@mcp-abap-adt/auth-broker 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -1
- package/README.md +8 -1
- package/dist/AuthBroker.d.ts +3 -0
- package/dist/AuthBroker.d.ts.map +1 -1
- package/dist/AuthBroker.js +10 -6
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
10
10
|
Thank you to all contributors! See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the complete list.
|
|
11
11
|
|
|
12
12
|
## [Unreleased]
|
|
13
|
+
## [0.2.3] - 2025-12-18
|
|
14
|
+
|
|
15
|
+
### Added
|
|
16
|
+
- `allowClientCredentials` config flag (default: true). Set to `false` to skip UAA client_credentials flow and force provider/browser-based login (useful for ABAP ADT backends that reject service tokens).
|
|
17
|
+
|
|
18
|
+
## [0.2.2] - 2025-12-13
|
|
19
|
+
|
|
20
|
+
### Changed
|
|
21
|
+
- Dependency bump: `@mcp-abap-adt/interfaces` to `^0.1.16` to align with latest interfaces release
|
|
13
22
|
|
|
14
23
|
## [0.2.1] - 2025-12-12
|
|
15
24
|
|
|
@@ -618,4 +627,3 @@ const broker = new AuthBroker({
|
|
|
618
627
|
- **Module system**: CommonJS
|
|
619
628
|
- **Build output**: TypeScript compiled to JavaScript with type definitions
|
|
620
629
|
- **Logging**: Injectable logger interface with environment variable control
|
|
621
|
-
|
package/README.md
CHANGED
|
@@ -52,6 +52,14 @@ const broker = new AuthBroker({
|
|
|
52
52
|
serviceKeyStore: new AbapServiceKeyStore('/path/to/destinations'), // optional
|
|
53
53
|
tokenProvider: new BtpTokenProvider(), // optional
|
|
54
54
|
}, 'chrome', logger);
|
|
55
|
+
|
|
56
|
+
// Disable direct client_credentials (force provider/browser flow, e.g., for ABAP ADT)
|
|
57
|
+
const brokerNoClientCreds = new AuthBroker({
|
|
58
|
+
sessionStore: new AbapSessionStore('/path/to/destinations'),
|
|
59
|
+
serviceKeyStore: new AbapServiceKeyStore('/path/to/destinations'),
|
|
60
|
+
tokenProvider: new BtpTokenProvider(),
|
|
61
|
+
allowClientCredentials: false,
|
|
62
|
+
}, 'chrome', logger);
|
|
55
63
|
```
|
|
56
64
|
|
|
57
65
|
### Session + Service Key (For Initialization)
|
|
@@ -596,4 +604,3 @@ Thank you to all contributors! See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the co
|
|
|
596
604
|
## License
|
|
597
605
|
|
|
598
606
|
MIT
|
|
599
|
-
|
package/dist/AuthBroker.d.ts
CHANGED
|
@@ -14,6 +14,8 @@ export interface AuthBrokerConfig {
|
|
|
14
14
|
serviceKeyStore?: IServiceKeyStore;
|
|
15
15
|
/** Token provider (optional) - handles token refresh and authentication flows. If not provided, direct UAA HTTP requests will be used when UAA credentials are available */
|
|
16
16
|
tokenProvider?: ITokenProvider;
|
|
17
|
+
/** Allow direct UAA client_credentials flow (default: true). Set false to force provider/interactive login (e.g., ABAP ADT). */
|
|
18
|
+
allowClientCredentials?: boolean;
|
|
17
19
|
}
|
|
18
20
|
export declare class AuthBroker {
|
|
19
21
|
private browser;
|
|
@@ -21,6 +23,7 @@ export declare class AuthBroker {
|
|
|
21
23
|
private serviceKeyStore;
|
|
22
24
|
private sessionStore;
|
|
23
25
|
private tokenProvider;
|
|
26
|
+
private allowClientCredentials;
|
|
24
27
|
/**
|
|
25
28
|
* Create a new AuthBroker instance
|
|
26
29
|
* @param config Configuration object with stores and token provider
|
package/dist/AuthBroker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAW,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4KAA4K;IAC5K,aAAa,CAAC,EAAE,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAW,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4KAA4K;IAC5K,aAAa,CAAC,EAAE,cAAc,CAAC;IAC/B,gIAAgI;IAChI,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAcD,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,sBAAsB,CAAU;IAExC;;;;;;;;;;OAUG;gBAED,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,OAAO;IAmElB;;;;;OAKG;YACW,kBAAkB;IA4ChC;;;;OAIG;YACW,6BAA6B;IA0C3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA8SpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuFxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA2BvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CAyBlF"}
