@mcp-abap-adt/auth-providers 1.0.0 → 1.0.2

package/CHANGELOG.md

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.0.2] - 2026-02-11
+
+### Added
+- OIDC providers now support explicit endpoints (`authorizationEndpoint`, `tokenEndpoint`, `deviceAuthorizationEndpoint`) without discovery.
+- OIDC browser flow supports manual authorization code input via `authorizationCode` / `authorizationCodeProvider`.
+- OIDC browser flow supports custom `redirectUri` (required for manual code / OOB flows).
+
+### Changed
+- OIDC provider configs accept optional `issuerUrl` when explicit endpoints are provided.
+- Dependency updates: `axios` ^1.13.5, `@biomejs/biome` ^2.3.14, `@mcp-abap-adt/auth-stores` ^1.0.1, `@types/node` ^25.2.3, `pino` ^10.3.1.
+
 ## [1.0.0] - 2026-02-10
 
 ### Added
@@ -15,6 +26,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - SAML2 flows: browser/manual/assertion input, bearer exchange, and pure SAML (cookie-based) output.
 - `BaseTokenProvider` now supports `tokenType` and `expiresAt` from `ITokenResult`.
 
+## [1.0.1] - 2026-02-10
+
+### Added
+- GitHub Actions CI workflow (build + test on push/PR).
+
 ## [0.2.10] - 2025-12-25
 
 ### Changed

package/README.md

@@ -108,6 +108,7 @@ Available providers:
 - `OidcDeviceFlowProvider`
 - `OidcPasswordProvider`
 - `OidcTokenExchangeProvider`
+- `CfPasscodeProvider` (Cloud Foundry SSO passcode)
 - `Saml2BearerProvider` (SAML assertion exchange)
 - `Saml2PureProvider` (returns SAMLResponse as token)
 
@@ -132,6 +133,32 @@ const tokenProvider = SsoProviderFactory.create({
 const broker = new AuthBroker({ tokenProvider }, 'none');
 ```
 
+OIDC browser example (manual code + explicit endpoints):
+
+```typescript
+import { OidcBrowserProvider } from '@mcp-abap-adt/auth-providers';
+
+const provider = new OidcBrowserProvider({
+  clientId: '...',
+  tokenEndpoint: 'https://issuer/oauth/token',
+  authorizationEndpoint: 'https://issuer/oauth/authorize',
+  authorizationCode: '<paste-code-here>',
+  redirectUri: 'urn:ietf:wg:oauth:2.0:oob',
+});
+```
+
+Cloud Foundry passcode example:
+
+```typescript
+import { CfPasscodeProvider } from '@mcp-abap-adt/auth-providers';
+
+const provider = new CfPasscodeProvider({
+  uaaUrl: 'https://uaa.cf.example.com',
+  clientId: 'cf',
+  passcode: '<paste-passcode-here>',
+});
+```
+
 SAML bearer example (manual flow):
 
