@mcp-abap-adt/auth-providers 0.1.2 → 0.1.4

package/CHANGELOG.md

@@ -7,6 +7,59 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.4] - 2025-12-08
+
+### Added
+- **Integration Tests for browserAuth**: Added real integration test that uses actual service keys and OAuth flow
+  - Test verifies token retrieval with real credentials from service keys
+  - Shows all authentication stages with logging when `DEBUG_AUTH_PROVIDERS=true` is set
+  - Tests both access token and refresh token retrieval
+- **Test Logger Helper**: Added `createTestLogger` helper for tests with environment variable control
+  - Supports log levels (debug, info, warn, error) via `LOG_LEVEL` environment variable
+  - Only outputs logs when `DEBUG_AUTH_PROVIDERS=true` or `DEBUG_BROWSER_AUTH=true` is set
+  - Provides clean, controlled logging for test scenarios
+
+### Changed
+- **Improved Logging in browserAuth**: Made logging more concise and informative
+  - All log messages are now single-line strings without verbose objects
+  - Logs show key information: what we send, what we receive, token lengths
+  - Example: `Tokens received: accessToken(2263 chars), refreshToken(34 chars)`
+  - Logging only works when logger is provided (no default console output)
+- **exchangeCodeForToken Function**: Exported for testing purposes
+  - Function is marked as `@internal` but exported to enable unit testing
+  - Allows testing token exchange logic without full browser auth flow
+
+### Fixed
+- **Test Error Logging**: Fixed error test to use mock logger without console output
+  - Error test no longer pollutes console with error messages
+  - Still verifies that error logging occurs via spy
+
+## [0.1.3] - 2025-12-07
+
+### Added
+- **Configurable Browser Auth Port**: Added optional `browserAuthPort` parameter to `BtpTokenProvider` constructor
+  - Allows configuring the OAuth callback server port (default: 3001)
+  - Prevents port conflicts when proxy server runs on the same port
+  - Port is passed through to `startBrowserAuth` and `exchangeCodeForToken` functions
+  - Enables proxy to configure browser auth port via CLI parameter or YAML config
+
+### Changed
+- **BtpTokenProvider Constructor**: Now accepts optional `browserAuthPort?: number` parameter
+  - Defaults to 3001 if not specified (maintains backward compatibility)
+- **startBrowserAuth Function**: Added optional `port: number = 3001` parameter
+  - Port is used for OAuth callback server and redirect URI
+- **exchangeCodeForToken Function**: Added optional `port: number = 3001` parameter
+  - Port is used in redirect URI when exchanging authorization code for tokens
+- **Implementation Isolation**: Internal authentication functions are no longer exported from package
+  - `startBrowserAuth`, `refreshJwtToken`, and `getTokenWithClientCredentials` are now internal functions
+  - Providers use private method wrappers to call these functions
+  - Constructor parameters (like `browserAuthPort`) are passed through private methods to internal functions
+  - This ensures proper encapsulation and prevents direct usage of internal implementation details
+- **Test Improvements**: Unit tests now use provider methods instead of direct internal function imports
+  - Tests use `jest.spyOn` to mock private provider methods instead of mocking internal functions
+  - Tests now properly test the public API of providers, ensuring better isolation
+  - This aligns with encapsulation principles and makes tests more maintainable
+
 ## [0.1.2] - 2025-12-05
 
 ### Changed

package/README.md

@@ -130,10 +130,11 @@ const btpBroker = new AuthBroker({
 const abapServiceKeyStore = new AbapServiceKeyStore('/path/to/service-keys');
 const abapSessionStore = new AbapSessionStore('/path/to/sessions');
 
