@mcp-abap-adt/auth-providers 0.1.2 → 0.1.3

package/CHANGELOG.md

@@ -7,6 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.3] - 2025-12-07
+
+### Added
+- **Configurable Browser Auth Port**: Added optional `browserAuthPort` parameter to `BtpTokenProvider` constructor
+  - Allows configuring the OAuth callback server port (default: 3001)
+  - Prevents port conflicts when proxy server runs on the same port
+  - Port is passed through to `startBrowserAuth` and `exchangeCodeForToken` functions
+  - Enables proxy to configure browser auth port via CLI parameter or YAML config
+
+### Changed
+- **BtpTokenProvider Constructor**: Now accepts optional `browserAuthPort?: number` parameter
+  - Defaults to 3001 if not specified (maintains backward compatibility)
+- **startBrowserAuth Function**: Added optional `port: number = 3001` parameter
+  - Port is used for OAuth callback server and redirect URI
+- **exchangeCodeForToken Function**: Added optional `port: number = 3001` parameter
+  - Port is used in redirect URI when exchanging authorization code for tokens
+- **Implementation Isolation**: Internal authentication functions are no longer exported from package
+  - `startBrowserAuth`, `refreshJwtToken`, and `getTokenWithClientCredentials` are now internal functions
+  - Providers use private method wrappers to call these functions
+  - Constructor parameters (like `browserAuthPort`) are passed through private methods to internal functions
+  - This ensures proper encapsulation and prevents direct usage of internal implementation details
+- **Test Improvements**: Unit tests now use provider methods instead of direct internal function imports
+  - Tests use `jest.spyOn` to mock private provider methods instead of mocking internal functions
+  - Tests now properly test the public API of providers, ensuring better isolation
+  - This aligns with encapsulation principles and makes tests more maintainable
+
 ## [0.1.2] - 2025-12-05
 
 ### Changed

package/README.md

@@ -130,10 +130,11 @@ const btpBroker = new AuthBroker({
 const abapServiceKeyStore = new AbapServiceKeyStore('/path/to/service-keys');
 const abapSessionStore = new AbapSessionStore('/path/to/sessions');
 
+// Use custom port if running alongside other services (e.g., proxy on port 3001)
 const abapBroker = new AuthBroker({
   serviceKeyStore: abapServiceKeyStore,
   sessionStore: abapSessionStore,
-  tokenProvider: new BtpTokenProvider(), // BtpTokenProvider works for ABAP too
+  tokenProvider: new BtpTokenProvider(4001), // Custom port to avoid conflicts
 });
 ```
 
@@ -171,8 +172,12 @@ Uses browser-based OAuth2 flow or refresh token:
 import { BtpTokenProvider } from '@mcp-abap-adt/auth-providers';
 import type { IAuthorizationConfig } from '@mcp-abap-adt/auth-broker';
 
+// Create provider with default port (3001)
 const provider = new BtpTokenProvider();
 
+// Or specify custom port for OAuth callback server (useful to avoid port conflicts)
+const providerWithCustomPort = new BtpTokenProvider(4001);
+
 const authConfig: IAuthorizationConfig = {
   uaaUrl: 'https://...authentication...hana.ondemand.com',
   uaaClientId: '...',
@@ -191,6 +196,8 @@ const result = await provider.getConnectionConfig(authConfig, {
 // result.refreshToken contains refresh token (if browser flow was used)
 ```
 
+**Note**: The `browserAuthPort` parameter (default: 3001) configures the OAuth callback server port. This is useful when running the provider in environments where port 3001 is already in use (e.g., when running alongside a proxy server).
+
 ### Token Validation
 
 Both providers support token validation:

package/dist/auth/browserAuth.d.ts

@@ -7,9 +7,11 @@ import type { IAuthorizationConfig, ILogger } from '@mcp-abap-adt/interfaces';
  * @param authConfig Authorization configuration with UAA credentials
  * @param browser Browser name (chrome, edge, firefox, system, none)
  * @param logger Optional logger instance. If not provided, uses default logger.
+ * @param port Port for OAuth callback server (default: 3001)
  * @returns Promise that resolves to tokens
+ * @internal - Internal function, not exported from package
  */
-export declare function startBrowserAuth(authConfig: IAuthorizationConfig, browser?: string, logger?: ILogger): Promise<{
+export declare function startBrowserAuth(authConfig: IAuthorizationConfig, browser?: string, logger?: ILogger, port?: number): Promise<{
     accessToken: string;
     refreshToken?: string;
 }>;