 ```typescript

package/dist/index.d.ts

@@ -5,8 +5,8 @@
  * Provides token providers
  */
 export { BrowserAuthError, RefreshError, ServiceKeyError, SessionDataError, TokenProviderError, ValidationError, } from './errors/TokenProviderErrors';
-export type { AuthorizationCodeProviderConfig, ClientCredentialsProviderConfig, DeviceFlowProviderConfig, OidcBrowserProviderConfig, OidcDeviceFlowProviderConfig, OidcPasswordProviderConfig, OidcTokenExchangeProviderConfig, Saml2BearerProviderConfig, Saml2PureProviderConfig, } from './providers';
-export { AuthorizationCodeProvider, BaseTokenProvider, ClientCredentialsProvider, DeviceFlowProvider, OidcBrowserProvider, OidcDeviceFlowProvider, OidcPasswordProvider, OidcTokenExchangeProvider, Saml2BearerProvider, Saml2PureProvider, } from './providers';
+export type { AuthorizationCodeProviderConfig, CfPasscodeProviderConfig, ClientCredentialsProviderConfig, DeviceFlowProviderConfig, OidcBrowserProviderConfig, OidcDeviceFlowProviderConfig, OidcPasswordProviderConfig, OidcTokenExchangeProviderConfig, Saml2BearerProviderConfig, Saml2PureProviderConfig, } from './providers';
+export { AuthorizationCodeProvider, BaseTokenProvider, CfPasscodeProvider, ClientCredentialsProvider, DeviceFlowProvider, OidcBrowserProvider, OidcDeviceFlowProvider, OidcPasswordProvider, OidcTokenExchangeProvider, Saml2BearerProvider, Saml2PureProvider, } from './providers';
 export { SsoProviderFactory } from './sso/SsoProviderFactory';
 export type { SsoProviderConfig, SsoProviderInstance } from './sso/types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,+BAA+B,EAC/B,+BAA+B,EAC/B,wBAAwB,EACxB,yBAAyB,EACzB,4BAA4B,EAC5B,0BAA0B,EAC1B,+BAA+B,EAC/B,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,+BAA+B,EAC/B,wBAAwB,EACxB,+BAA+B,EAC/B,wBAAwB,EACxB,yBAAyB,EACzB,4BAA4B,EAC5B,0BAA0B,EAC1B,+BAA+B,EAC/B,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -6,7 +6,7 @@
  * Provides token providers
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SsoProviderFactory = exports.Saml2PureProvider = exports.Saml2BearerProvider = exports.OidcTokenExchangeProvider = exports.OidcPasswordProvider = exports.OidcDeviceFlowProvider = exports.OidcBrowserProvider = exports.DeviceFlowProvider = exports.ClientCredentialsProvider = exports.BaseTokenProvider = exports.AuthorizationCodeProvider = exports.ValidationError = exports.TokenProviderError = exports.SessionDataError = exports.ServiceKeyError = exports.RefreshError = exports.BrowserAuthError = void 0;
+exports.SsoProviderFactory = exports.Saml2PureProvider = exports.Saml2BearerProvider = exports.OidcTokenExchangeProvider = exports.OidcPasswordProvider = exports.OidcDeviceFlowProvider = exports.OidcBrowserProvider = exports.DeviceFlowProvider = exports.ClientCredentialsProvider = exports.CfPasscodeProvider = exports.BaseTokenProvider = exports.AuthorizationCodeProvider = exports.ValidationError = exports.TokenProviderError = exports.SessionDataError = exports.ServiceKeyError = exports.RefreshError = exports.BrowserAuthError = void 0;
 // Errors
 var TokenProviderErrors_1 = require("./errors/TokenProviderErrors");
 Object.defineProperty(exports, "BrowserAuthError", { enumerable: true, get: function () { return TokenProviderErrors_1.BrowserAuthError; } });
@@ -19,6 +19,7 @@ Object.defineProperty(exports, "ValidationError", { enumerable: true, get: funct
 var providers_1 = require("./providers");
 Object.defineProperty(exports, "AuthorizationCodeProvider", { enumerable: true, get: function () { return providers_1.AuthorizationCodeProvider; } });
 Object.defineProperty(exports, "BaseTokenProvider", { enumerable: true, get: function () { return providers_1.BaseTokenProvider; } });
+Object.defineProperty(exports, "CfPasscodeProvider", { enumerable: true, get: function () { return providers_1.CfPasscodeProvider; } });
 Object.defineProperty(exports, "ClientCredentialsProvider", { enumerable: true, get: function () { return providers_1.ClientCredentialsProvider; } });
 Object.defineProperty(exports, "DeviceFlowProvider", { enumerable: true, get: function () { return providers_1.DeviceFlowProvider; } });
 Object.defineProperty(exports, "OidcBrowserProvider", { enumerable: true, get: function () { return providers_1.OidcBrowserProvider; } });

