@mcp-consultant-tools/powerplatform-core 26.0.0-beta.2

package/build/auth/index.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Authentication module for PowerPlatform MCP Server
+ *
+ * Supports two authentication modes:
+ * 1. Service Principal (ConfidentialClientApplication) - when client_secret is provided
+ * 2. Interactive User Auth (PublicClientApplication) - when no client_secret is provided
+ */
+/**
+ * Authentication provider interface
+ * All auth implementations must provide a way to get access tokens
+ */
+export interface AuthProvider {
+    /**
+     * Get an access token for the specified resource
+     * @param resource - The resource URL (e.g., https://org.crm.dynamics.com)
+     * @returns Access token string
+     */
+    getAccessToken(resource: string): Promise<string>;
+    /**
+     * Get information about the authenticated user (if available)
+     * Only available for interactive auth
+     */
+    getUserInfo?(): Promise<{
+        name: string;
+        email: string;
+        oid: string;
+    } | null>;
+    /**
+     * Get the authentication mode being used
+     */
+    getAuthMode(): 'service-principal' | 'interactive';
+    /**
+     * Clear cached tokens (logout)
+     * Only applicable for interactive auth
+     */
+    clearCache?(): Promise<void>;
+}
+/**
+ * Configuration for PowerPlatform authentication
+ */
+export interface PowerPlatformAuthConfig {
+    /** PowerPlatform organization URL (e.g., https://org.crm.dynamics.com) */
+    organizationUrl: string;
+    /** Azure AD application (client) ID */
+    clientId: string;
+    /** Azure AD tenant ID */
+    tenantId: string;
+    /** Client secret (optional - if provided, uses service principal auth) */
+    clientSecret?: string;
+}
+/**
+ * Create an appropriate auth provider based on configuration
+ *
+ * If clientSecret is provided → ServicePrincipalAuth (existing behavior)
+ * If no clientSecret → InteractiveAuth (browser-based SSO)
+ *
+ * @param config - PowerPlatform authentication configuration
+ * @returns Auth provider instance
+ */
+export declare function createAuthProvider(config: PowerPlatformAuthConfig): AuthProvider;
+export { ServicePrincipalAuth } from './service-principal-auth.js';
+export { InteractiveAuth } from './interactive-auth.js';
+export { TokenCache } from './token-cache.js';
+//# sourceMappingURL=index.d.ts.map

package/build/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAElD;;;OAGG;IACH,WAAW,CAAC,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAE7E;;OAEG;IACH,WAAW,IAAI,mBAAmB,GAAG,aAAa,CAAC;IAEnD;;;OAGG;IACH,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,0EAA0E;IAC1E,eAAe,EAAE,MAAM,CAAC;IACxB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,uBAAuB,GAAG,YAAY,CAiBhF;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/build/auth/index.js

@@ -0,0 +1,39 @@
+/**
+ * Authentication module for PowerPlatform MCP Server
+ *
+ * Supports two authentication modes:
+ * 1. Service Principal (ConfidentialClientApplication) - when client_secret is provided
+ * 2. Interactive User Auth (PublicClientApplication) - when no client_secret is provided
+ */
+import { ServicePrincipalAuth } from './service-principal-auth.js';
+import { InteractiveAuth } from './interactive-auth.js';
+/**
+ * Create an appropriate auth provider based on configuration
+ *
+ * If clientSecret is provided → ServicePrincipalAuth (existing behavior)
+ * If no clientSecret → InteractiveAuth (browser-based SSO)
+ *
+ * @param config - PowerPlatform authentication configuration
+ * @returns Auth provider instance
+ */
+export function createAuthProvider(config) {
+    if (config.clientSecret) {
+        // Service Principal mode (existing behavior)
+        return new ServicePrincipalAuth({
+            organizationUrl: config.organizationUrl,
+            clientId: config.clientId,
+            clientSecret: config.clientSecret,
+            tenantId: config.tenantId,
+        });
+    }
+    // Interactive User Auth mode (new behavior)
+    return new InteractiveAuth({
+        organizationUrl: config.organizationUrl,
+        clientId: config.clientId,
+        tenantId: config.tenantId,
+    });
+}
+export { ServicePrincipalAuth } from './service-principal-auth.js';
+export { InteractiveAuth } from './interactive-auth.js';
+export { TokenCache } from './token-cache.js';
+//# sourceMappingURL=index.js.map