|
package/dist/AuthBroker.js
CHANGED
|
@@ -23,6 +23,7 @@ class AuthBroker {
|
|
|
23
23
|
serviceKeyStore;
|
|
24
24
|
sessionStore;
|
|
25
25
|
tokenProvider;
|
|
26
|
+
allowClientCredentials;
|
|
26
27
|
/**
|
|
27
28
|
* Create a new AuthBroker instance
|
|
28
29
|
* @param config Configuration object with stores and token provider
|
|
@@ -84,10 +85,11 @@ class AuthBroker {
|
|
|
84
85
|
this.tokenProvider = tokenProvider;
|
|
85
86
|
this.browser = browser || 'system';
|
|
86
87
|
this.logger = logger || noOpLogger;
|
|
88
|
+
this.allowClientCredentials = config.allowClientCredentials !== false;
|
|
87
89
|
// Log successful initialization
|
|
88
90
|
const hasServiceKeyStore = !!this.serviceKeyStore;
|
|
89
91
|
const hasTokenProvider = !!this.tokenProvider;
|
|
90
|
-
this.logger?.debug(`AuthBroker initialized: sessionStore(ok), serviceKeyStore(${hasServiceKeyStore ? 'ok' : 'none'}), tokenProvider(${hasTokenProvider ? 'ok' : 'none'})`);
|
|
92
|
+
this.logger?.debug(`AuthBroker initialized: sessionStore(ok), serviceKeyStore(${hasServiceKeyStore ? 'ok' : 'none'}), tokenProvider(${hasTokenProvider ? 'ok' : 'none'}), allowClientCredentials(${this.allowClientCredentials})`);
|
|
91
93
|
}
|
|
92
94
|
/**
|
|
93
95
|
* Refresh token using refresh_token grant type (direct UAA HTTP request)
|
|
@@ -414,10 +416,10 @@ class AuthBroker {
|
|
|
414
416
|
throw new Error(errorMessage);
|
|
415
417
|
}
|
|
416
418
|
try {
|
|
417
|
-
this.logger?.debug(`Step 2: Trying UAA (client_credentials) flow for ${destination}`);
|
|
419
|
+
this.logger?.debug(`Step 2: Trying UAA (client_credentials/provider) flow for ${destination}`);
|
|
418
420
|
let tokenResult;
|
|
419
|
-
// Try direct UAA request first if UAA credentials are available
|
|
420
|
-
if (uaaCredentials.uaaUrl && uaaCredentials.uaaClientId && uaaCredentials.uaaClientSecret) {
|
|
421
|
+
// Try direct UAA request first if allowed and UAA credentials are available
|
|
422
|
+
if (this.allowClientCredentials && uaaCredentials.uaaUrl && uaaCredentials.uaaClientId && uaaCredentials.uaaClientSecret) {
|
|
421
423
|
try {
|
|
422
424
|
this.logger?.debug(`Step 2: Trying direct UAA client_credentials for ${destination}`);
|
|
423
425
|
const uaaResult = await this.getTokenWithClientCredentials(uaaCredentials);
|
|
@@ -445,7 +447,7 @@ class AuthBroker {
|
|
|
445
447
|
}
|
|
446
448
|
}
|
|
447
449
|
else if (this.tokenProvider) {
|
|
448
|
-
// No UAA
|
|
450
|
+
// No client_credentials (disabled) or missing UAA creds -> use provider
|
|
449
451
|
const authConfigWithoutRefresh = { ...uaaCredentials, refreshToken: undefined };
|
|
450
452
|
tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithoutRefresh, {
|
|
451
453
|
browser: this.browser,
|
|
@@ -453,7 +455,9 @@ class AuthBroker {
|
|
|
453
455
|
});
|
|
454
456
|
}
|
|
455
457
|
else {
|
|
456
|
-
throw new Error(
|
|
458
|
+
throw new Error(this.allowClientCredentials
|
|
459
|
+
? 'UAA credentials incomplete and tokenProvider not available'
|
|
460
|
+
: 'Client credentials flow disabled and no tokenProvider available for interactive login');
|
|
457
461
|
}
|
|
458
462
|
const tokenLength = tokenResult.connectionConfig.authorizationToken?.length || 0;
|
|
459
463
|
this.logger?.info(`Step 2: Token obtained via UAA for ${destination}: token(${tokenLength} chars), hasRefreshToken(${!!tokenResult.refreshToken})`);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mcp-abap-adt/auth-broker",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.3",
|
|
4
4
|
"description": "JWT authentication broker for MCP ABAP ADT - manages tokens based on destination headers",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"node": ">=18.0.0"
|
|
52
52
|
},
|
|
53
53
|
"dependencies": {
|
|
54
|
-
"@mcp-abap-adt/interfaces": "^0.1.
|
|
54
|
+
"@mcp-abap-adt/interfaces": "^0.1.16",
|
|
55
55
|
"axios": "^1.13.2"
|
|
56
56
|
},
|
|
57
57
|
"devDependencies": {
|