package/dist/providers/CfPasscodeProvider.d.ts

@@ -0,0 +1,27 @@
+/**
+ * CF Passcode (SSO) Provider
+ */
+import type { ILogger, ITokenResult, OAuth2GrantType } from '@mcp-abap-adt/interfaces';
+import { BaseTokenProvider } from './BaseTokenProvider';
+export interface CfPasscodeProviderConfig {
+    uaaUrl: string;
+    clientId: string;
+    clientSecret?: string;
+    passcode?: string;
+    passcodeProvider?: () => Promise<string>;
+    username?: string;
+    scope?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    logger?: ILogger;
+}
+export declare class CfPasscodeProvider extends BaseTokenProvider {
+    private config;
+    constructor(config: CfPasscodeProviderConfig);
+    protected getAuthType(): OAuth2GrantType;
+    protected performLogin(): Promise<ITokenResult>;
+    protected performRefresh(): Promise<ITokenResult>;
+    private buildTokenEndpoint;
+    private resolvePasscode;
+}
+//# sourceMappingURL=CfPasscodeProvider.d.ts.map

package/dist/providers/CfPasscodeProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CfPasscodeProvider.d.ts","sourceRoot":"","sources":["../../src/providers/CfPasscodeProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,kBAAmB,SAAQ,iBAAiB;IACvD,OAAO,CAAC,MAAM,CAA2B;gBAE7B,MAAM,EAAE,wBAAwB;IAc5C,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAwBrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;IAuBvD,OAAO,CAAC,kBAAkB;YAKZ,eAAe;CAa9B"}

package/dist/providers/CfPasscodeProvider.js

@@ -0,0 +1,72 @@
+"use strict";
+/**
+ * CF Passcode (SSO) Provider
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CfPasscodeProvider = void 0;
+const interfaces_1 = require("@mcp-abap-adt/interfaces");
+const oidcToken_1 = require("../auth/oidcToken");
+const BaseTokenProvider_1 = require("./BaseTokenProvider");
+class CfPasscodeProvider extends BaseTokenProvider_1.BaseTokenProvider {
+    config;
+    constructor(config) {
+        super();
+        this.config = config;
+        this.logger = config.logger;
+        if (config.accessToken) {
+            this.authorizationToken = config.accessToken;
+            this.expiresAt = this.parseExpirationFromJWT(config.accessToken);
+        }
+        if (config.refreshToken) {
+            this.refreshToken = config.refreshToken;
+        }
+    }
+    getAuthType() {
+        return interfaces_1.AUTH_TYPE_PASSWORD;
+    }
+    async performLogin() {
+        const passcode = await this.resolvePasscode();
+        const tokenEndpoint = this.buildTokenEndpoint();
+        const username = this.config.username || 'passcode';
+        const tokens = await (0, oidcToken_1.passwordGrant)(tokenEndpoint, this.config.clientId, this.config.clientSecret, username, passcode, this.config.scope, this.logger);
+        return {
+            authorizationToken: tokens.accessToken,
+            refreshToken: tokens.refreshToken,
+            authType: interfaces_1.AUTH_TYPE_PASSWORD,
+            expiresIn: tokens.expiresIn,
+            tokenType: 'jwt',
+        };
+    }
+    async performRefresh() {
+        if (!this.refreshToken) {
+            return this.performLogin();
+        }
+        const tokenEndpoint = this.buildTokenEndpoint();
+        const tokens = await (0, oidcToken_1.refreshOidcToken)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
+        return {
+            authorizationToken: tokens.accessToken,
+            refreshToken: tokens.refreshToken || this.refreshToken,
+            authType: interfaces_1.AUTH_TYPE_PASSWORD,
+            expiresIn: tokens.expiresIn,
+            tokenType: 'jwt',
+        };
+    }
+    buildTokenEndpoint() {
+        const base = this.config.uaaUrl.replace(/\/$/, '');
+        return `${base}/oauth/token`;
+    }
+    async resolvePasscode() {
+        if (this.config.passcode) {
+            return this.config.passcode;
+        }
+        if (this.config.passcodeProvider) {
+            const code = await this.config.passcodeProvider();
+            if (!code) {
+                throw new Error('Passcode provider returned empty value');
+            }
+            return code;
+        }
+        throw new Error('Passcode is required for CF SSO flow');
+    }
+}
+exports.CfPasscodeProvider = CfPasscodeProvider;

