@mcp-abap-adt/auth-broker 0.1.5 → 0.1.7

package/dist/AuthBroker.d.ts

@@ -1,8 +1,9 @@
 /**
  * Main AuthBroker class for managing JWT tokens based on destinations
  */
-import { Logger } from './logger';
-import { IServiceKeyStore, ISessionStore } from './stores/interfaces';
+import { Logger } from '@mcp-abap-adt/logger';
+import { IServiceKeyStore, ISessionStore, IAuthorizationConfig, IConnectionConfig } from './stores/interfaces';
+import { ITokenProvider } from './providers';
 /**
  * AuthBroker manages JWT authentication tokens for destinations
  */
@@ -11,26 +12,55 @@ export declare class AuthBroker {
     private logger;
     private serviceKeyStore;
     private sessionStore;
+    private tokenProvider;
     /**
      * Create a new AuthBroker instance
-     * @param stores Object with custom stores. If not provided, creates default file-based stores.
-     *               - serviceKeyStore: Store for service keys (default: FileServiceKeyStore)
-     *               - sessionStore: Store for session data (default: FileSessionStore)
+     * @param stores Object with stores and token provider
+     *               - serviceKeyStore: Store for service keys
+     *               - sessionStore: Store for session data
+     *               - tokenProvider: Token provider implementing ITokenProvider interface
      * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
      *                Default: 'system' (system default browser).
      *                Use 'none' to print URL instead of opening browser.
      * @param logger Optional logger instance. If not provided, uses default logger.
      */
-    constructor(stores?: {
-        serviceKeyStore?: IServiceKeyStore;
-        sessionStore?: ISessionStore;
+    constructor(stores: {
+        serviceKeyStore: IServiceKeyStore;
+        sessionStore: ISessionStore;
+        tokenProvider: ITokenProvider;
     }, browser?: string, logger?: Logger);
     /**
      * Get authentication token for destination.
-     * Tries to load from session store, validates it, and refreshes if needed.
+     * Tries to load from session store, validates it, and refreshes if needed using a fallback chain.
+     *
+     * **Fallback Chain:**
+     * 1. **Check session**: Load token from session store and validate it
+     *    - If token is valid, return it immediately
+     *    - If token is invalid or missing, continue to next step
+     *
+     * 2. **Check service key**: Verify that service key exists
+     *    - If no service key found, throw error
+     *
+     * 3. **Try refresh token**: If refresh token is available in session, attempt to refresh using it (via tokenProvider)
+     *    - If successful, save new token to session and return it
+     *    - If failed, continue to next step
+     *
+     * 4. **Try UAA (client_credentials)**: Attempt to get token using UAA credentials (via tokenProvider)
+     *    - If UAA parameters are available and authentication succeeds, save token to session and return it
+     *    - If failed or parameters missing, continue to next step
+     *
+     * 5. **Try browser authentication**: Attempt browser-based OAuth2 flow using service key (via tokenProvider)
+     *    - If successful, save token and refresh token to session and return it
+     *    - If failed, continue to next step
+     *
+     * 6. **Throw error**: If all authentication methods failed, throw comprehensive error with details
+     *
+     * **Note**: Token validation is performed only when checking existing session (step 1).
+     * Tokens obtained through refresh/UAA/browser authentication are not validated before being saved.
+     *
      * @param destination Destination name (e.g., "TRIAL")
      * @returns Promise that resolves to JWT token string
-     * @throws Error if neither session data nor service key found
+     * @throws Error if neither session data nor service key found, or if all authentication methods failed
      */
     getToken(destination: string): Promise<string>;
     /**
@@ -41,30 +71,16 @@ export declare class AuthBroker {
      */
     refreshToken(destination: string): Promise<string>;
     /**
-     * Internal refresh token implementation
-     * @private
-     */
-    private refreshTokenInternal;
-    /**
-     * Get SAP URL for destination.
-     * Tries to load from session store first, then from service key store.