package/build/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA8CxD;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA+B;IAChE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,6CAA6C;QAC7C,OAAO,IAAI,oBAAoB,CAAC;YAC9B,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,OAAO,IAAI,eAAe,CAAC;QACzB,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/build/auth/interactive-auth.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Interactive Authentication Provider
+ *
+ * Uses PublicClientApplication (authorization code flow with PKCE)
+ * for browser-based SSO authentication.
+ *
+ * Flow:
+ * 1. Try silent auth using cached tokens
+ * 2. If no cached token or token expired, open browser for login
+ * 3. User authenticates via Microsoft Entra ID (SSO if already signed in)
+ * 4. Receive authorization code via localhost redirect
+ * 5. Exchange code for tokens
+ * 6. Cache tokens for future use
+ */
+import type { AuthProvider } from './index.js';
+export interface InteractiveAuthConfig {
+    organizationUrl: string;
+    clientId: string;
+    tenantId: string;
+}
+export declare class InteractiveAuth implements AuthProvider {
+    private config;
+    private pca;
+    private tokenCache;
+    private cachedAccount;
+    constructor(config: InteractiveAuthConfig);
+    getAuthMode(): 'service-principal' | 'interactive';
+    getAccessToken(resource: string): Promise<string>;
+    getUserInfo(): Promise<{
+        name: string;
+        email: string;
+        oid: string;
+    } | null>;
+    clearCache(): Promise<void>;
+    /**
+     * Acquire token via browser-based interactive flow
+     */
+    private acquireTokenInteractive;
+    /**
+     * Find an available port for the callback server
+     */
+    private findFreePort;
+    /**
+     * HTML page shown after successful authentication
+     */
+    private getSuccessHtml;
+    /**
+     * HTML page shown when authentication fails
+     */
+    private getErrorHtml;
+    /**
+     * HTML page shown while waiting for callback
+     */
+    private getWaitingHtml;
+    /**
+     * Escape HTML to prevent XSS
+     */
+    private escapeHtml;
+}
+//# sourceMappingURL=interactive-auth.d.ts.map

package/build/auth/interactive-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive-auth.d.ts","sourceRoot":"","sources":["../../src/auth/interactive-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAUH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,MAAM,WAAW,qBAAqB;IACpC,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,aAAa,CAA4B;gBAErC,MAAM,EAAE,qBAAqB;IAezC,WAAW,IAAI,mBAAmB,GAAG,aAAa;IAI5C,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAyBjD,WAAW,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAiB3E,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;YACW,uBAAuB;IA2GrC;;OAEG;YACW,YAAY;IAgB1B;;OAEG;IACH,OAAO,CAAC,cAAc;IAiFtB;;OAEG;IACH,OAAO,CAAC,YAAY;IA0EpB;;OAEG;IACH,OAAO,CAAC,cAAc;IAyDtB;;OAEG;IACH,OAAO,CAAC,UAAU;CAUnB"}

