@mcp-abap-adt/connection 0.2.3 → 0.2.5

package/README.md

@@ -178,6 +178,38 @@ const response = await connection.makeAdtRequest({
 });
 ```
 
+### Cloud Usage with Automatic Token Refresh
+
+For automatic token refresh on 401/403 errors, inject `ITokenRefresher`:
+
+```typescript
+import { JwtAbapConnection, SapConfig } from "@mcp-abap-adt/connection";
+import type { ITokenRefresher } from "@mcp-abap-adt/interfaces";
+
+// Token refresher provides token acquisition and refresh
+// (created by @mcp-abap-adt/auth-broker or custom implementation)
+const tokenRefresher: ITokenRefresher = {
+  getToken: async () => { /* return current token */ },
+  refreshToken: async () => { /* refresh and return new token */ },
+};
+
+// JWT configuration
+const config: SapConfig = {
+  url: "https://your-instance.abap.cloud.sap",
+  authType: "jwt",
+  jwtToken: await tokenRefresher.getToken(), // Get initial token
+};
+
+// Create connection with token refresher - 401/403 handled automatically
+const connection = new JwtAbapConnection(config, logger, undefined, tokenRefresher);
+
+// Requests automatically retry with refreshed token on auth errors
+const response = await connection.makeAdtRequest({
+  method: "GET",
+  url: "/sap/bc/adt/programs/programs/your-program",
+});
+```
+
 ### Stateful Sessions
 
 For operations that require session state (e.g., object modifications), you can enable stateful sessions:

package/dist/connection/JwtAbapConnection.d.ts

@@ -3,26 +3,34 @@ import { AbstractAbapConnection } from "./AbstractAbapConnection.js";
 import { AbapRequestOptions } from "./AbapConnection.js";
 import { ILogger } from "../logger.js";
 import { AxiosResponse } from "axios";
+import type { ITokenRefresher } from "@mcp-abap-adt/interfaces";
 /**
  * JWT Authentication connection for SAP BTP Cloud systems
- * Note: Token refresh functionality is not supported in this package.
- * Use @mcp-abap-adt/auth-broker for token refresh functionality.
+ *
+ * Supports automatic token refresh via ITokenRefresher injection:
+ * - If tokenRefresher is provided, 401/403 errors trigger automatic token refresh
+ * - If tokenRefresher is not provided, 401/403 errors throw an error (legacy behavior)
  */
 export declare class JwtAbapConnection extends AbstractAbapConnection {
-    constructor(config: SapConfig, logger?: ILogger | null, sessionId?: string);
+    private tokenRefresher?;
+    private currentToken;
+    constructor(config: SapConfig, logger?: ILogger | null, sessionId?: string, tokenRefresher?: ITokenRefresher);
     protected buildAuthorizationHeader(): string;
+    /**
+     * Refresh the JWT token using the injected tokenRefresher
+     * @returns true if token was refreshed, false if no refresher available
+     */
+    private tryRefreshToken;
     /**
      * Override connect to handle JWT token refresh on errors
      */
     connect(): Promise<void>;
     /**
-     * Override makeAdtRequest to handle JWT auth errors
-     * Note: Token refresh is not supported in connection package - use auth-broker instead
+     * Override makeAdtRequest to handle JWT auth errors with automatic token refresh
      */
     makeAdtRequest(options: AbapRequestOptions): Promise<AxiosResponse>;
     /**
-     * Override fetchCsrfToken to handle JWT auth errors
-     * Note: Token refresh is not supported in connection package - use auth-broker instead
+     * Override fetchCsrfToken to handle JWT auth errors with automatic token refresh
      */
     protected fetchCsrfToken(url: string, retryCount?: number, retryDelay?: number): Promise<string>;
     private static validateConfig;

package/dist/connection/JwtAbapConnection.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JwtAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/JwtAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAc,aAAa,EAAE,MAAM,OAAO,CAAC;AAElD;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;gBAGzD,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,EACvB,SAAS,CAAC,EAAE,MAAM;IAMpB,SAAS,CAAC,wBAAwB,IAAI,MAAM;IAW5C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA2C9B;;;OAGG;IACG,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAkCzE;;;OAGG;cACa,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,SAAI,EAAE,UAAU,SAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IA8B/F,OAAO,CAAC,MAAM,CAAC,cAAc;CAS9B"}
+{"version":3,"file":"JwtAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/JwtAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAc,aAAa,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE;;;;;;GAMG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;IAC3D,OAAO,CAAC,cAAc,CAAC,CAAkB;IACzC,OAAO,CAAC,YAAY,CAAS;gBAG3B,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,EACvB,SAAS,CAAC,EAAE,MAAM,EAClB,cAAc,CAAC,EAAE,eAAe;IAQlC,SAAS,CAAC,wBAAwB,IAAI,MAAM;IAO5C;;;OAGG;YACW,eAAe;IAmB7B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAgD9B;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAwCzE;;OAEG;cACa,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,SAAI,EAAE,UAAU,SAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAmC/F,OAAO,CAAC,MAAM,CAAC,cAAc;CAS9B"}

package/dist/connection/JwtAbapConnection.js

@@ -5,21 +5,46 @@ const AbstractAbapConnection_js_1 = require("./AbstractAbapConnection.js");
 const axios_1 = require("axios");
 /**
  * JWT Authentication connection for SAP BTP Cloud systems
- * Note: Token refresh functionality is not supported in this package.