package/dist/auth/browserAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAkF9E;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkSzD"}
+{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAkF9E;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,GAAE,MAAa,GAClB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkSzD"}

package/dist/auth/browserAuth.js

@@ -66,10 +66,10 @@ function getJwtAuthorizationUrl(authConfig, port = 3001) {
 /**
  * Exchange authorization code for tokens
  */
-async function exchangeCodeForToken(authConfig, code) {
+async function exchangeCodeForToken(authConfig, code, port = 3001) {
     const { uaaUrl: url, uaaClientId: clientid, uaaClientSecret: clientsecret } = authConfig;
     const tokenUrl = `${url}/oauth/token`;
-    const redirectUri = 'http://localhost:3001/callback';
+    const redirectUri = `http://localhost:${port}/callback`;
     const params = new URLSearchParams();
     params.append('grant_type', 'authorization_code');
     params.append('code', code);
@@ -109,9 +109,11 @@ const defaultLogger = {
  * @param authConfig Authorization configuration with UAA credentials
  * @param browser Browser name (chrome, edge, firefox, system, none)
  * @param logger Optional logger instance. If not provided, uses default logger.
+ * @param port Port for OAuth callback server (default: 3001)
  * @returns Promise that resolves to tokens
+ * @internal - Internal function, not exported from package
  */
-async function startBrowserAuth(authConfig, browser = 'system', logger) {
+async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3001) {
     const log = logger ? {
         info: (msg) => logger.info(msg),
         debug: (msg) => logger.debug(msg),
@@ -133,7 +135,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
         };
         const app = (0, express_1.default)();
         const server = http.createServer(app);
-        const PORT = 3001;
+        const PORT = port;
         let serverInstance = null;
         const authorizationUrl = getJwtAuthorizationUrl(authConfig, PORT);
         // OAuth2 callback handler
@@ -278,7 +280,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                 res.send(html);
                 // Exchange code for tokens and close server
                 try {
-                    const tokens = await exchangeCodeForToken(authConfig, code);
+                    const tokens = await exchangeCodeForToken(authConfig, code, PORT);
                     // Close all connections and server immediately after getting tokens
                     if (typeof server.closeAllConnections === 'function') {
                         server.closeAllConnections();

package/dist/auth/clientCredentialsAuth.d.ts

@@ -14,6 +14,7 @@ export interface ClientCredentialsResult {
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to access token
+ * @internal - Internal function, not exported from package
  */
 export declare function getTokenWithClientCredentials(uaaUrl: string, clientId: string, clientSecret: string): Promise<ClientCredentialsResult>;
 //# sourceMappingURL=clientCredentialsAuth.d.ts.map

package/dist/auth/clientCredentialsAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientCredentialsAuth.d.ts","sourceRoot":"","sources":["../../src/auth/clientCredentialsAuth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,uBAAuB,CAAC,CAoClC"}
+{"version":3,"file":"clientCredentialsAuth.d.ts","sourceRoot":"","sources":["../../src/auth/clientCredentialsAuth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,uBAAuB,CAAC,CAoClC"}

package/dist/auth/clientCredentialsAuth.js

@@ -17,6 +17,7 @@ const axios_1 = __importDefault(require("axios"));
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to access token
+ * @internal - Internal function, not exported from package
  */
 async function getTokenWithClientCredentials(uaaUrl, clientId, clientSecret) {
     try {

package/dist/auth/tokenRefresher.d.ts

@@ -12,6 +12,7 @@ export interface TokenRefreshResult {
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to new tokens
+ * @internal - Internal function, not exported from package
  */
 export declare function refreshJwtToken(refreshToken: string, uaaUrl: string, clientId: string, clientSecret: string): Promise<TokenRefreshResult>;
 //# sourceMappingURL=tokenRefresher.d.ts.map

package/dist/auth/tokenRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenRefresher.d.ts","sourceRoot":"","sources":["../../src/auth/tokenRefresher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}
+{"version":3,"file":"tokenRefresher.d.ts","sourceRoot":"","sources":["../../src/auth/tokenRefresher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}

