@mcp-abap-adt/auth-providers 0.1.3 → 0.1.5

package/CHANGELOG.md

@@ -7,6 +7,38 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.5] - 2025-12-13
+
+### Changed
+- Dependency bump: `@mcp-abap-adt/interfaces` to `^0.1.16` to align with latest interfaces release
+
+## [0.1.4] - 2025-12-08
+
+### Added
+- **Integration Tests for browserAuth**: Added real integration test that uses actual service keys and OAuth flow
+  - Test verifies token retrieval with real credentials from service keys
+  - Shows all authentication stages with logging when `DEBUG_AUTH_PROVIDERS=true` is set
+  - Tests both access token and refresh token retrieval
+- **Test Logger Helper**: Added `createTestLogger` helper for tests with environment variable control
+  - Supports log levels (debug, info, warn, error) via `LOG_LEVEL` environment variable
+  - Only outputs logs when `DEBUG_AUTH_PROVIDERS=true` or `DEBUG_BROWSER_AUTH=true` is set
+  - Provides clean, controlled logging for test scenarios
+
+### Changed
+- **Improved Logging in browserAuth**: Made logging more concise and informative
+  - All log messages are now single-line strings without verbose objects
+  - Logs show key information: what we send, what we receive, token lengths
+  - Example: `Tokens received: accessToken(2263 chars), refreshToken(34 chars)`
+  - Logging only works when logger is provided (no default console output)
+- **exchangeCodeForToken Function**: Exported for testing purposes
+  - Function is marked as `@internal` but exported to enable unit testing
+  - Allows testing token exchange logic without full browser auth flow
+
+### Fixed
+- **Test Error Logging**: Fixed error test to use mock logger without console output
+  - Error test no longer pollutes console with error messages
+  - Still verifies that error logging occurs via spy
+
 ## [0.1.3] - 2025-12-07
 
 ### Added
@@ -107,4 +139,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `@mcp-abap-adt/auth-stores` ^0.1.2 - Store implementations
 - `@mcp-abap-adt/connection` ^0.1.13 - Connection utilities
 - `@mcp-abap-adt/logger` ^0.1.0 - Logging utilities
-

package/README.md

@@ -244,6 +244,32 @@ Integration tests will skip if `test-config.yaml` is not configured or contains
 - ABAP integration tests use `abap.destination` and require `AbapServiceKeyStore`/`AbapSessionStore` (with `sapUrl`)
 - BTP/ABAP integration tests may open a browser for authentication if no refresh token is available. This is expected behavior.
 
+### Debug Logging
+
+To enable detailed logging during tests or runtime, set environment variables:
+
+```bash
+# Enable logging for auth providers
+DEBUG_AUTH_PROVIDERS=true npm test
+
+# Or enable browser auth specific logging
+DEBUG_BROWSER_AUTH=true npm test
+
+# Set log level (debug, info, warn, error)
+LOG_LEVEL=debug npm test
+```
+
+Logging shows:
+- Token exchange stages (what we send, what we receive)
+- Token information (lengths, previews)
+- Errors with details
+
+Example output:
+```
+[INTEGRATION] Exchanging code for token: https://.../oauth/token
+[INTEGRATION] Tokens received: accessToken(2263 chars), refreshToken(34 chars)
+```
+
 ## Dependencies
 
 - `@mcp-abap-adt/auth-broker` (^0.1.6) - Interface definitions

package/dist/__tests__/helpers/testLogger.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Test logger with environment variable control
+ */
+import type { ILogger } from '@mcp-abap-adt/interfaces';
+export declare function createTestLogger(prefix?: string): ILogger;
+//# sourceMappingURL=testLogger.d.ts.map

package/dist/__tests__/helpers/testLogger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"testLogger.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/testLogger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAgBxD,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,MAAe,GAAG,OAAO,CA4BjE"}

package/dist/__tests__/helpers/testLogger.js

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * Test logger with environment variable control
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTestLogger = createTestLogger;
+function getLogLevel() {
+    const level = process.env.LOG_LEVEL?.toLowerCase() || 'info';
+    const levels = ['debug', 'info', 'warn', 'error'];
+    return levels.includes(level) ? level : 'info';
+}
+function shouldLog(level) {
+    const currentLevel = getLogLevel();
+    const levels = ['debug', 'info', 'warn', 'error'];
+    return levels.indexOf(level) >= levels.indexOf(currentLevel);
+}
+function createTestLogger(prefix = 'TEST') {
+    const level = getLogLevel();
+    const enabled = process.env.DEBUG_AUTH_PROVIDERS === 'true' ||
+        process.env.DEBUG_BROWSER_AUTH === 'true' ||
+        process.env.DEBUG === 'true';
+    return {
+        debug: (message, meta) => {
+            if (enabled && shouldLog('debug')) {
+                console.debug(`[${prefix}] [DEBUG] ${message}`, meta || '');
+            }
+        },
+        info: (message, meta) => {
+            if (enabled && shouldLog('info')) {
+                console.info(`[${prefix}] ${message}`, meta || '');
+            }
+        },
+        warn: (message, meta) => {
+            if (enabled && shouldLog('warn')) {
+                console.warn(`[${prefix}] [WARN] ${message}`, meta || '');
+            }
+        },
+        error: (message, meta) => {
+            if (enabled && shouldLog('error')) {
+                console.error(`[${prefix}] [ERROR] ${message}`, meta || '');
+            }
+        },
+    };
+}