- * Use @mcp-abap-adt/auth-broker for token refresh functionality.
+ *
+ * Supports automatic token refresh via ITokenRefresher injection:
+ * - If tokenRefresher is provided, 401/403 errors trigger automatic token refresh
+ * - If tokenRefresher is not provided, 401/403 errors throw an error (legacy behavior)
  */
 class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnection {
-    constructor(config, logger, sessionId) {
+    tokenRefresher;
+    currentToken;
+    constructor(config, logger, sessionId, tokenRefresher) {
         JwtAbapConnection.validateConfig(config);
         super(config, logger || null, sessionId);
+        this.tokenRefresher = tokenRefresher;
+        this.currentToken = config.jwtToken;
     }
     buildAuthorizationHeader() {
-        const config = this.getConfig();
-        const { jwtToken } = config;
-        // Log token preview for debugging (first 10 and last 4 chars)
-        const tokenPreview = jwtToken ? `${jwtToken.substring(0, 10)}...${jwtToken.substring(Math.max(0, jwtToken.length - 4))}` : 'null';
+        // Use currentToken which may have been refreshed
+        const tokenPreview = this.currentToken ? `${this.currentToken.substring(0, 10)}...${this.currentToken.substring(Math.max(0, this.currentToken.length - 4))}` : 'null';
         this.logger?.debug(`[DEBUG] JwtAbapConnection.buildAuthorizationHeader - Using token: ${tokenPreview}`);
-        return `Bearer ${jwtToken}`;
+        return `Bearer ${this.currentToken}`;
+    }
+    /**
+     * Refresh the JWT token using the injected tokenRefresher
+     * @returns true if token was refreshed, false if no refresher available
+     */
+    async tryRefreshToken() {
+        if (!this.tokenRefresher) {
+            this.logger?.debug(`[DEBUG] JwtAbapConnection - No tokenRefresher available, cannot refresh token`);
+            return false;
+        }
+        try {
+            this.logger?.debug(`[DEBUG] JwtAbapConnection - Refreshing token via tokenRefresher...`);
+            const newToken = await this.tokenRefresher.refreshToken();
+            this.currentToken = newToken;
+            this.logger?.debug(`[DEBUG] JwtAbapConnection - Token refreshed successfully`);
+            return true;
+        }
+        catch (error) {
+            this.logger?.error(`[ERROR] JwtAbapConnection - Failed to refresh token: ${error instanceof Error ? error.message : String(error)}`);
+            return false;
+        }
     }
     /**
      * Override connect to handle JWT token refresh on errors
@@ -51,8 +76,12 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     responseText.includes("Missing authorization")) {
                     throw error;
                 }
-                // Token refresh is not supported in connection package
-                // Use auth-broker for token refresh functionality
+                // Try to refresh token if tokenRefresher is available
+                if (await this.tryRefreshToken()) {
+                    // Retry connect with new token
+                    this.logger?.debug(`[DEBUG] JwtAbapConnection - Retrying connect after token refresh...`);
+                    return this.connect();
+                }
                 throw new Error("JWT token has expired. Please re-authenticate.");
             }
             // Re-throw other errors
@@ -60,8 +89,7 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
         }
     }
     /**
-     * Override makeAdtRequest to handle JWT auth errors
-     * Note: Token refresh is not supported in connection package - use auth-broker instead
+     * Override makeAdtRequest to handle JWT auth errors with automatic token refresh
      */
     async makeAdtRequest(options) {
         this.logger?.debug(`[DEBUG] JwtAbapConnection.makeAdtRequest - Starting request: ${options.method} ${options.url}`);
@@ -75,7 +103,7 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
             // Handle JWT auth errors (401/403)
             if (error instanceof axios_1.AxiosError &&
                 (error.response?.status === 401 || error.response?.status === 403)) {
-                this.logger?.debug(`[DEBUG] JwtAbapConnection.makeAdtRequest - Got ${error.response.status}, checking if refresh is possible...`);
+                this.logger?.debug(`[DEBUG] JwtAbapConnection.makeAdtRequest - Got ${error.response.status}, attempting token refresh...`);
                 // Check if this is really an auth error, not a permissions error
                 const responseData = error.response?.data;
                 const responseText = typeof responseData === "string" ? responseData : JSON.stringify(responseData || "");