+// Use custom port if running alongside other services (e.g., proxy on port 3001)
 const abapBroker = new AuthBroker({
   serviceKeyStore: abapServiceKeyStore,
   sessionStore: abapSessionStore,
-  tokenProvider: new BtpTokenProvider(), // BtpTokenProvider works for ABAP too
+  tokenProvider: new BtpTokenProvider(4001), // Custom port to avoid conflicts
 });
 ```
 
@@ -171,8 +172,12 @@ Uses browser-based OAuth2 flow or refresh token:
 import { BtpTokenProvider } from '@mcp-abap-adt/auth-providers';
 import type { IAuthorizationConfig } from '@mcp-abap-adt/auth-broker';
 
+// Create provider with default port (3001)
 const provider = new BtpTokenProvider();
 
+// Or specify custom port for OAuth callback server (useful to avoid port conflicts)
+const providerWithCustomPort = new BtpTokenProvider(4001);
+
 const authConfig: IAuthorizationConfig = {
   uaaUrl: 'https://...authentication...hana.ondemand.com',
   uaaClientId: '...',
@@ -191,6 +196,8 @@ const result = await provider.getConnectionConfig(authConfig, {
 // result.refreshToken contains refresh token (if browser flow was used)
 ```
 
+**Note**: The `browserAuthPort` parameter (default: 3001) configures the OAuth callback server port. This is useful when running the provider in environments where port 3001 is already in use (e.g., when running alongside a proxy server).
+
 ### Token Validation
 
 Both providers support token validation:
@@ -237,6 +244,32 @@ Integration tests will skip if `test-config.yaml` is not configured or contains
 - ABAP integration tests use `abap.destination` and require `AbapServiceKeyStore`/`AbapSessionStore` (with `sapUrl`)
 - BTP/ABAP integration tests may open a browser for authentication if no refresh token is available. This is expected behavior.
 
+### Debug Logging
+
+To enable detailed logging during tests or runtime, set environment variables:
+
+```bash
+# Enable logging for auth providers
+DEBUG_AUTH_PROVIDERS=true npm test
+
+# Or enable browser auth specific logging
+DEBUG_BROWSER_AUTH=true npm test
+
+# Set log level (debug, info, warn, error)
+LOG_LEVEL=debug npm test
+```
+
+Logging shows:
+- Token exchange stages (what we send, what we receive)
+- Token information (lengths, previews)
+- Errors with details
+
+Example output:
+```
+[INTEGRATION] Exchanging code for token: https://.../oauth/token
+[INTEGRATION] Tokens received: accessToken(2263 chars), refreshToken(34 chars)
+```
+
 ## Dependencies
 
 - `@mcp-abap-adt/auth-broker` (^0.1.6) - Interface definitions

package/dist/__tests__/helpers/testLogger.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Test logger with environment variable control
+ */
+import type { ILogger } from '@mcp-abap-adt/interfaces';
+export declare function createTestLogger(prefix?: string): ILogger;
+//# sourceMappingURL=testLogger.d.ts.map

package/dist/__tests__/helpers/testLogger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"testLogger.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/testLogger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAgBxD,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,MAAe,GAAG,OAAO,CA4BjE"}

package/dist/__tests__/helpers/testLogger.js

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * Test logger with environment variable control
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTestLogger = createTestLogger;
+function getLogLevel() {
+    const level = process.env.LOG_LEVEL?.toLowerCase() || 'info';
+    const levels = ['debug', 'info', 'warn', 'error'];
+    return levels.includes(level) ? level : 'info';
+}
+function shouldLog(level) {
+    const currentLevel = getLogLevel();
+    const levels = ['debug', 'info', 'warn', 'error'];
+    return levels.indexOf(level) >= levels.indexOf(currentLevel);
+}
+function createTestLogger(prefix = 'TEST') {
+    const level = getLogLevel();
+    const enabled = process.env.DEBUG_AUTH_PROVIDERS === 'true' ||
+        process.env.DEBUG_BROWSER_AUTH === 'true' ||
+        process.env.DEBUG === 'true';
+    return {
+        debug: (message, meta) => {
+            if (enabled && shouldLog('debug')) {
+                console.debug(`[${prefix}] [DEBUG] ${message}`, meta || '');
+            }
+        },
+        info: (message, meta) => {
+            if (enabled && shouldLog('info')) {
+                console.info(`[${prefix}] ${message}`, meta || '');
+            }
+        },
+        warn: (message, meta) => {
+            if (enabled && shouldLog('warn')) {
+                console.warn(`[${prefix}] [WARN] ${message}`, meta || '');
+            }
+        },
+        error: (message, meta) => {
+            if (enabled && shouldLog('error')) {
+                console.error(`[${prefix}] [ERROR] ${message}`, meta || '');
+            }
+        },
+    };
+}