package/dist/auth/browserAuth.d.ts

@@ -2,6 +2,14 @@
  * Browser authentication - OAuth2 flow for obtaining tokens
  */
 import type { IAuthorizationConfig, ILogger } from '@mcp-abap-adt/interfaces';
+/**
+ * Exchange authorization code for tokens
+ * @internal - Exported for testing
+ */
+export declare function exchangeCodeForToken(authConfig: IAuthorizationConfig, code: string, port?: number, log?: ILogger | null): Promise<{
+    accessToken: string;
+    refreshToken?: string;
+}>;
 /**
  * Start browser authentication flow
  * @param authConfig Authorization configuration with UAA credentials

package/dist/auth/browserAuth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAkF9E;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,GAAE,MAAa,GAClB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkSzD"}
+{"version":3,"file":"browserAuth.d.ts","sourceRoot":"","sources":["../../src/auth/browserAuth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAyB9E;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,oBAAoB,EAChC,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,MAAa,EACnB,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,GACnB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsCzD;AAaD;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,OAAO,GAAE,MAAiB,EAC1B,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,GAAE,MAAa,GAClB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuSzD"}

package/dist/auth/browserAuth.js

@@ -39,6 +39,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeCodeForToken = exchangeCodeForToken;
 exports.startBrowserAuth = startBrowserAuth;
 const http = __importStar(require("http"));
 const child_process = __importStar(require("child_process"));
@@ -65,8 +66,9 @@ function getJwtAuthorizationUrl(authConfig, port = 3001) {
 }
 /**
  * Exchange authorization code for tokens
+ * @internal - Exported for testing
  */
-async function exchangeCodeForToken(authConfig, code, port = 3001) {
+async function exchangeCodeForToken(authConfig, code, port = 3001, log) {
     const { uaaUrl: url, uaaClientId: clientid, uaaClientSecret: clientsecret } = authConfig;
     const tokenUrl = `${url}/oauth/token`;
     const redirectUri = `http://localhost:${port}/callback`;
@@ -75,6 +77,7 @@ async function exchangeCodeForToken(authConfig, code, port = 3001) {
     params.append('code', code);
     params.append('redirect_uri', redirectUri);
     const authString = Buffer.from(`${clientid}:${clientsecret}`).toString('base64');
+    log?.info(`Exchanging code for token: ${tokenUrl}`);
     const response = await (0, axios_1.default)({
         method: 'post',
         url: tokenUrl,
@@ -85,25 +88,29 @@ async function exchangeCodeForToken(authConfig, code, port = 3001) {
         data: params.toString(),
     });
     if (response.data && response.data.access_token) {
+        const accessToken = response.data.access_token;
+        const refreshToken = response.data.refresh_token;
+        log?.info(`Tokens received: accessToken(${accessToken.length} chars), refreshToken(${refreshToken?.length || 0} chars)`);
         return {
-            accessToken: response.data.access_token,
-            refreshToken: response.data.refresh_token,
+            accessToken,
+            refreshToken,
         };
     }
     else {
+        log?.error(`Token exchange failed: status ${response.status}, error: ${response.data?.error || 'unknown'}`);
         throw new Error('Response does not contain access_token');
     }
 }
 /**
- * Default logger implementation
+ * Check if debug logging is enabled for auth providers
  */
-const defaultLogger = {
-    info: (msg) => console.info(msg),
-    debug: (msg) => console.debug(`[DEBUG] ${msg}`),
-    error: (msg) => console.error(msg),
-    browserUrl: (url) => console.info(`🔗 Open in browser: ${url}`),
-    browserOpening: () => console.debug(`🌐 Opening browser for authentication...`),
-};
+function isDebugEnabled() {
+    return process.env.DEBUG_AUTH_PROVIDERS === 'true' ||
+        process.env.DEBUG_BROWSER_AUTH === 'true' ||
+        process.env.DEBUG === 'true' ||
+        process.env.DEBUG?.includes('auth-providers') === true ||
+        process.env.DEBUG?.includes('browser-auth') === true;
+}
 /**
  * Start browser authentication flow
  * @param authConfig Authorization configuration with UAA credentials
@@ -114,13 +121,8 @@ const defaultLogger = {
  * @internal - Internal function, not exported from package
  */
 async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3001) {
-    const log = logger ? {
-        info: (msg) => logger.info(msg),
-        debug: (msg) => logger.debug(msg),
-        error: (msg) => logger.error(msg),
-        browserUrl: (url) => logger.info(`🔗 Open in browser: ${url}`),
-        browserOpening: () => logger.debug('🌐 Opening browser for authentication...'),
-    } : defaultLogger;
+    // Use logger if provided, otherwise null (no logging)
+    const log = logger || null;
     return new Promise((originalResolve, originalReject) => {
         let timeoutId = null;
         const resolve = (value) => {
@@ -141,9 +143,12 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
         // OAuth2 callback handler
         app.get('/callback', async (req, res) => {
             try {