@@ -85,16 +113,20 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     responseText.includes("Missing authorization")) {
                     throw error;
                 }
-                // Token refresh is not supported in connection package
-                // Use auth-broker for token refresh functionality
+                // Try to refresh token if tokenRefresher is available
+                if (await this.tryRefreshToken()) {
+                    // Reset connection state and retry request with new token
+                    this.logger?.debug(`[DEBUG] JwtAbapConnection.makeAdtRequest - Retrying request after token refresh...`);
+                    this.reset();
+                    return super.makeAdtRequest(options);
+                }
                 throw new Error("JWT token has expired. Please re-authenticate.");
             }
             throw error;
         }
     }
     /**
-     * Override fetchCsrfToken to handle JWT auth errors
-     * Note: Token refresh is not supported in connection package - use auth-broker instead
+     * Override fetchCsrfToken to handle JWT auth errors with automatic token refresh
      */
     async fetchCsrfToken(url, retryCount = 3, retryDelay = 1000) {
         try {
@@ -114,8 +146,12 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     responseText.includes("Missing authorization")) {
                     throw error;
                 }
-                // Token refresh is not supported in connection package
-                // Use auth-broker for token refresh functionality
+                // Try to refresh token if tokenRefresher is available
+                if (await this.tryRefreshToken()) {
+                    // Retry CSRF token fetch with new token
+                    this.logger?.debug(`[DEBUG] JwtAbapConnection.fetchCsrfToken - Retrying after token refresh...`);
+                    return super.fetchCsrfToken(url, retryCount, retryDelay);
+                }
                 throw new Error("JWT token has expired. Please re-authenticate.");
             }
             // Re-throw other errors

package/dist/connection/connectionFactory.d.ts

@@ -1,5 +1,6 @@
 import { SapConfig } from "../config/sapConfig.js";
 import { AbapConnection } from "./AbapConnection.js";
 import { ILogger } from "../logger.js";
-export declare function createAbapConnection(config: SapConfig, logger?: ILogger | null, sessionId?: string): AbapConnection;
+import type { ITokenRefresher } from "@mcp-abap-adt/interfaces";
+export declare function createAbapConnection(config: SapConfig, logger?: ILogger | null, sessionId?: string, tokenRefresher?: ITokenRefresher): AbapConnection;
 //# sourceMappingURL=connectionFactory.d.ts.map

package/dist/connection/connectionFactory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"connectionFactory.d.ts","sourceRoot":"","sources":["../../src/connection/connectionFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAGrD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,EACvB,SAAS,CAAC,EAAE,MAAM,GACjB,cAAc,CAShB"}
+{"version":3,"file":"connectionFactory.d.ts","sourceRoot":"","sources":["../../src/connection/connectionFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAGrD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,OAAO,GAAG,IAAI,EACvB,SAAS,CAAC,EAAE,MAAM,EAClB,cAAc,CAAC,EAAE,eAAe,GAC/B,cAAc,CAShB"}

package/dist/connection/connectionFactory.js

@@ -3,12 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createAbapConnection = createAbapConnection;
 const JwtAbapConnection_js_1 = require("./JwtAbapConnection.js");
 const BaseAbapConnection_js_1 = require("./BaseAbapConnection.js");
-function createAbapConnection(config, logger, sessionId) {
+function createAbapConnection(config, logger, sessionId, tokenRefresher) {
     switch (config.authType) {
         case "basic":
             return new BaseAbapConnection_js_1.BaseAbapConnection(config, logger, sessionId);
         case "jwt":
-            return new JwtAbapConnection_js_1.JwtAbapConnection(config, logger, sessionId);
+            return new JwtAbapConnection_js_1.JwtAbapConnection(config, logger, sessionId, tokenRefresher);
         default:
             throw new Error(`Unsupported SAP authentication type: ${config.authType}`);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/connection",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "ABAP connection layer for MCP ABAP ADT server",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -42,7 +42,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/interfaces": "^0.2.0",
+    "@mcp-abap-adt/interfaces": "^0.2.5",
     "axios": "^1.11.0",
     "commander": "^14.0.2",
     "express": "^5.1.0",