package/build/auth/interactive-auth.js

@@ -0,0 +1,429 @@
+/**
+ * Interactive Authentication Provider
+ *
+ * Uses PublicClientApplication (authorization code flow with PKCE)
+ * for browser-based SSO authentication.
+ *
+ * Flow:
+ * 1. Try silent auth using cached tokens
+ * 2. If no cached token or token expired, open browser for login
+ * 3. User authenticates via Microsoft Entra ID (SSO if already signed in)
+ * 4. Receive authorization code via localhost redirect
+ * 5. Exchange code for tokens
+ * 6. Cache tokens for future use
+ */
+import { PublicClientApplication, InteractionRequiredAuthError, } from '@azure/msal-node';
+import http from 'node:http';
+import open from 'open';
+import { TokenCache } from './token-cache.js';
+export class InteractiveAuth {
+    config;
+    pca;
+    tokenCache;
+    cachedAccount = null;
+    constructor(config) {
+        this.config = config;
+        this.tokenCache = new TokenCache(config.clientId);
+        this.pca = new PublicClientApplication({
+            auth: {
+                clientId: config.clientId,
+                authority: `https://login.microsoftonline.com/${config.tenantId}`,
+            },
+            cache: {
+                cachePlugin: this.tokenCache.createPlugin(),
+            },
+        });
+    }
+    getAuthMode() {
+        return 'interactive';
+    }
+    async getAccessToken(resource) {
+        // Try silent auth first (uses cached tokens)
+        const accounts = await this.pca.getTokenCache().getAllAccounts();
+        if (accounts.length > 0) {
+            try {
+                const result = await this.pca.acquireTokenSilent({
+                    account: accounts[0],
+                    scopes: [`${resource}/.default`],
+                });
+                this.cachedAccount = accounts[0];
+                return result.accessToken;
+            }
+            catch (error) {
+                if (!(error instanceof InteractionRequiredAuthError)) {
+                    throw error;
+                }
+                // Token expired or revoked, need interactive auth
+                console.error('Cached token expired, re-authenticating...');
+            }
+        }
+        // Interactive auth required
+        return this.acquireTokenInteractive(resource);
+    }
+    async getUserInfo() {
+        if (!this.cachedAccount) {
+            const accounts = await this.pca.getTokenCache().getAllAccounts();
+            this.cachedAccount = accounts[0] || null;
+        }
+        if (!this.cachedAccount) {
+            return null;
+        }
+        return {
+            name: this.cachedAccount.name || 'Unknown',
+            email: this.cachedAccount.username || 'Unknown',
+            oid: this.cachedAccount.localAccountId || '',
+        };
+    }
+    async clearCache() {
+        this.tokenCache.clear();
+        this.cachedAccount = null;
+    }
+    /**
+     * Acquire token via browser-based interactive flow
+     */
+    async acquireTokenInteractive(resource) {
+        const port = await this.findFreePort();
+        const redirectUri = `http://localhost:${port}`;
+        return new Promise((resolve, reject) => {
+            let serverClosed = false;
+            const server = http.createServer(async (req, res) => {
+                if (serverClosed)
+                    return;
+                try {
+                    const url = new URL(req.url, `http://localhost:${port}`);
+                    if (url.pathname === '/') {
+                        const code = url.searchParams.get('code');
+                        const error = url.searchParams.get('error');
+                        const errorDescription = url.searchParams.get('error_description');
+                        if (error) {
+                            res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                            res.end(this.getErrorHtml(error, errorDescription || 'Unknown error'));
+                            serverClosed = true;
+                            server.close();
+                            reject(new Error(`Authentication failed: ${error} - ${errorDescription}`));
+                            return;
+                        }
+                        if (code) {
+                            try {
+                                const result = await this.pca.acquireTokenByCode({
+                                    code,
+                                    scopes: [`${resource}/.default`, 'offline_access'],
+                                    redirectUri,
+                                });
+                                this.cachedAccount = result.account;
+                                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                                res.end(this.getSuccessHtml(result));
+                                serverClosed = true;
+                                server.close();
+                                resolve(result.accessToken);
+                            }
+                            catch (err) {
+                                res.writeHead(500, { 'Content-Type': 'text/html; charset=utf-8' });
+                                res.end(this.getErrorHtml('token_exchange_failed', err.message));
+                                serverClosed = true;
+                                server.close();
+                                reject(err);
+                            }
+                            return;
+                        }
+                        // No code or error, show waiting page
+                        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                        res.end(this.getWaitingHtml());
+                    }
+                }
+                catch (err) {
+                    console.error('Error handling callback:', err);
+                    if (!serverClosed) {
+                        serverClosed = true;
+                        server.close();
+                        reject(err);
+                    }
+                }
+            });
+            server.on('error', (err) => {
+                reject(new Error(`Failed to start callback server: ${err.message}`));
+            });
+            server.listen(port, async () => {
+                try {
+                    const authUrl = await this.pca.getAuthCodeUrl({
+                        scopes: [`${resource}/.default`, 'offline_access', 'openid'],
+                        redirectUri,
+                    });
+                    console.error('');
+                    console.error('Authentication required');
+                    console.error('   Opening browser for sign-in...');
+                    console.error(`   If browser doesn't open, visit: ${authUrl.substring(0, 80)}...`);
+                    console.error('');
+                    await open(authUrl);
+                }
+                catch (err) {
+                    serverClosed = true;
+                    server.close();
+                    reject(err);
+                }
+            });
+            // Timeout after 5 minutes
+            const timeout = setTimeout(() => {
+                if (!serverClosed) {
+                    serverClosed = true;
+                    server.close();
+                    reject(new Error('Authentication timed out after 5 minutes'));
+                }
+            }, 5 * 60 * 1000);
+            server.on('close', () => {
+                clearTimeout(timeout);
+            });
+        });
+    }
+    /**
+     * Find an available port for the callback server
+     */
+    async findFreePort() {
+        return new Promise((resolve, reject) => {
+            const server = http.createServer();
+            server.on('error', reject);
+            server.listen(0, () => {
+                const address = server.address();
+                if (address && typeof address === 'object') {
+                    const port = address.port;
+                    server.close(() => resolve(port));
+                }
+                else {
+                    reject(new Error('Failed to get port'));
+                }
+            });
+        });
+    }
+    /**
+     * HTML page shown after successful authentication
+     */
+    getSuccessHtml(result) {
+        const userName = result.account?.name || 'User';
+        return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Authentication Successful</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    }
+    .container {
+      background: white;
+      padding: 3rem;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
+      text-align: center;
+      max-width: 400px;
+    }
+    .checkmark {
+      width: 80px;
+      height: 80px;
+      border-radius: 50%;
+      background: #10b981;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      margin: 0 auto 1.5rem;
+    }
+    .checkmark svg {
+      width: 40px;
+      height: 40px;
+      fill: white;
+    }
+    h1 {
+      color: #1f2937;
+      margin: 0 0 0.5rem;
+      font-size: 1.5rem;
+    }
+    p {
+      color: #6b7280;
+      margin: 0.5rem 0;
+    }
+    .user {
+      color: #374151;
+      font-weight: 600;
+    }
+    .close-note {
+      margin-top: 1.5rem;
+      padding: 1rem;
+      background: #f3f4f6;
+      border-radius: 8px;
+      font-size: 0.875rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="checkmark">
+      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+        <path d="M9 16.17L4.83 12l-1.42 1.41L9 19 21 7l-1.41-1.41z"/>
+      </svg>
+    </div>
+    <h1>Authentication Successful</h1>
+    <p>Welcome, <span class="user">${this.escapeHtml(userName)}</span>!</p>
+    <p>You are now connected to PowerPlatform.</p>
+    <div class="close-note">
+      You can close this window and return to your application.
+    </div>
+  </div>
+  <script>setTimeout(() => window.close(), 3000);</script>
+</body>
+</html>`;
+    }
+    /**
+     * HTML page shown when authentication fails
+     */
+    getErrorHtml(error, description) {
+        return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Authentication Failed</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #ef4444 0%, #dc2626 100%);
+    }
+    .container {
+      background: white;
+      padding: 3rem;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
+      text-align: center;
+      max-width: 500px;
+    }
+    .error-icon {
+      width: 80px;
+      height: 80px;
+      border-radius: 50%;
+      background: #ef4444;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      margin: 0 auto 1.5rem;
+    }
+    .error-icon svg {
+      width: 40px;
+      height: 40px;
+      fill: white;
+    }
+    h1 {
+      color: #1f2937;
+      margin: 0 0 1rem;
+      font-size: 1.5rem;
+    }
+    .error-code {
+      background: #fef2f2;
+      color: #991b1b;
+      padding: 0.5rem 1rem;
+      border-radius: 8px;
+      font-family: monospace;
+      margin-bottom: 1rem;
+    }
+    p {
+      color: #6b7280;
+      margin: 0.5rem 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="error-icon">
+      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+        <path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/>
+      </svg>
+    </div>
+    <h1>Authentication Failed</h1>
+    <div class="error-code">${this.escapeHtml(error)}</div>
+    <p>${this.escapeHtml(description)}</p>
+    <p style="margin-top: 1.5rem;">Please close this window and try again.</p>
+  </div>
+</body>
+</html>`;
+    }
+    /**
+     * HTML page shown while waiting for callback
+     */
+    getWaitingHtml() {
+        return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Authenticating...</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    }
+    .container {
+      background: white;
+      padding: 3rem;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
+      text-align: center;
+    }
+    .spinner {
+      width: 60px;
+      height: 60px;
+      border: 4px solid #e5e7eb;
+      border-top: 4px solid #667eea;
+      border-radius: 50%;
+      animation: spin 1s linear infinite;
+      margin: 0 auto 1.5rem;
+    }
+    @keyframes spin {
+      0% { transform: rotate(0deg); }
+      100% { transform: rotate(360deg); }
+    }
+    h1 {
+      color: #1f2937;
+      margin: 0 0 0.5rem;
+      font-size: 1.5rem;
+    }
+    p {
+      color: #6b7280;
+      margin: 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="spinner"></div>
+    <h1>Authenticating...</h1>
+    <p>Please complete sign-in in the browser window.</p>
+  </div>
+</body>
+</html>`;
+    }
+    /**
+     * Escape HTML to prevent XSS
+     */
+    escapeHtml(text) {
+        const map = {
+            '&': '&amp;',
+            '<': '&lt;',
+            '>': '&gt;',
+            '"': '&quot;',
+            "'": '&#039;',
+        };
+        return text.replace(/[&<>"']/g, (m) => map[m]);
+    }
+}
+//# sourceMappingURL=interactive-auth.js.map