+                log?.info(`Callback received: ${req.url}`);
+                log?.debug(`Callback query: ${JSON.stringify(req.query)}`);
                 // Check for OAuth2 error parameters
                 const { error, error_description, error_uri } = req.query;
                 if (error) {
+                    log?.error(`Callback error: ${error}${error_description ? ` - ${error_description}` : ''}`);
                     const errorMsg = error_description
                         ? `${error}: ${error_description}`
                         : String(error);
@@ -214,10 +219,13 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
                     return reject(new Error(`OAuth2 authentication failed: ${errorMsg}${error_uri ? ` (${error_uri})` : ''}`));
                 }
                 const { code } = req.query;
+                log?.debug(`Callback code received: ${code ? 'yes' : 'no'}`);
                 if (!code || typeof code !== 'string') {
+                    log?.error(`Callback code missing`);
                     res.status(400).send('Error: Authorization code missing');
                     return reject(new Error('Authorization code missing'));
                 }
+                log?.debug(`Exchanging code for token`);
                 // Send success page
                 const html = `<!DOCTYPE html>
 <html lang="en">
@@ -280,7 +288,8 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
                 res.send(html);
                 // Exchange code for tokens and close server
                 try {
-                    const tokens = await exchangeCodeForToken(authConfig, code, PORT);
+                    const tokens = await exchangeCodeForToken(authConfig, code, PORT, log);
+                    log?.info(`Tokens received: accessToken(${tokens.accessToken?.length || 0} chars), refreshToken(${tokens.refreshToken?.length || 0} chars)`);
                     // Close all connections and server immediately after getting tokens
                     if (typeof server.closeAllConnections === 'function') {
                         server.closeAllConnections();
@@ -311,7 +320,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
         serverInstance = server.listen(PORT, async () => {
             const browserApp = BROWSER_MAP[browser];
             if (!browser || browser === 'none' || browserApp === null) {
-                log.browserUrl(authorizationUrl);
+                log?.info(`🔗 Open in browser: ${authorizationUrl}`, { url: authorizationUrl });
                 // For 'none' browser, don't wait for callback - throw error immediately
                 // User must open browser manually and we can't wait for callback in automated tests
                 if (serverInstance) {
@@ -323,7 +332,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
                 return;
             }
             else {
-                log.browserOpening();
+                log?.debug('🌐 Opening browser for authentication...');
                 try {
                     // Try dynamic import first (for ES modules)
                     let open;
@@ -368,7 +377,7 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
                         // Use child_process as fallback (non-blocking)
                         child_process.exec(`${command} "${authorizationUrl}"`, (error) => {
                             if (error) {
-                                log.error(`❌ Failed to open browser: ${error.message}. Please open manually: ${authorizationUrl}`);
+                                log?.error(`❌ Failed to open browser: ${error.message}. Please open manually: ${authorizationUrl}`, { error: error.message, url: authorizationUrl });
                             }
                         });
                         return; // Exit early since we're using child_process (non-blocking)
@@ -383,8 +392,8 @@ async function startBrowserAuth(authConfig, browser = 'system', logger, port = 3
                 }
                 catch (error) {
                     // If browser cannot be opened, show URL and throw error for consumer to catch
-                    log.error(`❌ Failed to open browser: ${error?.message || String(error)}. Please open manually: ${authorizationUrl}`);
-                    log.browserUrl(authorizationUrl);
+                    log?.error(`❌ Failed to open browser: ${error?.message || String(error)}. Please open manually: ${authorizationUrl}`, { error: error?.message || String(error), url: authorizationUrl });
+                    log?.info(`🔗 Open in browser: ${authorizationUrl}`, { url: authorizationUrl });
                     // Throw error so consumer can distinguish this from "service key missing" error
                     reject(new Error(`Browser opening failed for destination authentication. Please open manually: ${authorizationUrl}`));
                 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-providers",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Token providers for MCP ABAP ADT auth-broker - XSUAA and BTP token providers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -48,7 +48,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/interfaces": "^0.1.1",
+    "@mcp-abap-adt/interfaces": "^0.1.16",
     "axios": "^1.11.0",
     "express": "^5.1.0",
     "open": "^11.0.0"