+     * Get authorization configuration for destination
      * @param destination Destination name (e.g., "TRIAL")
-     * @returns Promise that resolves to SAP URL string, or undefined if not found
-     */
-    getSapUrl(destination: string): Promise<string | undefined>;
-    /**
-     * Clear cached token for specific destination
-     * @param destination Destination name
+     * @returns Promise that resolves to IAuthorizationConfig or null if not found
      */
-    clearCache(destination: string): void;
+    getAuthorizationConfig(destination: string): Promise<IAuthorizationConfig | null>;
     /**
-     * Clear all cached tokens
-     */
-    clearAllCache(): void;
-    /**
-     * Get search paths for error messages (from file stores if available)
-     * @private
+     * Get connection configuration for destination
+     * @param destination Destination name (e.g., "TRIAL")
+     * @returns Promise that resolves to IConnectionConfig or null if not found
      */
-    private getSearchPathsForError;
+    getConnectionConfig(destination: string): Promise<IConnectionConfig | null>;
 }
 //# sourceMappingURL=AuthBroker.d.ts.map

package/dist/AuthBroker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH,OAAO,EAAE,MAAM,EAAiB,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGtE;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,eAAe,CAAmB;IAC1C,OAAO,CAAC,YAAY,CAAgB;IAEpC;;;;;;;;;OASG;gBAED,MAAM,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,gBAAgB,CAAC;QAAC,YAAY,CAAC,EAAE,aAAa,CAAA;KAAE,EAC7E,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM;IAQjB;;;;;;OAMG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiDpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoBxD;;;OAGG;YACW,oBAAoB;IAuDlC;;;;;OAKG;IACG,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAiBjE;;;OAGG;IACH,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAIrC;;OAEG;IACH,aAAa,IAAI,IAAI;IAIrB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;CAW/B"}
+{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAiB,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,eAAe,CAAmB;IAC1C,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IAEtC;;;;;;;;;;OAUG;gBAED,MAAM,EAAE;QAAE,eAAe,EAAE,gBAAgB,CAAC;QAAC,YAAY,EAAE,aAAa,CAAC;QAAC,aAAa,EAAE,cAAc,CAAA;KAAE,EACzG,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM;IASjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmIpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuCxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAWvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CAWlF"}

package/dist/AuthBroker.js

@@ -4,12 +4,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthBroker = void 0;
-const tokenValidator_1 = require("./tokenValidator");
-const tokenRefresher_1 = require("./tokenRefresher");
-const browserAuth_1 = require("./browserAuth");
-const cache_1 = require("./cache");
-const logger_1 = require("./logger");
-const stores_1 = require("./stores");
+const logger_1 = require("@mcp-abap-adt/logger");
 /**
  * AuthBroker manages JWT authentication tokens for destinations
  */
@@ -18,71 +13,172 @@ class AuthBroker {
     logger;
     serviceKeyStore;
     sessionStore;
+    tokenProvider;
     /**
      * Create a new AuthBroker instance
-     * @param stores Object with custom stores. If not provided, creates default file-based stores.
-     *               - serviceKeyStore: Store for service keys (default: FileServiceKeyStore)
-     *               - sessionStore: Store for session data (default: FileSessionStore)
+     * @param stores Object with stores and token provider
+     *               - serviceKeyStore: Store for service keys
+     *               - sessionStore: Store for session data
+     *               - tokenProvider: Token provider implementing ITokenProvider interface
      * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
      *                Default: 'system' (system default browser).
      *                Use 'none' to print URL instead of opening browser.
      * @param logger Optional logger instance. If not provided, uses default logger.
      */
     constructor(stores, browser, logger) {
-        this.serviceKeyStore = stores?.serviceKeyStore || new stores_1.FileServiceKeyStore();
-        this.sessionStore = stores?.sessionStore || new stores_1.FileSessionStore();
+        this.serviceKeyStore = stores.serviceKeyStore;
+        this.sessionStore = stores.sessionStore;
+        this.tokenProvider = stores.tokenProvider;
         this.browser = browser || 'system';
         this.logger = logger || logger_1.defaultLogger;
     }
     /**
      * Get authentication token for destination.
-     * Tries to load from session store, validates it, and refreshes if needed.