package/dist/auth/browserAuth.d.ts

@@ -2,14 +2,24 @@
  * Browser authentication - OAuth2 flow for obtaining tokens
  */
 import type { IAuthorizationConfig, ILogger } from '@mcp-abap-adt/interfaces';
+/**
+ * Exchange authorization code for tokens
+ * @internal - Exported for testing
+ */
+export declare function exchangeCodeForToken(authConfig: IAuthorizationConfig, code: string, port?: number, log?: ILogger | null): Promise<{
+    accessToken: string;
+    refreshToken?: string;
+}>;
 /**
  * Start browser authentication flow
  * @param authConfig Authorization configuration with UAA credentials
  * @param browser Browser name (chrome, edge, firefox, system, none)
  * @param logger Optional logger instance. If not provided, uses default logger.
+ * @param port Port for OAuth callback server (default: 3001)
  * @returns Promise that resolves to tokens
+ * @internal - Internal function, not exported from package
  */
-export declare function startBrowserAuth(authConfig: IAuthorizationConfig, browser?: string, logger?: ILogger): Promise<{
+export declare function startBrowserAuth(authConfig: IAuthorizationConfig, browser?: string, logger?: ILogger, port?: number): Promise<{
     accessToken: string;
     refreshToken?: string;
 }>;

package/dist/auth/browserAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAkF9E;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkSzD"}
+{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAyB9E;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,oBAAoB,EAChC,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,MAAa,EACnB,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,GACnB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsCzD;AAaD;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,GAAE,MAAa,GAClB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuSzD"}