package/dist/providers/OidcBrowserProvider.d.ts

@@ -4,12 +4,17 @@
 import type { ILogger, ITokenResult, OAuth2GrantType } from '@mcp-abap-adt/interfaces';
 import { BaseTokenProvider } from './BaseTokenProvider';
 export interface OidcBrowserProviderConfig {
-    issuerUrl: string;
+    issuerUrl?: string;
     clientId: string;
     clientSecret?: string;
     scopes?: string[];
     browser?: string;
     redirectPort?: number;
+    redirectUri?: string;
+    authorizationCode?: string;
+    authorizationCodeProvider?: () => Promise<string>;
+    authorizationEndpoint?: string;
+    tokenEndpoint?: string;
     accessToken?: string;
     refreshToken?: string;
     logger?: ILogger;
@@ -20,5 +25,6 @@ export declare class OidcBrowserProvider extends BaseTokenProvider {
     protected getAuthType(): OAuth2GrantType;
     protected performLogin(): Promise<ITokenResult>;
     protected performRefresh(): Promise<ITokenResult>;
+    private resolveAuthorizationCode;
 }
 //# sourceMappingURL=OidcBrowserProvider.d.ts.map

package/dist/providers/OidcBrowserProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcBrowserProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcBrowserProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,mBAAoB,SAAQ,iBAAiB;IACxD,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,yBAAyB;IAc7C,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAsDrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAsBxD"}
+{"version":3,"file":"OidcBrowserProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcBrowserProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAMlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,yBAAyB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,mBAAoB,SAAQ,iBAAiB;IACxD,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,yBAAyB;IAc7C,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAsFrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;YAoCzC,wBAAwB;CA8BvC"}

package/dist/providers/OidcBrowserProvider.js

@@ -28,12 +28,33 @@ class OidcBrowserProvider extends BaseTokenProvider_1.BaseTokenProvider {
         return interfaces_1.AUTH_TYPE_AUTHORIZATION_CODE_PKCE;
     }
     async performLogin() {
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        if (!discovery.authorization_endpoint) {
-            throw new Error('OIDC discovery missing authorization_endpoint');
+        const needsAuthorizationEndpoint = !this.config.authorizationCode && !this.config.authorizationCodeProvider;
+        const requiresDiscovery = (needsAuthorizationEndpoint && !this.config.authorizationEndpoint) ||
+            !this.config.tokenEndpoint;
+        let discovery = null;
+        if (requiresDiscovery) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const authorizationEndpoint = needsAuthorizationEndpoint
+            ? this.config.authorizationEndpoint || discovery?.authorization_endpoint
+            : undefined;
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (needsAuthorizationEndpoint && !authorizationEndpoint) {
+            throw new Error('OIDC authorization endpoint is required (authorizationEndpoint or discovery)');
+        }
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
         }
         const redirectPort = this.config.redirectPort || 3001;
-        const redirectUri = `http://localhost:${redirectPort}/callback`;
+        const redirectUri = this.config.redirectUri || `http://localhost:${redirectPort}/callback`;
+        if (needsAuthorizationEndpoint && this.config.redirectUri) {
+            if (!redirectUri.startsWith('http://localhost:')) {
+                throw new Error('OIDC redirectUri must be localhost for browser callback flow');
+            }
+        }
         const scope = (this.config.scopes && this.config.scopes.length > 0
             ? this.config.scopes
             : ['openid', 'profile', 'email']).join(' ');
@@ -46,10 +67,11 @@ class OidcBrowserProvider extends BaseTokenProvider_1.BaseTokenProvider {
         params.append('scope', scope);
         params.append('code_challenge', challenge);
         params.append('code_challenge_method', 'S256');
-        const authorizationUrl = `${discovery.authorization_endpoint}?${params.toString()}`;
-        const browser = this.config.browser || 'auto';
-        const { code } = await (0, oidcBrowserAuth_1.startOidcBrowserAuth)(authorizationUrl, browser, this.logger, redirectPort);
-        const tokens = await (0, oidcToken_1.exchangeAuthorizationCode)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, code, redirectUri, verifier, this.logger);
+        const authorizationUrl = needsAuthorizationEndpoint
+            ? `${authorizationEndpoint}?${params.toString()}`
+            : undefined;
+        const code = await this.resolveAuthorizationCode(authorizationUrl, redirectPort);
+        const tokens = await (0, oidcToken_1.exchangeAuthorizationCode)(tokenEndpoint, this.config.clientId, this.config.clientSecret, code, redirectUri, verifier, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,
@@ -62,8 +84,18 @@ class OidcBrowserProvider extends BaseTokenProvider_1.BaseTokenProvider {
         if (!this.refreshToken) {
             return this.performLogin();
         }
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        const tokens = await (0, oidcToken_1.refreshOidcToken)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
+        let discovery = null;
+        if (this.config.tokenEndpoint === undefined) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
+        }
+        const tokens = await (0, oidcToken_1.refreshOidcToken)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken || this.refreshToken,
@@ -72,5 +104,23 @@ class OidcBrowserProvider extends BaseTokenProvider_1.BaseTokenProvider {
             tokenType: 'jwt',
         };
     }
+    async resolveAuthorizationCode(authorizationUrl, redirectPort) {
+        if (this.config.authorizationCode) {
+            return this.config.authorizationCode;
+        }
+        if (this.config.authorizationCodeProvider) {
+            const code = await this.config.authorizationCodeProvider();
+            if (!code) {
+                throw new Error('Authorization code provider returned empty value');
+            }
+            return code;
+        }
+        if (!authorizationUrl) {
+            throw new Error('OIDC authorization URL is required when using browser flow');
+        }
+        const browser = this.config.browser || 'auto';
+        const { code } = await (0, oidcBrowserAuth_1.startOidcBrowserAuth)(authorizationUrl, browser, this.logger, redirectPort);
+        return code;
+    }
 }
 exports.OidcBrowserProvider = OidcBrowserProvider;