package/build/auth/interactive-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive-auth.js","sourceRoot":"","sources":["../../src/auth/interactive-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,uBAAuB,EACvB,4BAA4B,GAG7B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAQ9C,MAAM,OAAO,eAAe;IAClB,MAAM,CAAwB;IAC9B,GAAG,CAA0B;IAC7B,UAAU,CAAa;IACvB,aAAa,GAAuB,IAAI,CAAC;IAEjD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,CAAC,GAAG,GAAG,IAAI,uBAAuB,CAAC;YACrC,IAAI,EAAE;gBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,SAAS,EAAE,qCAAqC,MAAM,CAAC,QAAQ,EAAE;aAClE;YACD,KAAK,EAAE;gBACL,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;aAC5C;SACF,CAAC,CAAC;IACL,CAAC;IAED,WAAW;QACT,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;QAEjE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;oBAC/C,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACpB,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,CAAC;iBACjC,CAAC,CAAC;gBACH,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBACjC,OAAO,MAAM,CAAC,WAAW,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,CAAC,KAAK,YAAY,4BAA4B,CAAC,EAAE,CAAC;oBACrD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,kDAAkD;gBAClD,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;YACjE,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,IAAI,SAAS;YAC/C,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,EAAE;SAC7C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,QAAgB;QACpD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,oBAAoB,IAAI,EAAE,CAAC;QAE/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,YAAY,GAAG,KAAK,CAAC;YAEzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,IAAI,YAAY;oBAAE,OAAO;gBAEzB,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;oBAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;wBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;wBAEnE,IAAI,KAAK,EAAE,CAAC;4BACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;4BACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,gBAAgB,IAAI,eAAe,CAAC,CAAC,CAAC;4BACvE,YAAY,GAAG,IAAI,CAAC;4BACpB,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,KAAK,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC;4BAC3E,OAAO;wBACT,CAAC;wBAED,IAAI,IAAI,EAAE,CAAC;4BACT,IAAI,CAAC;gCACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;oCAC/C,IAAI;oCACJ,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,EAAE,gBAAgB,CAAC;oCAClD,WAAW;iCACZ,CAAC,CAAC;gCAEH,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;gCAEpC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;gCACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;gCAErC,YAAY,GAAG,IAAI,CAAC;gCACpB,MAAM,CAAC,KAAK,EAAE,CAAC;gCACf,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;4BAC9B,CAAC;4BAAC,OAAO,GAAG,EAAE,CAAC;gCACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;gCACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC,CAAC;gCAC5E,YAAY,GAAG,IAAI,CAAC;gCACpB,MAAM,CAAC,KAAK,EAAE,CAAC;gCACf,MAAM,CAAC,GAAG,CAAC,CAAC;4BACd,CAAC;4BACD,OAAO;wBACT,CAAC;wBAED,sCAAsC;wBACtC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;oBAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,YAAY,GAAG,IAAI,CAAC;wBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;wBAC5C,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC;wBAC5D,WAAW;qBACZ,CAAC,CAAC;oBAEH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAClB,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;oBACzC,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;oBACnD,OAAO,CAAC,KAAK,CAAC,sCAAsC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;oBACnF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAElB,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;gBACtB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAElB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE;gBACpB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;oBAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,MAA4B;QACjD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,MAAM,CAAC;QAChD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAoE0B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;;;;;;;;QAQtD,CAAC;IACP,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAa,EAAE,WAAmB;QACrD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAiEmB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;SAC3C,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;;;;QAI7B,CAAC;IACP,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAqDH,CAAC;IACP,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,IAAY;QAC7B,MAAM,GAAG,GAA2B;YAClC,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,QAAQ;SACd,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;CACF"}

