@mcp-abap-adt/auth-providers 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,50 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.1.0] - 2024-12-04
+
+### Added
+- Initial release
+- **XsuaaTokenProvider** - Uses `client_credentials` grant type (no browser required)
+- **BtpTokenProvider** - Uses browser-based OAuth2 or refresh token flow
+- Browser authentication flow with OAuth2 callback server
+- Client credentials authentication
+- Token refresh functionality
+- Token validation (`validateToken` method)
+- **Integration Tests**:
+  - Integration tests for all providers using real files from `test-config.yaml`
+  - Test configuration helpers (`configHelpers.ts`) matching auth-broker format
+  - YAML-based test configuration (`tests/test-config.yaml.template`)
+  - Tests for service key to session conversion
+  - Tests for token validation
+  - BTP tests use `BtpServiceKeyStore` and `BtpSessionStore` (without `sapUrl`)
+  - ABAP tests use `AbapServiceKeyStore` and `AbapSessionStore` (with `sapUrl`)
+  - BTP tests use `xsuaa.btp_destination` from config
+  - ABAP tests use `abap.destination` from config
+
+### Fixed
+- **Integration Tests**: Corrected BTP and ABAP test separation
+  - BTP tests correctly handle base BTP sessions (no `sapUrl` required)
+  - ABAP tests correctly handle ABAP sessions (with `sapUrl` from service key)
+- **Token Validation**: BTP tests now handle cases where `serviceUrl` may not be available (base BTP)
+- **Session Storage**: BTP tests no longer attempt to save `serviceUrl` to `BtpSessionStore` (which doesn't accept `sapUrl`)
+
+### Changed
+- **Documentation**: Updated README to clarify BTP vs ABAP differences and correct store usage
+  - Added explicit examples showing BTP and ABAP as separate entities
+  - Clarified that BTP uses `BtpServiceKeyStore`/`BtpSessionStore` (without `sapUrl`)
+  - Clarified that ABAP uses `AbapServiceKeyStore`/`AbapSessionStore` (with `sapUrl`)
+  - Updated integration test configuration examples
+
+### Dependencies
+- `@mcp-abap-adt/auth-broker` ^0.1.6 - Interface definitions
+- `@mcp-abap-adt/auth-stores` ^0.1.2 - Store implementations
+- `@mcp-abap-adt/connection` ^0.1.13 - Connection utilities
+- `@mcp-abap-adt/logger` ^0.1.0 - Logging utilities
+

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025 Oleksii Kyslytsia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