package/dist/providers/OidcDeviceFlowProvider.d.ts

@@ -4,10 +4,12 @@
 import type { ILogger, ITokenResult, OAuth2GrantType } from '@mcp-abap-adt/interfaces';
 import { BaseTokenProvider } from './BaseTokenProvider';
 export interface OidcDeviceFlowProviderConfig {
-    issuerUrl: string;
+    issuerUrl?: string;
     clientId: string;
     clientSecret?: string;
     scopes?: string[];
+    deviceAuthorizationEndpoint?: string;
+    tokenEndpoint?: string;
     accessToken?: string;
     refreshToken?: string;
     logger?: ILogger;

package/dist/providers/OidcDeviceFlowProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcDeviceFlowProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcDeviceFlowProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAQlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,4BAA4B;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,sBAAuB,SAAQ,iBAAiB;IAC3D,OAAO,CAAC,MAAM,CAA+B;gBAEjC,MAAM,EAAE,4BAA4B;IAchD,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cA0CrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAqBxD"}
+{"version":3,"file":"OidcDeviceFlowProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcDeviceFlowProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAQlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,4BAA4B;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,sBAAuB,SAAQ,iBAAiB;IAC3D,OAAO,CAAC,MAAM,CAA+B;gBAEjC,MAAM,EAAE,4BAA4B;IAchD,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAuErC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAqCxD"}

