@mcp-abap-adt/auth-broker 0.2.6 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/README.md +10 -1
  3. package/dist/AuthBroker.d.ts +3 -2
  4. package/dist/AuthBroker.d.ts.map +1 -1
  5. package/dist/AuthBroker.js +3 -2
  6. package/package.json +4 -4
package/CHANGELOG.md CHANGED
@@ -11,6 +11,28 @@ Thank you to all contributors! See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the co
11
11
 
12
12
  ## [Unreleased]
13
13
 
14
+ ## [0.2.8] - 2025-12-21
15
+
16
+ ### Changed
17
+ - **Dependencies**: Updated `@mcp-abap-adt/auth-stores` to `^0.2.8`
18
+ - EnvFileSessionStore now persists JWT tokens back to .env file after token refresh
19
+ - Removed duplicate BTP stores (now aliases to XSUAA equivalents)
20
+
21
+ ## [0.2.7] - 2025-12-21
22
+
23
+ ### Added
24
+ - **Headless Browser Mode**: Added `browser: 'headless'` option for SSH and remote sessions
25
+ - Logs authentication URL and waits for manual callback
26
+ - Ideal for environments without display (SSH, Docker, CI/CD)
27
+ - Differs from `'none'` which rejects immediately (for automated tests)
28
+
29
+ ### Changed
30
+ - **Documentation Update**: Updated browser option documentation to clarify `headless` vs `none` modes
31
+
32
+ ### Dependencies
33
+ - Updated `@mcp-abap-adt/interfaces` to `^0.2.4` for headless browser mode support
34
+ - Updated `@mcp-abap-adt/auth-providers` to `^0.2.3` (devDependency, tests only) for headless mode implementation
35
+
14
36
  ## [0.2.5] - 2025-12-20
15
37
 
16
38
  ### Added
package/README.md CHANGED
@@ -368,7 +368,9 @@ new AuthBroker(
368
368
  - `sessionStore` - **Required** - Store for session data. Must contain initial session with `serviceUrl`
369
369
  - `serviceKeyStore` - **Optional** - Store for service keys. Only needed for initializing sessions from service keys
370
370
  - `tokenProvider` - **Optional** - Token provider for token acquisition. Only needed for browser authentication or when direct UAA requests fail
371
- - `browser` - Optional browser name for authentication (`chrome`, `edge`, `firefox`, `system`, `none`). Default: `system`
371
+ - `browser` - Optional browser name for authentication (`chrome`, `edge`, `firefox`, `system`, `headless`, `none`). Default: `system`
372
+ - Use `'headless'` for SSH/remote sessions - logs URL and waits for manual callback
373
+ - Use `'none'` for automated tests - logs URL and rejects immediately
372
374
  - For XSUAA, browser is not used (client_credentials grant type) - use `'none'`
373
375
  - `logger` - Optional logger instance. If not provided, uses no-op logger
374
376
 
@@ -456,6 +458,13 @@ try {
456
458
  - `BROWSER_AUTH_ERROR` - Browser authentication failed or cancelled (logged, throws)
457
459
  - `REFRESH_ERROR` - Token refresh failed at UAA server (logged, throws)
458
460
 
461
+ **4. Browser Auth Disabled Errors** (when `allowBrowserAuth: false`):
462
+ - `BROWSER_AUTH_REQUIRED` - Browser authentication is required but disabled. Thrown when:
463
+ - **Step 0**: No token and no UAA credentials in session, service key exists but browser auth needed
464
+ - **Step 2b**: Refresh token expired/invalid and browser auth needed for new token
465
+ - Error includes `destination` property for context
466
+ - Use case: Non-interactive environments (MCP stdio, Cline) where browser cannot open
467
+
459
468
  **Defensive Design Principles:**
460
469
  - **All external operations wrapped in try-catch**: Files may be missing/corrupted, network may fail
461
470
  - **Graceful degradation**: Store errors trigger fallback mechanisms (serviceKey → session → provider)
package/dist/AuthBroker.d.ts CHANGED
@@ -37,9 +37,10 @@ export declare class AuthBroker {
37
37
  * - sessionStore: Store for session data (required)
38
38
  * - serviceKeyStore: Store for service keys (optional)
39
39
  * - tokenProvider: Token provider implementing ITokenProvider interface (required) - handles browser-based authorization
40
- * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
40
+ * @param browser Optional browser name for authentication (chrome, edge, firefox, system, headless, none).
41
41
  * Default: 'system' (system default browser).
42
- * Use 'none' to print URL instead of opening browser.
42
+ * Use 'headless' for SSH/remote sessions - logs URL and waits for manual callback.
43
+ * Use 'none' for automated tests - logs URL and rejects immediately.
43
44
  * @param logger Optional logger instance implementing ILogger interface. If not provided, uses no-op logger.
44
45
  */
45
46
  constructor(config: AuthBrokerConfig, browser?: string, logger?: ILogger);
package/dist/AuthBroker.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAA8C,MAAM,0BAA0B,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;OAUG;gBAED,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,OAAO;IAuElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgYpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA4CvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CA0ClF"}
1
+ {"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAA8C,MAAM,0BAA0B,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;;OAWG;gBAED,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,OAAO;IAuElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgYpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA4CvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CA0ClF"}
package/dist/AuthBroker.js CHANGED
@@ -30,9 +30,10 @@ class AuthBroker {
30
30
  * - sessionStore: Store for session data (required)
31
31
  * - serviceKeyStore: Store for service keys (optional)
32
32
  * - tokenProvider: Token provider implementing ITokenProvider interface (required) - handles browser-based authorization
33
- * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
33
+ * @param browser Optional browser name for authentication (chrome, edge, firefox, system, headless, none).
34
34
  * Default: 'system' (system default browser).
35
- * Use 'none' to print URL instead of opening browser.
35
+ * Use 'headless' for SSH/remote sessions - logs URL and waits for manual callback.
36
+ * Use 'none' for automated tests - logs URL and rejects immediately.
36
37
  * @param logger Optional logger instance implementing ILogger interface. If not provided, uses no-op logger.
37
38
  */
38
39
  constructor(config, browser, logger) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mcp-abap-adt/auth-broker",
3
- "version": "0.2.6",
3
+ "version": "0.2.8",
4
4
  "description": "JWT authentication broker for MCP ABAP ADT - manages tokens based on destination headers",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -51,12 +51,12 @@
51
51
  "node": ">=18.0.0"
52
52
  },
53
53
  "dependencies": {
54
- "@mcp-abap-adt/interfaces": "^0.2.3",
54
+ "@mcp-abap-adt/interfaces": "^0.2.4",
55
55
  "axios": "^1.13.2"
56
56
  },
57
57
  "devDependencies": {
58
- "@mcp-abap-adt/auth-providers": "^0.2.2",
59
- "@mcp-abap-adt/auth-stores": "^0.2.5",
58
+ "@mcp-abap-adt/auth-providers": "^0.2.3",
59
+ "@mcp-abap-adt/auth-stores": "^0.2.8",
60
60
  "@types/express": "^5.0.5",
61
61
  "@types/jest": "^30.0.0",
62
62
  "@types/js-yaml": "^4.0.9",