package/dist/auth/tokenRefresher.js

@@ -15,6 +15,7 @@ const axios_1 = __importDefault(require("axios"));
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to new tokens
+ * @internal - Internal function, not exported from package
  */
 async function refreshJwtToken(refreshToken, uaaUrl, clientId, clientSecret) {
     try {

package/dist/index.d.ts

@@ -6,9 +6,4 @@
  */
 export { XsuaaTokenProvider } from './providers/XsuaaTokenProvider';
 export { BtpTokenProvider } from './providers/BtpTokenProvider';
-export { startBrowserAuth } from './auth/browserAuth';
-export { getTokenWithClientCredentials } from './auth/clientCredentialsAuth';
-export { refreshJwtToken } from './auth/tokenRefresher';
-export type { ClientCredentialsResult } from './auth/clientCredentialsAuth';
-export type { TokenRefreshResult } from './auth/tokenRefresher';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,YAAY,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAC5E,YAAY,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/index.js

@@ -6,16 +6,9 @@
  * Provides XSUAA and BTP token providers
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshJwtToken = exports.getTokenWithClientCredentials = exports.startBrowserAuth = exports.BtpTokenProvider = exports.XsuaaTokenProvider = void 0;
+exports.BtpTokenProvider = exports.XsuaaTokenProvider = void 0;
 // Token providers
 var XsuaaTokenProvider_1 = require("./providers/XsuaaTokenProvider");
 Object.defineProperty(exports, "XsuaaTokenProvider", { enumerable: true, get: function () { return XsuaaTokenProvider_1.XsuaaTokenProvider; } });
 var BtpTokenProvider_1 = require("./providers/BtpTokenProvider");
 Object.defineProperty(exports, "BtpTokenProvider", { enumerable: true, get: function () { return BtpTokenProvider_1.BtpTokenProvider; } });
-// Auth functions (for advanced usage)
-var browserAuth_1 = require("./auth/browserAuth");
-Object.defineProperty(exports, "startBrowserAuth", { enumerable: true, get: function () { return browserAuth_1.startBrowserAuth; } });
-var clientCredentialsAuth_1 = require("./auth/clientCredentialsAuth");
-Object.defineProperty(exports, "getTokenWithClientCredentials", { enumerable: true, get: function () { return clientCredentialsAuth_1.getTokenWithClientCredentials; } });
-var tokenRefresher_1 = require("./auth/tokenRefresher");
-Object.defineProperty(exports, "refreshJwtToken", { enumerable: true, get: function () { return tokenRefresher_1.refreshJwtToken; } });

package/dist/providers/BtpTokenProvider.d.ts

@@ -11,6 +11,17 @@ import type { ITokenProvider, ITokenProviderOptions, ITokenProviderResult, IAuth
  * Uses browser-based OAuth2 (if no refresh token) or refresh token flow.
  */
 export declare class BtpTokenProvider implements ITokenProvider {
+    private readonly browserAuthPort;
+    constructor(browserAuthPort?: number);
+    /**
+     * Private method wrapper for browser authentication
+     * Proxies port from constructor to internal function
+     */
+    private startBrowserAuth;
+    /**
+     * Private method wrapper for token refresh
+     */
+    private refreshJwtToken;
     getConnectionConfig(authConfig: IAuthorizationConfig, options?: ITokenProviderOptions): Promise<ITokenProviderResult>;
     validateToken(token: string, serviceUrl?: string): Promise<boolean>;
 }

package/dist/providers/BtpTokenProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BtpTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/BtpTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAKlI;;;;GAIG;AACH,qBAAa,gBAAiB,YAAW,cAAc;IAC/C,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAmC1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA0C1E"}
+{"version":3,"file":"BtpTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/BtpTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAW,MAAM,0BAA0B,CAAC;AAO3I;;;;GAIG;AACH,qBAAa,gBAAiB,YAAW,cAAc;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAE7B,eAAe,CAAC,EAAE,MAAM;IAKpC;;;OAGG;YACW,gBAAgB;IAQ9B;;OAEG;YACW,eAAe;IASvB,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAmC1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA0C1E"}