package/dist/auth/browserAuth.js

@@ -39,6 +39,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeCodeForToken = exchangeCodeForToken;
 exports.startBrowserAuth = startBrowserAuth;
 const http = __importStar(require("http"));
 const child_process = __importStar(require("child_process"));
@@ -65,16 +66,18 @@ function getJwtAuthorizationUrl(authConfig, port = 3001) {
 }
 /**
  * Exchange authorization code for tokens
+ * @internal - Exported for testing
  */
-async function exchangeCodeForToken(authConfig, code) {
+async function exchangeCodeForToken(authConfig, code, port = 3001, log) {
     const { uaaUrl: url, uaaClientId: clientid, uaaClientSecret: clientsecret } = authConfig;
     const tokenUrl = `${url}/oauth/token`;
-    const redirectUri = 'http://localhost:3001/callback';
+    const redirectUri = `http://localhost:${port}/callback`;
     const params = new URLSearchParams();
     params.append('grant_type', 'authorization_code');
     params.append('code', code);
     params.append('redirect_uri', redirectUri);
     const authString = Buffer.from(`${clientid}:${clientsecret}`).toString('base64');
+    log?.info(`Exchanging code for token: ${tokenUrl}`);
     const response = await (0, axios_1.default)({
         method: 'post',
         url: tokenUrl,
@@ -85,40 +88,41 @@ async function exchangeCodeForToken(authConfig, code) {
         data: params.toString(),
     });
     if (response.data && response.data.access_token) {
+        const accessToken = response.data.access_token;
+        const refreshToken = response.data.refresh_token;
+        log?.info(`Tokens received: accessToken(${accessToken.length} chars), refreshToken(${refreshToken?.length || 0} chars)`);
         return {
-            accessToken: response.data.access_token,
-            refreshToken: response.data.refresh_token,
+            accessToken,
+            refreshToken,
         };
     }
     else {
+        log?.error(`Token exchange failed: status ${response.status}, error: ${response.data?.error || 'unknown'}`);
         throw new Error('Response does not contain access_token');
     }
 }
 /**
- * Default logger implementation
+ * Check if debug logging is enabled for auth providers
  */
-const defaultLogger = {
-    info: (msg) => console.info(msg),
-    debug: (msg) => console.debug(`[DEBUG] ${msg}`),
-    error: (msg) => console.error(msg),
-    browserUrl: (url) => console.info(`🔗 Open in browser: ${url}`),
-    browserOpening: () => console.debug(`🌐 Opening browser for authentication...`),
-};
+function isDebugEnabled() {
+    return process.env.DEBUG_AUTH_PROVIDERS === 'true' ||
+        process.env.DEBUG_BROWSER_AUTH === 'true' ||
+        process.env.DEBUG === 'true' ||
+        process.env.DEBUG?.includes('auth-providers') === true ||
+        process.env.DEBUG?.includes('browser-auth') === true;
+}
 /**
  * Start browser authentication flow
  * @param authConfig Authorization configuration with UAA credentials
  * @param browser Browser name (chrome, edge, firefox, system, none)
  * @param logger Optional logger instance. If not provided, uses default logger.
+ * @param port Port for OAuth callback server (default: 3001)
  * @returns Promise that resolves to tokens
+ * @internal - Internal function, not exported from package
  */
-async function startBrowserAuth(authConfig, browser = 'system', logger) {
-    const log = logger ? {
-        info: (msg) => logger.info(msg),
-        debug: (msg) => logger.debug(msg),
-        error: (msg) => logger.error(msg),
-        browserUrl: (url) => logger.info(`🔗 Open in browser: ${url}`),
-        browserOpening: () => logger.debug('🌐 Opening browser for authentication...'),
-    } : defaultLogger;
+async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3001) {
+    // Use logger if provided, otherwise null (no logging)
+    const log = logger || null;
     return new Promise((originalResolve, originalReject) => {
         let timeoutId = null;
         const resolve = (value) => {
@@ -133,15 +137,18 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
         };
         const app = (0, express_1.default)();
         const server = http.createServer(app);
-        const PORT = 3001;
+        const PORT = port;
         let serverInstance = null;
         const authorizationUrl = getJwtAuthorizationUrl(authConfig, PORT);
         // OAuth2 callback handler
         app.get('/callback', async (req, res) => {
             try {
+                log?.info(`Callback received: ${req.url}`);
+                log?.debug(`Callback query: ${JSON.stringify(req.query)}`);
                 // Check for OAuth2 error parameters
                 const { error, error_description, error_uri } = req.query;
                 if (error) {
+                    log?.error(`Callback error: ${error}${error_description ? ` - ${error_description}` : ''}`);
                     const errorMsg = error_description
                         ? `${error}: ${error_description}`
                         : String(error);
@@ -212,10 +219,13 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                     return reject(new Error(`OAuth2 authentication failed: ${errorMsg}${error_uri ? ` (${error_uri})` : ''}`));
                 }
                 const { code } = req.query;
+                log?.debug(`Callback code received: ${code ? 'yes' : 'no'}`);
                 if (!code || typeof code !== 'string') {
+                    log?.error(`Callback code missing`);
                     res.status(400).send('Error: Authorization code missing');
                     return reject(new Error('Authorization code missing'));
                 }
+                log?.debug(`Exchanging code for token`);
                 // Send success page
                 const html = `<!DOCTYPE html>
 <html lang="en">
@@ -278,7 +288,8 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                 res.send(html);
                 // Exchange code for tokens and close server
                 try {
-                    const tokens = await exchangeCodeForToken(authConfig, code);
+                    const tokens = await exchangeCodeForToken(authConfig, code, PORT, log);
+                    log?.info(`Tokens received: accessToken(${tokens.accessToken?.length || 0} chars), refreshToken(${tokens.refreshToken?.length || 0} chars)`);
                     // Close all connections and server immediately after getting tokens
                     if (typeof server.closeAllConnections === 'function') {
                         server.closeAllConnections();
@@ -309,7 +320,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
         serverInstance = server.listen(PORT, async () => {
             const browserApp = BROWSER_MAP[browser];
             if (!browser || browser === 'none' || browserApp === null) {
-                log.browserUrl(authorizationUrl);
+                log?.info(`🔗 Open in browser: ${authorizationUrl}`, { url: authorizationUrl });
                 // For 'none' browser, don't wait for callback - throw error immediately
                 // User must open browser manually and we can't wait for callback in automated tests
                 if (serverInstance) {
@@ -321,7 +332,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                 return;
             }
             else {
-                log.browserOpening();
+                log?.debug('🌐 Opening browser for authentication...');
                 try {
                     // Try dynamic import first (for ES modules)
                     let open;
@@ -366,7 +377,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                         // Use child_process as fallback (non-blocking)
                         child_process.exec(`${command} "${authorizationUrl}"`, (error) => {
                             if (error) {
-                                log.error(`❌ Failed to open browser: ${error.message}. Please open manually: ${authorizationUrl}`);
+                                log?.error(`❌ Failed to open browser: ${error.message}. Please open manually: ${authorizationUrl}`, { error: error.message, url: authorizationUrl });
                             }
                         });
                         return; // Exit early since we're using child_process (non-blocking)
@@ -381,8 +392,8 @@ async function startBrowserAuth(authConfig, browser = 'system', logger) {
                 }
                 catch (error) {
                     // If browser cannot be opened, show URL and throw error for consumer to catch
-                    log.error(`❌ Failed to open browser: ${error?.message || String(error)}. Please open manually: ${authorizationUrl}`);
-                    log.browserUrl(authorizationUrl);
+                    log?.error(`❌ Failed to open browser: ${error?.message || String(error)}. Please open manually: ${authorizationUrl}`, { error: error?.message || String(error), url: authorizationUrl });
+                    log?.info(`🔗 Open in browser: ${authorizationUrl}`, { url: authorizationUrl });
                     // Throw error so consumer can distinguish this from "service key missing" error
                     reject(new Error(`Browser opening failed for destination authentication. Please open manually: ${authorizationUrl}`));
                 }