package/README.md

@@ -0,0 +1,200 @@
+# @mcp-abap-adt/auth-providers
+
+Token providers for MCP ABAP ADT auth-broker - XSUAA and BTP token providers.
+
+This package provides token provider implementations for the `@mcp-abap-adt/auth-broker` package.
+
+## Installation
+
+```bash
+npm install @mcp-abap-adt/auth-providers
+```
+
+## Overview
+
+This package implements the `ITokenProvider` interface from `@mcp-abap-adt/auth-broker`:
+
+- **XsuaaTokenProvider** - Uses `client_credentials` grant type (no browser required)
+- **BtpTokenProvider** - Uses browser-based OAuth2 or refresh token flow
+
+## Usage
+
+### Basic Usage
+
+```typescript
+import { AuthBroker } from '@mcp-abap-adt/auth-broker';
+import { XsuaaTokenProvider, BtpTokenProvider } from '@mcp-abap-adt/auth-providers';
+
+// Use XSUAA provider (client_credentials)
+const xsuaaBroker = new AuthBroker({
+  tokenProvider: new XsuaaTokenProvider(),
+}, 'none'); // Browser not needed
+
+// Use BTP provider (browser OAuth2 or refresh token)
+const btpBroker = new AuthBroker({
+  tokenProvider: new BtpTokenProvider(),
+});
+```
+
+### With Stores
+
+**Important**: BTP and ABAP are different entities:
+- **BTP** (base BTP) - uses `BtpServiceKeyStore` and `BtpSessionStore` (without `sapUrl`)
+- **ABAP** - uses `AbapServiceKeyStore` and `AbapSessionStore` (with `sapUrl`)
+
+```typescript
+import { AuthBroker } from '@mcp-abap-adt/auth-broker';
+import { XsuaaTokenProvider, BtpTokenProvider } from '@mcp-abap-adt/auth-providers';
+import { 
+  XsuaaServiceKeyStore, 
+  XsuaaSessionStore,
+  BtpServiceKeyStore,
+  BtpSessionStore,
+  AbapServiceKeyStore,
+  AbapSessionStore 
+} from '@mcp-abap-adt/auth-stores';
+
+// XSUAA provider with stores
+const xsuaaServiceKeyStore = new XsuaaServiceKeyStore('/path/to/service-keys');
+const xsuaaSessionStore = new XsuaaSessionStore('/path/to/sessions');
+
+const xsuaaBroker = new AuthBroker({
+  serviceKeyStore: xsuaaServiceKeyStore,
+  sessionStore: xsuaaSessionStore,
+  tokenProvider: new XsuaaTokenProvider(),
+}, 'none');
+
+// BTP provider with stores (base BTP, without sapUrl)
+const btpServiceKeyStore = new BtpServiceKeyStore('/path/to/service-keys');
+const btpSessionStore = new BtpSessionStore('/path/to/sessions');
+
+const btpBroker = new AuthBroker({
+  serviceKeyStore: btpServiceKeyStore,
+  sessionStore: btpSessionStore,
+  tokenProvider: new BtpTokenProvider(),
+});
+
+// ABAP provider with stores (with sapUrl)
+const abapServiceKeyStore = new AbapServiceKeyStore('/path/to/service-keys');
+const abapSessionStore = new AbapSessionStore('/path/to/sessions');
+
+const abapBroker = new AuthBroker({
+  serviceKeyStore: abapServiceKeyStore,
+  sessionStore: abapSessionStore,
+  tokenProvider: new BtpTokenProvider(), // BtpTokenProvider works for ABAP too
+});
+```
+
+### Token Providers
+
+#### XsuaaTokenProvider
+
+Uses `client_credentials` grant type - no browser interaction required:
+
+```typescript
+import { XsuaaTokenProvider } from '@mcp-abap-adt/auth-providers';
+import type { IAuthorizationConfig } from '@mcp-abap-adt/auth-broker';
+
+const provider = new XsuaaTokenProvider();
+
+const authConfig: IAuthorizationConfig = {
+  uaaUrl: 'https://...authentication...hana.ondemand.com',
+  uaaClientId: '...',
+  uaaClientSecret: '...',
+};
+
+const result = await provider.getConnectionConfig(authConfig, {
+  logger: defaultLogger,
+});
+
+// result.connectionConfig.authorizationToken contains the JWT token
+// result.refreshToken is undefined (client_credentials doesn't provide refresh tokens)
+```
+
+#### BtpTokenProvider
+
+Uses browser-based OAuth2 flow or refresh token:
+
+```typescript
+import { BtpTokenProvider } from '@mcp-abap-adt/auth-providers';
+import type { IAuthorizationConfig } from '@mcp-abap-adt/auth-broker';
+
+const provider = new BtpTokenProvider();
+
+const authConfig: IAuthorizationConfig = {
+  uaaUrl: 'https://...authentication...hana.ondemand.com',
+  uaaClientId: '...',
+  uaaClientSecret: '...',
+  refreshToken: '...', // Optional - if provided, uses refresh flow instead of browser
+};
+
+// If refreshToken is provided, uses refresh flow (no browser)
+// Otherwise, opens browser for OAuth2 authorization
+const result = await provider.getConnectionConfig(authConfig, {
+  logger: defaultLogger,
+  browser: 'system', // 'system', 'none', or undefined
+});
+
+// result.connectionConfig.authorizationToken contains the JWT token
+// result.refreshToken contains refresh token (if browser flow was used)
+```
+
+### Token Validation
+
+Both providers support token validation:
+
+```typescript
+const isValid = await provider.validateToken(token, serviceUrl);
+// Returns true if token is valid (200-299 status), false otherwise
+```
+
+## Testing
+
+The package includes both unit tests (with mocks) and integration tests (with real files and services).
+
+### Unit Tests
+
+```bash
+npm test
+```
+
+### Integration Tests
+
+Integration tests work with real files from `tests/test-config.yaml`:
+
+1. Copy `tests/test-config.yaml.template` to `tests/test-config.yaml`
+2. Fill in real paths, destinations, and URLs
+3. Run tests - integration tests will use real services if configured
+
+```yaml
+auth_broker:
+  paths:
+    service_keys_dir: ~/.config/mcp-abap-adt/service-keys/
+    sessions_dir: ~/.config/mcp-abap-adt/sessions/
+  abap:
+    destination: "TRIAL"  # For ABAP tests (uses AbapServiceKeyStore, AbapSessionStore)
+  xsuaa:
+    btp_destination: "mcp"  # For BTP tests (uses BtpServiceKeyStore, BtpSessionStore)
+    mcp_url: "https://..."
+```
+
+Integration tests will skip if `test-config.yaml` is not configured or contains placeholder values.
+
+**Note**: 
+- BTP integration tests use `xsuaa.btp_destination` and require `BtpServiceKeyStore`/`BtpSessionStore` (without `sapUrl`)
+- ABAP integration tests use `abap.destination` and require `AbapServiceKeyStore`/`AbapSessionStore` (with `sapUrl`)
+- BTP/ABAP integration tests may open a browser for authentication if no refresh token is available. This is expected behavior.
+
+## Dependencies
+
+- `@mcp-abap-adt/auth-broker` (^0.1.6) - Interface definitions
+- `@mcp-abap-adt/auth-stores` (^0.1.2) - Store implementations
+- `@mcp-abap-adt/connection` (^0.1.13) - Connection utilities
+- `@mcp-abap-adt/logger` (^0.1.0) - Logging utilities
+- `axios` - HTTP client
+- `express` - OAuth2 callback server
+- `open` - Browser opening utility
+
+## License
+
+MIT