+     * Tries to load from session store, validates it, and refreshes if needed using a fallback chain.
+     *
+     * **Fallback Chain:**
+     * 1. **Check session**: Load token from session store and validate it
+     *    - If token is valid, return it immediately
+     *    - If token is invalid or missing, continue to next step
+     *
+     * 2. **Check service key**: Verify that service key exists
+     *    - If no service key found, throw error
+     *
+     * 3. **Try refresh token**: If refresh token is available in session, attempt to refresh using it (via tokenProvider)
+     *    - If successful, save new token to session and return it
+     *    - If failed, continue to next step
+     *
+     * 4. **Try UAA (client_credentials)**: Attempt to get token using UAA credentials (via tokenProvider)
+     *    - If UAA parameters are available and authentication succeeds, save token to session and return it
+     *    - If failed or parameters missing, continue to next step
+     *
+     * 5. **Try browser authentication**: Attempt browser-based OAuth2 flow using service key (via tokenProvider)
+     *    - If successful, save token and refresh token to session and return it
+     *    - If failed, continue to next step
+     *
+     * 6. **Throw error**: If all authentication methods failed, throw comprehensive error with details
+     *
+     * **Note**: Token validation is performed only when checking existing session (step 1).
+     * Tokens obtained through refresh/UAA/browser authentication are not validated before being saved.
+     *
      * @param destination Destination name (e.g., "TRIAL")
      * @returns Promise that resolves to JWT token string
-     * @throws Error if neither session data nor service key found
+     * @throws Error if neither session data nor service key found, or if all authentication methods failed
      */
     async getToken(destination) {
-        // Check cache first
-        const cachedToken = (0, cache_1.getCachedToken)(destination);
-        if (cachedToken) {
-            // Validate cached token
-            const envConfig = await this.sessionStore.loadSession(destination);
-            if (envConfig) {
-                const isValid = await (0, tokenValidator_1.validateToken)(cachedToken, envConfig.sapUrl);
+        // Step 1: Check if session exists and token is valid
+        const connConfig = await this.sessionStore.getConnectionConfig(destination);
+        if (connConfig?.authorizationToken) {
+            // Validate token if provider supports validation and we have service URL
+            if (this.tokenProvider.validateToken && connConfig.serviceUrl) {
+                const isValid = await this.tokenProvider.validateToken(connConfig.authorizationToken, connConfig.serviceUrl);
                 if (isValid) {
-                    return cachedToken;
+                    return connConfig.authorizationToken;
                 }
-                // Token expired, remove from cache
             }
-        }
-        // Load from session store
-        const envConfig = await this.sessionStore.loadSession(destination);
-        if (envConfig && envConfig.jwtToken) {
-            // Validate token
-            const isValid = await (0, tokenValidator_1.validateToken)(envConfig.jwtToken, envConfig.sapUrl);
-            if (isValid) {
-                (0, cache_1.setCachedToken)(destination, envConfig.jwtToken);
-                return envConfig.jwtToken;
+            else {
+                // No service URL or provider doesn't support validation - just return token
+                return connConfig.authorizationToken;
             }
         }
-        // Token not found or expired, check if we have service key for browser auth
+        // Step 2: No valid session, check if we have service key
         const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
         if (!serviceKey) {
-            // No service key and no valid token - throw error with helpful message
-            const searchPaths = this.getSearchPathsForError();
-            const searchedPaths = searchPaths.length > 0
-                ? `\nSearched in:\n${searchPaths.map(p => `  - ${p}`).join('\n')}`
-                : '';
+            // No service key and no valid token
             throw new Error(`No authentication found for destination "${destination}". ` +
-                `Neither ${destination}.env file nor ${destination}.json service key found.\n` +
-                `Please create one of:\n` +
-                `  - ${destination}.env (with SAP_JWT_TOKEN)\n` +
-                `  - ${destination}.json (service key)${searchedPaths}`);
+                `No session data and no service key found.`);
+        }
+        // Get authorization config from service key
+        const authConfig = await this.serviceKeyStore.getAuthorizationConfig(destination);
+        if (!authConfig) {
+            throw new Error(`Service key for destination "${destination}" does not contain UAA credentials`);
+        }
+        // Get refresh token from session (if exists)