package/dist/auth/clientCredentialsAuth.d.ts

@@ -14,6 +14,7 @@ export interface ClientCredentialsResult {
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to access token
+ * @internal - Internal function, not exported from package
  */
 export declare function getTokenWithClientCredentials(uaaUrl: string, clientId: string, clientSecret: string): Promise<ClientCredentialsResult>;
 //# sourceMappingURL=clientCredentialsAuth.d.ts.map

package/dist/auth/clientCredentialsAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clientCredentialsAuth.d.ts","sourceRoot":"","sources":["../../src/auth/clientCredentialsAuth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,uBAAuB,CAAC,CAoClC"}
+{"version":3,"file":"clientCredentialsAuth.d.ts","sourceRoot":"","sources":["../../src/auth/clientCredentialsAuth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,uBAAuB,CAAC,CAoClC"}

package/dist/auth/clientCredentialsAuth.js

@@ -17,6 +17,7 @@ const axios_1 = __importDefault(require("axios"));
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to access token
+ * @internal - Internal function, not exported from package
  */
 async function getTokenWithClientCredentials(uaaUrl, clientId, clientSecret) {
     try {

package/dist/auth/tokenRefresher.d.ts

@@ -12,6 +12,7 @@ export interface TokenRefreshResult {
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to new tokens
+ * @internal - Internal function, not exported from package
  */
 export declare function refreshJwtToken(refreshToken: string, uaaUrl: string, clientId: string, clientSecret: string): Promise<TokenRefreshResult>;
 //# sourceMappingURL=tokenRefresher.d.ts.map

package/dist/auth/tokenRefresher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenRefresher.d.ts","sourceRoot":"","sources":["../../src/auth/tokenRefresher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}
+{"version":3,"file":"tokenRefresher.d.ts","sourceRoot":"","sources":["../../src/auth/tokenRefresher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}

package/dist/auth/tokenRefresher.js

@@ -15,6 +15,7 @@ const axios_1 = __importDefault(require("axios"));
  * @param clientId UAA client ID
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to new tokens
+ * @internal - Internal function, not exported from package
  */
 async function refreshJwtToken(refreshToken, uaaUrl, clientId, clientSecret) {
     try {

package/dist/index.d.ts

@@ -6,9 +6,4 @@
  */
 export { XsuaaTokenProvider } from './providers/XsuaaTokenProvider';
 export { BtpTokenProvider } from './providers/BtpTokenProvider';
-export { startBrowserAuth } from './auth/browserAuth';
-export { getTokenWithClientCredentials } from './auth/clientCredentialsAuth';
-export { refreshJwtToken } from './auth/tokenRefresher';
-export type { ClientCredentialsResult } from './auth/clientCredentialsAuth';
-export type { TokenRefreshResult } from './auth/tokenRefresher';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,YAAY,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAC5E,YAAY,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/index.js