package/dist/__tests__/helpers/configHelpers.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Configuration helpers for auth-providers tests
+ * Loads test configuration from test-config.yaml (same format as auth-broker)
+ */
+export interface TestConfig {
+    auth_broker?: {
+        paths?: {
+            service_keys_dir?: string;
+            sessions_dir?: string;
+        };
+        abap?: {
+            destination?: string;
+        };
+        xsuaa?: {
+            btp_destination?: string;
+            mcp_destination?: string;
+            mcp_url?: string;
+        };
+    };
+}
+/**
+ * Load test configuration from YAML
+ * Uses test-config.yaml from tests/ directory
+ */
+export declare function loadTestConfig(): TestConfig;
+/**
+ * Check if test config has real values (not placeholders)
+ */
+export declare function hasRealConfig(config: TestConfig, section: 'abap' | 'xsuaa'): boolean;
+/**
+ * Get ABAP destination from config
+ */
+export declare function getAbapDestination(config?: TestConfig): string | null;
+/**
+ * Get XSUAA destinations from config
+ */
+export declare function getXsuaaDestinations(config?: TestConfig): {
+    btp_destination: string | null;
+    mcp_url: string | null;
+};
+/**
+ * Get service keys directory from config
+ * Expands ~ to home directory
+ */
+export declare function getServiceKeysDir(config?: TestConfig): string | null;
+/**
+ * Get sessions directory from config
+ * Expands ~ to home directory
+ */
+export declare function getSessionsDir(config?: TestConfig): string | null;
+//# sourceMappingURL=configHelpers.d.ts.map

package/dist/__tests__/helpers/configHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"configHelpers.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/configHelpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE;YACN,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;QACF,IAAI,CAAC,EAAE;YACL,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;QACF,KAAK,CAAC,EAAE;YACN,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;KACH,CAAC;CACH;AAkBD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,UAAU,CA6C3C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CAwBpF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGrE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG;IACzD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAOA;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAYpE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAYjE"}