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        const refreshToken = sessionAuthConfig?.refreshToken || authConfig.refreshToken;
+        let tokenResult;
+        let lastError = null;
+        // Step 3: Try to refresh using refresh token (if available) via tokenProvider
+        if (refreshToken) {
+            try {
+                this.logger.debug(`Attempting to refresh token using refresh token for destination "${destination}"...`);
+                const authConfigWithRefresh = { ...authConfig, refreshToken };
+                tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithRefresh, {
+                    browser: this.browser,
+                    logger: this.logger,
+                });
+                this.logger.debug(`Token refreshed successfully using refresh token for destination "${destination}"`);
+                // Update session with new token
+                await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+                if (tokenResult.refreshToken) {
+                    await this.sessionStore.setAuthorizationConfig(destination, {
+                        ...authConfig,
+                        refreshToken: tokenResult.refreshToken,
+                    });
+                }
+                return tokenResult.connectionConfig.authorizationToken;
+            }
+            catch (error) {
+                lastError = error;
+                this.logger.debug(`Token refresh failed for destination "${destination}": ${error.message}. Trying without refresh token...`);
+                // Continue to next step
+            }
+        }
+        // Step 4: Try UAA (client_credentials) via tokenProvider (without refresh token)
+        // TokenProvider should try client_credentials if refresh token is not provided
+        try {
+            this.logger.debug(`Attempting to get token using UAA (client_credentials) for destination "${destination}"...`);
+            const authConfigWithoutRefresh = { ...authConfig, refreshToken: undefined };
+            tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithoutRefresh, {
+                browser: this.browser,
+                logger: this.logger,
+            });
+            this.logger.debug(`Token obtained successfully using UAA for destination "${destination}"`);
+            // Update session with new token
+            await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+            if (tokenResult.refreshToken) {
+                await this.sessionStore.setAuthorizationConfig(destination, {
+                    ...authConfig,
+                    refreshToken: tokenResult.refreshToken,
+                });
+            }
+            return tokenResult.connectionConfig.authorizationToken;
+        }
+        catch (error) {
+            lastError = error;
+            this.logger.debug(`UAA authentication failed for destination "${destination}": ${error.message}. Trying browser authentication...`);
+            // Continue to next step
+        }
+        // Step 5: Try browser authentication via tokenProvider (should be last resort)
+        // TokenProvider should use browser auth if refresh token and client_credentials don't work
+        try {
+            this.logger.debug(`Starting browser authentication flow for destination "${destination}"...`);
+            const authConfigForBrowser = { ...authConfig, refreshToken: undefined };
+            tokenResult = await this.tokenProvider.getConnectionConfig(authConfigForBrowser, {
+                browser: this.browser,
+                logger: this.logger,
+            });
+            this.logger.debug(`Token obtained successfully using browser authentication for destination "${destination}"`);
+            // Update session with new token
+            await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+            if (tokenResult.refreshToken) {
+                await this.sessionStore.setAuthorizationConfig(destination, {
+                    ...authConfig,
+                    refreshToken: tokenResult.refreshToken,
+                });
+            }
+            return tokenResult.connectionConfig.authorizationToken;
+        }
+        catch (error) {
+            lastError = error;
+            // Step 6: All methods failed - throw error
+            const errorMessage = `All authentication methods failed for destination "${destination}". ` +
+                `Refresh token: ${refreshToken ? 'failed' : 'not available'}. ` +
+                `UAA: ${authConfig.uaaUrl && authConfig.uaaClientId && authConfig.uaaClientSecret ? 'failed' : 'parameters missing'}. ` +
+                `Browser authentication: failed (${error.message})`;
+            this.logger.error(errorMessage);
+            throw new Error(errorMessage);
         }
-        // Try to refresh (will use browser auth if no refresh token)
-        const newToken = await this.refreshTokenInternal(destination, serviceKey, envConfig);
-        (0, cache_1.setCachedToken)(destination, newToken);
-        return newToken;
     }
     /**
      * Force refresh token for destination using service key.