@@ -6,16 +6,9 @@
  * Provides XSUAA and BTP token providers
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshJwtToken = exports.getTokenWithClientCredentials = exports.startBrowserAuth = exports.BtpTokenProvider = exports.XsuaaTokenProvider = void 0;
+exports.BtpTokenProvider = exports.XsuaaTokenProvider = void 0;
 // Token providers
 var XsuaaTokenProvider_1 = require("./providers/XsuaaTokenProvider");
 Object.defineProperty(exports, "XsuaaTokenProvider", { enumerable: true, get: function () { return XsuaaTokenProvider_1.XsuaaTokenProvider; } });
 var BtpTokenProvider_1 = require("./providers/BtpTokenProvider");
 Object.defineProperty(exports, "BtpTokenProvider", { enumerable: true, get: function () { return BtpTokenProvider_1.BtpTokenProvider; } });
-// Auth functions (for advanced usage)
-var browserAuth_1 = require("./auth/browserAuth");
-Object.defineProperty(exports, "startBrowserAuth", { enumerable: true, get: function () { return browserAuth_1.startBrowserAuth; } });
-var clientCredentialsAuth_1 = require("./auth/clientCredentialsAuth");
-Object.defineProperty(exports, "getTokenWithClientCredentials", { enumerable: true, get: function () { return clientCredentialsAuth_1.getTokenWithClientCredentials; } });
-var tokenRefresher_1 = require("./auth/tokenRefresher");
-Object.defineProperty(exports, "refreshJwtToken", { enumerable: true, get: function () { return tokenRefresher_1.refreshJwtToken; } });

package/dist/providers/BtpTokenProvider.d.ts

@@ -11,6 +11,17 @@ import type { ITokenProvider, ITokenProviderOptions, ITokenProviderResult, IAuth
  * Uses browser-based OAuth2 (if no refresh token) or refresh token flow.
  */
 export declare class BtpTokenProvider implements ITokenProvider {
+    private readonly browserAuthPort;
+    constructor(browserAuthPort?: number);
+    /**
+     * Private method wrapper for browser authentication
+     * Proxies port from constructor to internal function
+     */
+    private startBrowserAuth;
+    /**
+     * Private method wrapper for token refresh
+     */
+    private refreshJwtToken;
     getConnectionConfig(authConfig: IAuthorizationConfig, options?: ITokenProviderOptions): Promise<ITokenProviderResult>;
     validateToken(token: string, serviceUrl?: string): Promise<boolean>;
 }

package/dist/providers/BtpTokenProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BtpTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/BtpTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAKlI;;;;GAIG;AACH,qBAAa,gBAAiB,YAAW,cAAc;IAC/C,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAmC1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA0C1E"}
+{"version":3,"file":"BtpTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/BtpTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAW,MAAM,0BAA0B,CAAC;AAO3I;;;;GAIG;AACH,qBAAa,gBAAiB,YAAW,cAAc;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAE7B,eAAe,CAAC,EAAE,MAAM;IAKpC;;;OAGG;YACW,gBAAgB;IAQ9B;;OAEG;YACW,eAAe;IASvB,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAmC1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA0C1E"}