package/build/auth/service-principal-auth.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Service Principal Authentication Provider
+ *
+ * Uses ConfidentialClientApplication (client credentials flow)
+ * for app-to-app authentication with client_id + client_secret.
+ *
+ * This is the existing authentication mechanism, refactored into the auth module.
+ */
+import type { AuthProvider } from './index.js';
+export interface ServicePrincipalConfig {
+    organizationUrl: string;
+    clientId: string;
+    clientSecret: string;
+    tenantId: string;
+}
+export declare class ServicePrincipalAuth implements AuthProvider {
+    private config;
+    private msalClient;
+    private accessToken;
+    private tokenExpirationTime;
+    constructor(config: ServicePrincipalConfig);
+    getAuthMode(): 'service-principal' | 'interactive';
+    getAccessToken(resource: string): Promise<string>;
+    getUserInfo(): Promise<null>;
+}
+//# sourceMappingURL=service-principal-auth.d.ts.map

package/build/auth/service-principal-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-principal-auth.d.ts","sourceRoot":"","sources":["../../src/auth/service-principal-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,WAAW,sBAAsB;IACrC,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,mBAAmB,CAAa;gBAE5B,MAAM,EAAE,sBAAsB;IAY1C,WAAW,IAAI,mBAAmB,GAAG,aAAa;IAI5C,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiCjD,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAInC"}