@@ -94,107 +190,59 @@ class AuthBroker {
         // Load service key
         const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
         if (!serviceKey) {
-            const searchPaths = this.getSearchPathsForError();
-            const searchedPaths = searchPaths.length > 0
-                ? `\nSearched in:\n${searchPaths.map(p => `  - ${p}`).join('\n')}`
-                : '';
-            throw new Error(`Service key file not found for destination "${destination}".\n` +
-                `Please create file: ${destination}.json${searchedPaths}`);
+            throw new Error(`Service key not found for destination "${destination}".`);
         }
-        // Load existing session (for refresh token)
-        const envConfig = await this.sessionStore.loadSession(destination);
-        return this.refreshTokenInternal(destination, serviceKey, envConfig);
-    }
-    /**
-     * Internal refresh token implementation
-     * @private
-     */
-    async refreshTokenInternal(destination, serviceKey, envConfig) {
-        // Extract UAA configuration
-        const { url: uaaUrl, clientid: clientId, clientsecret: clientSecret } = serviceKey.uaa;
-        if (!uaaUrl || !clientId || !clientSecret) {
-            throw new Error(`Invalid service key for destination "${destination}". ` +
-                `Missing required UAA fields: url, clientid, clientsecret`);
+        // Get authorization config from service key
+        const authConfig = await this.serviceKeyStore.getAuthorizationConfig(destination);
+        if (!authConfig) {
+            throw new Error(`Service key for destination "${destination}" does not contain UAA credentials`);
         }
-        // Validate SAP URL early (before starting browser auth or refresh)
-        const sapUrl = serviceKey.url || serviceKey.abap?.url || serviceKey.sap_url;
-        if (!sapUrl) {
-            throw new Error(`Service key for destination "${destination}" does not contain SAP URL. ` +
-                `Expected field: url, abap.url, or sap_url`);
-        }
-        // Try to load existing refresh token from session store
-        let refreshTokenValue = envConfig?.refreshToken;
-        let result;
-        // If no refresh token, start browser authentication flow
-        if (!refreshTokenValue) {
-            this.logger.debug(`No refresh token found for destination "${destination}". Starting browser authentication...`);
-            result = await (0, browserAuth_1.startBrowserAuth)(serviceKey, this.browser || 'system', this.logger);
-        }
-        else {
-            // Refresh token using refresh token
-            result = await (0, tokenRefresher_1.refreshJwtToken)(refreshTokenValue, uaaUrl, clientId, clientSecret);
-        }
-        // Save new token to session store
-        await this.sessionStore.saveSession(destination, {
-            sapUrl,
-            jwtToken: result.accessToken,
-            refreshToken: result.refreshToken || refreshTokenValue,
-            uaaUrl,
-            uaaClientId: clientId,
-            uaaClientSecret: clientSecret,
-            sapClient: envConfig?.sapClient,
-            language: envConfig?.language,
+        // Get refresh token from session
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        const authConfigWithRefresh = { ...authConfig, refreshToken: sessionAuthConfig?.refreshToken || authConfig.refreshToken };
+        // Get connection config with token from provider
+        const tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithRefresh, {
+            browser: this.browser,
+            logger: this.logger,
         });
-        // Update cache with new token
-        (0, cache_1.setCachedToken)(destination, result.accessToken);
-        return result.accessToken;
+        // Update session with new token
+        await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+        // Update authorization config with new refresh token if available
+        if (tokenResult.refreshToken) {
+            await this.sessionStore.setAuthorizationConfig(destination, {
+                ...authConfig,
+                refreshToken: tokenResult.refreshToken,
+            });
+        }
+        return tokenResult.connectionConfig.authorizationToken;
     }
     /**
-     * Get SAP URL for destination.
-     * Tries to load from session store first, then from service key store.