package/dist/providers/BtpTokenProvider.js

@@ -10,15 +10,34 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BtpTokenProvider = void 0;
+const axios_1 = __importDefault(require("axios"));
+// Import internal functions (not exported)
 const browserAuth_1 = require("../auth/browserAuth");
 const tokenRefresher_1 = require("../auth/tokenRefresher");
-const axios_1 = __importDefault(require("axios"));
 /**
  * BTP/ABAP token provider implementation
  *
  * Uses browser-based OAuth2 (if no refresh token) or refresh token flow.
  */
 class BtpTokenProvider {
+    browserAuthPort;
+    constructor(browserAuthPort) {
+        // Default to 3001 if not specified
+        this.browserAuthPort = browserAuthPort ?? 3001;
+    }
+    /**
+     * Private method wrapper for browser authentication
+     * Proxies port from constructor to internal function
+     */
+    async startBrowserAuth(authConfig, browser, logger) {
+        return (0, browserAuth_1.startBrowserAuth)(authConfig, browser, logger, this.browserAuthPort);
+    }
+    /**
+     * Private method wrapper for token refresh
+     */
+    async refreshJwtToken(refreshToken, uaaUrl, clientId, clientSecret) {
+        return (0, tokenRefresher_1.refreshJwtToken)(refreshToken, uaaUrl, clientId, clientSecret);
+    }
     async getConnectionConfig(authConfig, options) {
         const logger = options?.logger;
         const browser = options?.browser || 'system';
@@ -28,14 +47,14 @@ class BtpTokenProvider {
             if (logger) {
                 logger.debug('No refresh token found. Starting browser authentication...');
             }
-            result = await (0, browserAuth_1.startBrowserAuth)(authConfig, browser, logger);
+            result = await this.startBrowserAuth(authConfig, browser, logger);
         }
         else {
             // Use refresh token to get new access token
             if (logger) {
                 logger.debug('Refreshing token using refresh token...');
             }
-            result = await (0, tokenRefresher_1.refreshJwtToken)(authConfig.refreshToken, authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
+            result = await this.refreshJwtToken(authConfig.refreshToken, authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
         }
         return {
             connectionConfig: {

package/dist/providers/XsuaaTokenProvider.d.ts

@@ -11,6 +11,10 @@ import type { ITokenProvider, ITokenProviderOptions, ITokenProviderResult, IAuth
  * Uses client_credentials grant type - no browser, no refresh token needed.
  */
 export declare class XsuaaTokenProvider implements ITokenProvider {
+    /**
+     * Private method wrapper for client credentials authentication
+     */
+    private getTokenWithClientCredentials;
     getConnectionConfig(authConfig: IAuthorizationConfig, options?: ITokenProviderOptions): Promise<ITokenProviderResult>;
     validateToken(token: string, serviceUrl?: string): Promise<boolean>;
 }

package/dist/providers/XsuaaTokenProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"XsuaaTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/XsuaaTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAIlI;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,cAAc;IACjD,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAyB1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgD1E"}
+{"version":3,"file":"XsuaaTokenProvider.d.ts","sourceRoot":"","sources":["../../src/providers/XsuaaTokenProvider.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAMlI;;;;GAIG;AACH,qBAAa,kBAAmB,YAAW,cAAc;IACvD;;OAEG;YACW,6BAA6B;IAQrC,mBAAmB,CACvB,UAAU,EAAE,oBAAoB,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;IAyB1B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgD1E"}

package/dist/providers/XsuaaTokenProvider.js

@@ -10,21 +10,28 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.XsuaaTokenProvider = void 0;
-const clientCredentialsAuth_1 = require("../auth/clientCredentialsAuth");
 const axios_1 = __importDefault(require("axios"));
+// Import internal function (not exported)
+const clientCredentialsAuth_1 = require("../auth/clientCredentialsAuth");
 /**
  * XSUAA token provider implementation
  *
  * Uses client_credentials grant type - no browser, no refresh token needed.
  */
 class XsuaaTokenProvider {
+    /**
+     * Private method wrapper for client credentials authentication
+     */
+    async getTokenWithClientCredentials(uaaUrl, clientId, clientSecret) {
+        return (0, clientCredentialsAuth_1.getTokenWithClientCredentials)(uaaUrl, clientId, clientSecret);
+    }
     async getConnectionConfig(authConfig, options) {
         const logger = options?.logger;
         if (logger) {
             logger.debug('Using client_credentials grant type for XSUAA...');
         }
         // XSUAA uses client_credentials - no refresh token needed
-        const result = await (0, clientCredentialsAuth_1.getTokenWithClientCredentials)(authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
+        const result = await this.getTokenWithClientCredentials(authConfig.uaaUrl, authConfig.uaaClientId, authConfig.uaaClientSecret);
         // XSUAA doesn't provide serviceUrl in authorization config
         // It's provided separately (from YAML, parameter, or request header)
         return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-providers",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Token providers for MCP ABAP ADT auth-broker - XSUAA and BTP token providers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",