package/dist/providers/OidcDeviceFlowProvider.js

@@ -26,12 +26,30 @@ class OidcDeviceFlowProvider extends BaseTokenProvider_1.BaseTokenProvider {
         return interfaces_1.AUTH_TYPE_AUTHORIZATION_CODE;
     }
     async performLogin() {
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        if (!discovery.device_authorization_endpoint) {
-            throw new Error('OIDC discovery missing device_authorization_endpoint');
+        if (!this.config.deviceAuthorizationEndpoint &&
+            !this.config.tokenEndpoint &&
+            !this.config.issuerUrl) {
+            throw new Error('OIDC issuerUrl is required when discovery is used');
+        }
+        let discovery = null;
+        if (!this.config.deviceAuthorizationEndpoint &&
+            !this.config.tokenEndpoint) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const deviceAuthorizationEndpoint = this.config.deviceAuthorizationEndpoint ||
+            discovery?.device_authorization_endpoint;
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!deviceAuthorizationEndpoint) {
+            throw new Error('OIDC device authorization endpoint is required (deviceAuthorizationEndpoint or discovery)');
+        }
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
         }
         const scope = this.config.scopes?.join(' ');
-        const deviceFlow = await (0, oidcToken_1.initiateDeviceAuthorization)(discovery.device_authorization_endpoint, this.config.clientId, scope, this.logger);
+        const deviceFlow = await (0, oidcToken_1.initiateDeviceAuthorization)(deviceAuthorizationEndpoint, this.config.clientId, scope, this.logger);
         // Manual user guidance
         console.log('');
         console.log('OIDC device authorization');
@@ -41,7 +59,7 @@ class OidcDeviceFlowProvider extends BaseTokenProvider_1.BaseTokenProvider {
         }
         console.log('Enter code:', deviceFlow.userCode);
         console.log('');
-        const tokens = await (0, oidcToken_1.pollDeviceTokens)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, deviceFlow.deviceCode, deviceFlow.interval || 5, this.logger);
+        const tokens = await (0, oidcToken_1.pollDeviceTokens)(tokenEndpoint, this.config.clientId, this.config.clientSecret, deviceFlow.deviceCode, deviceFlow.interval || 5, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,
@@ -54,8 +72,21 @@ class OidcDeviceFlowProvider extends BaseTokenProvider_1.BaseTokenProvider {
         if (!this.refreshToken) {
             return this.performLogin();
         }
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        const tokens = await (0, oidcToken_1.refreshOidcToken)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
+        if (!this.config.tokenEndpoint && !this.config.issuerUrl) {
+            throw new Error('OIDC issuerUrl is required when discovery is used');
+        }
+        let discovery = null;
+        if (this.config.tokenEndpoint === undefined) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
+        }
+        const tokens = await (0, oidcToken_1.refreshOidcToken)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken || this.refreshToken,

package/dist/providers/OidcPasswordProvider.d.ts

@@ -4,12 +4,13 @@
 import type { ILogger, ITokenResult, OAuth2GrantType } from '@mcp-abap-adt/interfaces';
 import { BaseTokenProvider } from './BaseTokenProvider';
 export interface OidcPasswordProviderConfig {
-    issuerUrl: string;
+    issuerUrl?: string;
     clientId: string;
     clientSecret?: string;
     username: string;
     password: string;
     scopes?: string[];
+    tokenEndpoint?: string;
     accessToken?: string;
     refreshToken?: string;
     logger?: ILogger;

package/dist/providers/OidcPasswordProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcPasswordProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcPasswordProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,0BAA0B;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,iBAAiB;IACzD,OAAO,CAAC,MAAM,CAA6B;gBAE/B,MAAM,EAAE,0BAA0B;IAc9C,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAsBrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAsBxD"}
+{"version":3,"file":"OidcPasswordProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcPasswordProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,0BAA0B;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,iBAAiB;IACzD,OAAO,CAAC,MAAM,CAA6B;gBAE/B,MAAM,EAAE,0BAA0B;IAc9C,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAsCrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAsCxD"}

package/dist/providers/OidcPasswordProvider.js

@@ -26,9 +26,22 @@ class OidcPasswordProvider extends BaseTokenProvider_1.BaseTokenProvider {
         return interfaces_1.AUTH_TYPE_PASSWORD;
     }
     async performLogin() {
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        if (!this.config.tokenEndpoint && !this.config.issuerUrl) {
+            throw new Error('OIDC issuerUrl is required when discovery is used');
+        }
+        let discovery = null;
+        if (this.config.tokenEndpoint === undefined) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
+        }
         const scope = this.config.scopes?.join(' ');
-        const tokens = await (0, oidcToken_1.passwordGrant)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, this.config.username, this.config.password, scope, this.logger);
+        const tokens = await (0, oidcToken_1.passwordGrant)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.config.username, this.config.password, scope, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,
@@ -41,8 +54,21 @@ class OidcPasswordProvider extends BaseTokenProvider_1.BaseTokenProvider {
         if (!this.refreshToken) {
             return this.performLogin();
         }
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        const tokens = await (0, oidcToken_1.refreshOidcToken)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
+        if (!this.config.tokenEndpoint && !this.config.issuerUrl) {
+            throw new Error('OIDC issuerUrl is required when discovery is used');
+        }
+        let discovery = null;
+        if (this.config.tokenEndpoint === undefined) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
+        }
+        const tokens = await (0, oidcToken_1.refreshOidcToken)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.refreshToken, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken || this.refreshToken,