package/dist/providers/BtpTokenProvider.js

@@ -10,15 +10,34 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BtpTokenProvider = void 0;
+const axios_1 = __importDefault(require("axios"));
+// Import internal functions (not exported)
 const browserAuth_1 = require("../auth/browserAuth");
 const tokenRefresher_1 = require("../auth/tokenRefresher");
-const axios_1 = __importDefault(require("axios"));
 /**
  * BTP/ABAP token provider implementation
  *
  * Uses browser-based OAuth2 (if no refresh token) or refresh token flow.
  */
 class BtpTokenProvider {
+    browserAuthPort;
+    constructor(browserAuthPort) {
+        // Default to 3001 if not specified
+        this.browserAuthPort = browserAuthPort ?? 3001;
+    }
+    /**
+     * Private method wrapper for browser authentication
+     * Proxies port from constructor to internal function
+     */
+    async startBrowserAuth(authConfig, browser, logger) {
+        return (0, browserAuth_1.startBrowserAuth)(authConfig, browser, logger, this.browserAuthPort);
+    }
+    /**
+     * Private method wrapper for token refresh
+     */
+    async refreshJwtToken(refreshToken, uaaUrl, clientId, clientSecret) {
+        return (0, tokenRefresher_1.refreshJwtToken)(refreshToken, uaaUrl, clientId, clientSecret);
+    }
     async getConnectionConfig(authConfig, options) {
         const logger = options?.logger;
         const browser = options?.browser || 'system';
@@ -28,14 +47,14 @@ class BtpTokenProvider {
             if (logger) {
                 logger.debug('No refresh token found. Starting browser authentication...');
             }
-            result = await (0, browserAuth_1.startBrowserAuth)(authConfig, browser, logger);
+            result = await this.startBrowserAuth(authConfig, browser, logger);
         }
         else {
             // Use refresh token to get new access token
             if (logger) {
                 logger.debug('Refreshing token using refresh token...');
             }
-            result = await (0, tokenRefresher_1.refreshJwtToken)(authConfig.refreshToken, authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
+            result = await this.refreshJwtToken(authConfig.refreshToken, authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
         }
         return {
             connectionConfig: {

package/dist/providers/XsuaaTokenProvider.d.ts

@@ -11,6 +11,10 @@ import type { ITokenProvider, ITokenProviderOptions, ITokenProviderResult, IAuth
  * Uses client_credentials grant type - no browser, no refresh token needed.
  */
 export declare class XsuaaTokenProvider implements ITokenProvider {
+    /**
+     * Private method wrapper for client credentials authentication
+     */
+    private getTokenWithClientCredentials;
     getConnectionConfig(authConfig: IAuthorizationConfig, options?: ITokenProviderOptions): Promise<ITokenProviderResult>;
     validateToken(token: string, serviceUrl?: string): Promise<boolean>;
 }

package/dist/providers/XsuaaTokenProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"XsuaaTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/XsuaaTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAIlI;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,cAAc;IACjD,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAyB1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgD1E"}
+{"version":3,"file":"XsuaaTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/XsuaaTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAMlI;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,cAAc;IACvD;;OAEG;YACW,6BAA6B;IAQrC,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAyB1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgD1E"}

package/dist/providers/XsuaaTokenProvider.js

@@ -10,21 +10,28 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.XsuaaTokenProvider = void 0;
-const clientCredentialsAuth_1 = require("../auth/clientCredentialsAuth");
 const axios_1 = __importDefault(require("axios"));
+// Import internal function (not exported)
+const clientCredentialsAuth_1 = require("../auth/clientCredentialsAuth");
 /**
  * XSUAA token provider implementation
  *
  * Uses client_credentials grant type - no browser, no refresh token needed.
  */
 class XsuaaTokenProvider {
+    /**
+     * Private method wrapper for client credentials authentication
+     */
+    async getTokenWithClientCredentials(uaaUrl, clientId, clientSecret) {
+        return (0, clientCredentialsAuth_1.getTokenWithClientCredentials)(uaaUrl, clientId, clientSecret);
+    }
     async getConnectionConfig(authConfig, options) {
         const logger = options?.logger;
         if (logger) {
             logger.debug('Using client_credentials grant type for XSUAA...');
         }
         // XSUAA uses client_credentials - no refresh token needed
-        const result = await (0, clientCredentialsAuth_1.getTokenWithClientCredentials)(authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
+        const result = await this.getTokenWithClientCredentials(authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
         // XSUAA doesn't provide serviceUrl in authorization config
         // It's provided separately (from YAML, parameter, or request header)
         return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-providers",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Token providers for MCP ABAP ADT auth-broker - XSUAA and BTP token providers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",