+     * Get authorization configuration for destination
      * @param destination Destination name (e.g., "TRIAL")
-     * @returns Promise that resolves to SAP URL string, or undefined if not found
+     * @returns Promise that resolves to IAuthorizationConfig or null if not found
      */
-    async getSapUrl(destination) {
-        // Try to load from session store first
-        const envConfig = await this.sessionStore.loadSession(destination);
-        if (envConfig?.sapUrl) {
-            return envConfig.sapUrl;
+    async getAuthorizationConfig(destination) {
+        // Try session store first (has tokens)
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        if (sessionAuthConfig) {
+            return sessionAuthConfig;
         }
-        // Try service key store
-        const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
-        if (serviceKey) {
-            return serviceKey.url || serviceKey.abap?.url || serviceKey.sap_url;
-        }
-        return undefined;
-    }
-    /**
-     * Clear cached token for specific destination
-     * @param destination Destination name
-     */
-    clearCache(destination) {
-        (0, cache_1.clearCache)(destination);
+        // Fall back to service key store (has UAA credentials)
+        return await this.serviceKeyStore.getAuthorizationConfig(destination);
     }
     /**
-     * Clear all cached tokens
-     */
-    clearAllCache() {
-        (0, cache_1.clearAllCache)();
-    }
-    /**
-     * Get search paths for error messages (from file stores if available)
-     * @private
+     * Get connection configuration for destination
+     * @param destination Destination name (e.g., "TRIAL")
+     * @returns Promise that resolves to IConnectionConfig or null if not found
      */
-    getSearchPathsForError() {
-        // Try to get search paths from file stores
-        if (this.serviceKeyStore instanceof stores_1.FileServiceKeyStore) {
-            return this.serviceKeyStore.getSearchPaths();
-        }
-        if (this.sessionStore instanceof stores_1.FileSessionStore) {
-            return this.sessionStore.getSearchPaths();
+    async getConnectionConfig(destination) {
+        // Try session store first (has tokens and URLs)
+        const sessionConnConfig = await this.sessionStore.getConnectionConfig(destination);
+        if (sessionConnConfig) {
+            return sessionConnConfig;
         }
-        // No file stores, return empty array
-        return [];
+        // Fall back to service key store (has URLs but no tokens)
+        return await this.serviceKeyStore.getConnectionConfig(destination);
     }
 }
 exports.AuthBroker = AuthBroker;

package/dist/__tests__/helpers/configHelpers.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Configuration helpers for auth-broker tests
+ * Loads test configuration from test-config.yaml
+ */
+export interface TestConfig {
+    auth_broker?: {
+        paths?: {
+            service_keys_dir?: string;
+            sessions_dir?: string;
+        };
+        abap?: {
+            destination?: string;
+        };
+        xsuaa?: {
+            btp_destination?: string;
+            mcp_destination?: string;
+            mcp_url?: string;
+        };
+    };
+}
+/**
+ * Load test configuration from YAML
+ * Uses test-config.yaml from tests/ directory
+ */
+export declare function loadTestConfig(): TestConfig;
+/**
+ * Check if test config has real values (not placeholders)
+ */
+export declare function hasRealConfig(config: TestConfig, section: 'abap' | 'xsuaa'): boolean;
+/**
+ * Get ABAP destination from config
+ */
+export declare function getAbapDestination(config?: TestConfig): string | null;
+/**
+ * Get XSUAA destinations from config
+ */
+export declare function getXsuaaDestinations(config?: TestConfig): {
+    btp_destination: string | null;
+    mcp_url: string | null;
+};
+/**
+ * Get service keys directory from config
+ */
+export declare function getServiceKeysDir(config?: TestConfig): string | null;
+/**
+ * Get sessions directory from config
+ */
+export declare function getSessionsDir(config?: TestConfig): string | null;
+//# sourceMappingURL=configHelpers.d.ts.map

package/dist/__tests__/helpers/configHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"configHelpers.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/configHelpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE;YACN,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;QACF,IAAI,CAAC,EAAE;YACL,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;QACF,KAAK,CAAC,EAAE;YACN,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;KACH,CAAC;CACH;AAkBD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,UAAU,CA6C3C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CA2BpF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGrE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG;IACzD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAOA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGpE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGjE"}