package/dist/__tests__/helpers/configHelpers.js

@@ -0,0 +1,186 @@
+"use strict";
+/**
+ * Configuration helpers for auth-providers tests
+ * Loads test configuration from test-config.yaml (same format as auth-broker)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadTestConfig = loadTestConfig;
+exports.hasRealConfig = hasRealConfig;
+exports.getAbapDestination = getAbapDestination;
+exports.getXsuaaDestinations = getXsuaaDestinations;
+exports.getServiceKeysDir = getServiceKeysDir;
+exports.getSessionsDir = getSessionsDir;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const yaml = __importStar(require("js-yaml"));
+let cachedConfig = null;
+/**
+ * Find project root directory by looking for package.json
+ */
+function findProjectRoot() {
+    let currentDir = __dirname;
+    while (currentDir !== path.dirname(currentDir)) {
+        const packageJsonPath = path.join(currentDir, 'package.json');
+        if (fs.existsSync(packageJsonPath)) {
+            return currentDir;
+        }
+        currentDir = path.dirname(currentDir);
+    }
+    // Fallback to process.cwd() if package.json not found
+    return process.cwd();
+}
+/**
+ * Load test configuration from YAML
+ * Uses test-config.yaml from tests/ directory
+ */
+function loadTestConfig() {
+    if (cachedConfig) {
+        return cachedConfig;
+    }
+    // Find project root and load from tests/test-config.yaml
+    const projectRoot = findProjectRoot();
+    const configPath = path.resolve(projectRoot, 'tests', 'test-config.yaml');
+    const templatePath = path.resolve(projectRoot, 'tests', 'test-config.yaml.template');
+    if (process.env.TEST_VERBOSE) {
+        console.log(`[configHelpers] Project root: ${projectRoot}`);
+        console.log(`[configHelpers] Config path: ${configPath}`);
+        console.log(`[configHelpers] Config exists: ${fs.existsSync(configPath)}`);
+    }
+    if (fs.existsSync(configPath)) {
+        try {
+            const configContent = fs.readFileSync(configPath, 'utf8');
+            cachedConfig = yaml.load(configContent) || {};
+            if (process.env.TEST_VERBOSE) {
+                console.log(`[configHelpers] Loaded config:`, JSON.stringify(cachedConfig, null, 2));
+            }
+            return cachedConfig;
+        }
+        catch (error) {
+            console.warn(`Failed to load test config from ${configPath}:`, error);
+            return {};
+        }
+    }
+    if (fs.existsSync(templatePath)) {
+        console.warn('⚠️  tests/test-config.yaml not found. Using template (all integration tests will be disabled).');
+        try {
+            const templateContent = fs.readFileSync(templatePath, 'utf8');
+            cachedConfig = yaml.load(templateContent) || {};
+            return cachedConfig;
+        }
+        catch (error) {
+            console.warn(`Failed to load test config template from ${templatePath}:`, error);
+            return {};
+        }
+    }
+    console.warn('⚠️  Test configuration files not found.');
+    console.warn('Please create tests/test-config.yaml with test parameters.');
+    return {};
+}
+/**
+ * Check if test config has real values (not placeholders)
+ */
+function hasRealConfig(config, section) {
+    if (!config.auth_broker) {
+        return false;
+    }
+    if (section === 'abap') {
+        const abap = config.auth_broker.abap;
+        if (!abap?.destination) {
+            return false;
+        }
+        // Check if destination is not a placeholder
+        return !abap.destination.includes('<') && !abap.destination.includes('>');
+    }
+    if (section === 'xsuaa') {
+        const xsuaa = config.auth_broker.xsuaa;
+        if (!xsuaa?.btp_destination) {
+            return false;
+        }
+        // Check if values are not placeholders
+        return !xsuaa.btp_destination.includes('<');
+    }
+    return false;
+}
+/**
+ * Get ABAP destination from config
+ */
+function getAbapDestination(config) {
+    const cfg = config || loadTestConfig();
+    return cfg.auth_broker?.abap?.destination || null;
+}
+/**
+ * Get XSUAA destinations from config
+ */
+function getXsuaaDestinations(config) {
+    const cfg = config || loadTestConfig();
+    const xsuaa = cfg.auth_broker?.xsuaa;
+    return {
+        btp_destination: xsuaa?.btp_destination || null,
+        mcp_url: xsuaa?.mcp_url || null,
+    };
+}
+/**
+ * Get service keys directory from config
+ * Expands ~ to home directory
+ */
+function getServiceKeysDir(config) {
+    const cfg = config || loadTestConfig();
+    const dir = cfg.auth_broker?.paths?.service_keys_dir;
+    if (!dir)
+        return null;
+    // Expand ~ to home directory
+    if (dir.startsWith('~')) {
+        const homeDir = process.env.HOME || process.env.USERPROFILE || '';
+        return dir.replace('~', homeDir);
+    }
+    return dir;
+}
+/**
+ * Get sessions directory from config
+ * Expands ~ to home directory
+ */
+function getSessionsDir(config) {
+    const cfg = config || loadTestConfig();
+    const dir = cfg.auth_broker?.paths?.sessions_dir;
+    if (!dir)
+        return null;
+    // Expand ~ to home directory
+    if (dir.startsWith('~')) {
+        const homeDir = process.env.HOME || process.env.USERPROFILE || '';
+        return dir.replace('~', homeDir);
+    }
+    return dir;
+}

package/dist/auth/browserAuth.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Browser authentication - OAuth2 flow for obtaining tokens
+ */
+import type { IAuthorizationConfig } from '@mcp-abap-adt/auth-broker';
+import type { Logger } from '@mcp-abap-adt/logger';
+/**
+ * Start browser authentication flow
+ * @param authConfig Authorization configuration with UAA credentials
+ * @param browser Browser name (chrome, edge, firefox, system, none)
+ * @param logger Optional logger instance. If not provided, uses default logger.
+ * @returns Promise that resolves to tokens
+ */
+export declare function startBrowserAuth(authConfig: IAuthorizationConfig, browser?: string, logger?: Logger): Promise<{
+    accessToken: string;
+    refreshToken?: string;
+}>;
+//# sourceMappingURL=browserAuth.d.ts.map

package/dist/auth/browserAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAkFnD;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkSzD"}