package/dist/providers/OidcTokenExchangeProvider.d.ts

@@ -4,7 +4,7 @@
 import type { ILogger, ITokenResult, OAuth2GrantType } from '@mcp-abap-adt/interfaces';
 import { BaseTokenProvider } from './BaseTokenProvider';
 export interface OidcTokenExchangeProviderConfig {
-    issuerUrl: string;
+    issuerUrl?: string;
     clientId: string;
     clientSecret?: string;
     subjectToken: string;
@@ -13,6 +13,7 @@ export interface OidcTokenExchangeProviderConfig {
     audience?: string;
     actorToken?: string;
     actorTokenType?: string;
+    tokenEndpoint?: string;
     accessToken?: string;
     refreshToken?: string;
     logger?: ILogger;

package/dist/providers/OidcTokenExchangeProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcTokenExchangeProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcTokenExchangeProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,+BAA+B;IAC9C,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,yBAA0B,SAAQ,iBAAiB;IAC9D,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,+BAA+B;IAcnD,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAwBrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAGxD"}
+{"version":3,"file":"OidcTokenExchangeProvider.d.ts","sourceRoot":"","sources":["../../src/providers/OidcTokenExchangeProvider.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,OAAO,EACP,YAAY,EACZ,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAIlC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,+BAA+B;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,yBAA0B,SAAQ,iBAAiB;IAC9D,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,+BAA+B;IAcnD,SAAS,CAAC,WAAW,IAAI,eAAe;cAIxB,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;cAwCrC,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC;CAGxD"}

package/dist/providers/OidcTokenExchangeProvider.js

@@ -26,8 +26,21 @@ class OidcTokenExchangeProvider extends BaseTokenProvider_1.BaseTokenProvider {
         return interfaces_1.AUTH_TYPE_USER_TOKEN;
     }
     async performLogin() {
-        const discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
-        const tokens = await (0, oidcToken_1.tokenExchange)(discovery.token_endpoint, this.config.clientId, this.config.clientSecret, this.config.subjectToken, this.config.subjectTokenType, this.config.scope, this.config.audience, this.config.actorToken, this.config.actorTokenType, this.logger);
+        if (!this.config.tokenEndpoint && !this.config.issuerUrl) {
+            throw new Error('OIDC issuerUrl is required when discovery is used');
+        }
+        let discovery = null;
+        if (this.config.tokenEndpoint === undefined) {
+            if (!this.config.issuerUrl) {
+                throw new Error('OIDC issuerUrl is required when discovery is used');
+            }
+            discovery = await (0, oidcDiscovery_1.discoverOidc)(this.config.issuerUrl, this.logger);
+        }
+        const tokenEndpoint = this.config.tokenEndpoint || discovery?.token_endpoint;
+        if (!tokenEndpoint) {
+            throw new Error('OIDC token endpoint is required (tokenEndpoint or discovery)');
+        }
+        const tokens = await (0, oidcToken_1.tokenExchange)(tokenEndpoint, this.config.clientId, this.config.clientSecret, this.config.subjectToken, this.config.subjectTokenType, this.config.scope, this.config.audience, this.config.actorToken, this.config.actorTokenType, this.logger);
         return {
             authorizationToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,

