-
// ── Dynamic Client Registration
|
|
2948
|
-
// claude.ai's OAuth authorization_code flow is bugged (token issued, never used).
|
|
2949
|
-
// If /register returns 201, claude.ai starts OAuth and fails.
|
|
2950
|
-
// If /register returns 404, claude.ai falls back to authless (which works).
|
|
2947
|
+
// ── Dynamic Client Registration (RFC 7591) ──────────────
|
|
2951
2948
|
if (method === "POST" && reqPath === "/register") {
|
|
2952
|
-
res.writeHead(404, { "Content-Type": "application/json", ...CORS });
|
|
2953
|
-
return res.end(JSON.stringify({ error: "not_found" }));
|
|
2954
|
-
}
|
|
2955
|
-
|
|
2956
|
-
// ── Dynamic Client Registration (kept for future use) ──────────────
|
|
2957
|
-
if (false && method === "POST" && reqPath === "/register") {
|
|
2958
2949
|
let body;
|
|
2959
2950
|
try { body = await readBody(req); } catch {
|
|
2960
2951
|
res.writeHead(400, { "Content-Type": "application/json", ...CORS });
|
|
@@ -3022,13 +3013,18 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3022
3013
|
return res.end(JSON.stringify({ error: "invalid_request" }));
|
|
3023
3014
|
}
|
|
3024
3015
|
|
|
3016
|
+
const tokenLog = (msg) => { try { fs.appendFileSync(LOG_FILE, `[${new Date().toISOString()}] OAuth /token: ${msg}\n`); } catch {} };
|
|
3017
|
+
tokenLog(`grant_type=${body.grant_type} code=${(body.code||"").slice(0,8)}… verifier=${body.code_verifier ? "present" : "missing"}`);
|
|
3018
|
+
|
|
3025
3019
|
if (body.grant_type !== "authorization_code") {
|
|
3020
|
+
tokenLog(`REJECT: unsupported_grant_type (${body.grant_type})`);
|
|
3026
3021
|
res.writeHead(400, { "Content-Type": "application/json", ...CORS });
|
|
3027
3022
|
return res.end(JSON.stringify({ error: "unsupported_grant_type" }));
|
|
3028
3023
|
}
|
|
3029
3024
|
|
|
3030
3025
|
const stored = oauthCodes.get(body.code);
|
|
3031
3026
|
if (!stored || stored.expires < Date.now()) {
|
|
3027
|
+
tokenLog(`REJECT: invalid_grant (stored=${!!stored}, expired=${stored ? stored.expires < Date.now() : "n/a"}, codes_size=${oauthCodes.size})`);
|
|
3032
3028
|
oauthCodes.delete(body.code);
|
|
3033
3029
|
res.writeHead(400, { "Content-Type": "application/json", ...CORS });
|
|
3034
3030
|
return res.end(JSON.stringify({ error: "invalid_grant" }));
|
|
@@ -3037,11 +3033,14 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3037
3033
|
// PKCE verification
|
|
3038
3034
|
if (stored.code_challenge && body.code_verifier) {
|
|
3039
3035
|
const computed = sha256base64url(body.code_verifier);
|
|
3036
|
+
tokenLog(`PKCE: challenge=${stored.code_challenge.slice(0,12)}… computed=${computed.slice(0,12)}… match=${computed === stored.code_challenge}`);
|
|
3040
3037
|
if (computed !== stored.code_challenge) {
|
|
3041
3038
|
oauthCodes.delete(body.code);
|
|
3042
3039
|
res.writeHead(400, { "Content-Type": "application/json", ...CORS });
|
|
3043
3040
|
return res.end(JSON.stringify({ error: "invalid_grant", error_description: "PKCE failed" }));
|
|
3044
3041
|
}
|
|
3042
|
+
} else {
|
|
3043
|
+
tokenLog(`PKCE: skipped (challenge=${!!stored.code_challenge}, verifier=${!!body.code_verifier})`);
|
|
3045
3044
|
}
|
|
3046
3045
|
|
|
3047
3046
|
oauthCodes.delete(body.code);
|