package/dist/providers/index.d.ts

@@ -7,6 +7,8 @@
 export type { AuthorizationCodeProviderConfig } from './AuthorizationCodeProvider';
 export { AuthorizationCodeProvider } from './AuthorizationCodeProvider';
 export { BaseTokenProvider } from './BaseTokenProvider';
+export type { CfPasscodeProviderConfig } from './CfPasscodeProvider';
+export { CfPasscodeProvider } from './CfPasscodeProvider';
 export type { ClientCredentialsProviderConfig } from './ClientCredentialsProvider';
 export { ClientCredentialsProvider } from './ClientCredentialsProvider';
 export type { DeviceFlowProviderConfig } from './DeviceFlowProvider';

package/dist/providers/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,YAAY,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,YAAY,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,YAAY,EAAE,4BAA4B,EAAE,MAAM,0BAA0B,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,YAAY,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,YAAY,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,YAAY,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,YAAY,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,YAAY,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,YAAY,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,YAAY,EAAE,4BAA4B,EAAE,MAAM,0BAA0B,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,YAAY,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,YAAY,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,YAAY,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/providers/index.js

@@ -6,11 +6,13 @@
  * All providers extend BaseTokenProvider and implement ITokenProvider.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Saml2PureProvider = exports.Saml2BearerProvider = exports.OidcTokenExchangeProvider = exports.OidcPasswordProvider = exports.OidcDeviceFlowProvider = exports.OidcBrowserProvider = exports.DeviceFlowProvider = exports.ClientCredentialsProvider = exports.BaseTokenProvider = exports.AuthorizationCodeProvider = void 0;
+exports.Saml2PureProvider = exports.Saml2BearerProvider = exports.OidcTokenExchangeProvider = exports.OidcPasswordProvider = exports.OidcDeviceFlowProvider = exports.OidcBrowserProvider = exports.DeviceFlowProvider = exports.ClientCredentialsProvider = exports.CfPasscodeProvider = exports.BaseTokenProvider = exports.AuthorizationCodeProvider = void 0;
 var AuthorizationCodeProvider_1 = require("./AuthorizationCodeProvider");
 Object.defineProperty(exports, "AuthorizationCodeProvider", { enumerable: true, get: function () { return AuthorizationCodeProvider_1.AuthorizationCodeProvider; } });
 var BaseTokenProvider_1 = require("./BaseTokenProvider");
 Object.defineProperty(exports, "BaseTokenProvider", { enumerable: true, get: function () { return BaseTokenProvider_1.BaseTokenProvider; } });
+var CfPasscodeProvider_1 = require("./CfPasscodeProvider");
+Object.defineProperty(exports, "CfPasscodeProvider", { enumerable: true, get: function () { return CfPasscodeProvider_1.CfPasscodeProvider; } });
 var ClientCredentialsProvider_1 = require("./ClientCredentialsProvider");
 Object.defineProperty(exports, "ClientCredentialsProvider", { enumerable: true, get: function () { return ClientCredentialsProvider_1.ClientCredentialsProvider; } });
 var DeviceFlowProvider_1 = require("./DeviceFlowProvider");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-providers",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Token providers for MCP ABAP ADT auth-broker",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -59,23 +59,23 @@
   },
   "dependencies": {
     "@mcp-abap-adt/interfaces": "^2.3.0",
-    "axios": "^1.11.0",
+    "axios": "^1.13.5",
     "express": "^5.1.0",
     "open": "^11.0.0"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.3.10",
-    "@mcp-abap-adt/auth-stores": "^1.0.0",
+    "@biomejs/biome": "^2.3.14",
+    "@mcp-abap-adt/auth-stores": "^1.0.1",
     "@mcp-abap-adt/logger": "^0.1.4",
     "@types/express": "^5.0.5",
     "@types/jest": "^30.0.0",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^24.2.1",
+    "@types/node": "^25.2.3",
     "@jest/globals": "^30.2.0",
     "jest": "^30.2.0",
     "jest-util": "^30.2.0",
     "js-yaml": "^4.1.1",
-    "pino": "^10.1.0",
+    "pino": "^10.3.1",
     "pino-pretty": "^13.1.3",
     "ts-jest": "^29.2.5",
     "tsx": "^4.19.2",