@mcp-ts/sdk 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -2,7 +2,7 @@ import { Client } from '@modelcontextprotocol/sdk/client/index.js';
2
2
  import { customAlphabet, nanoid } from 'nanoid';
3
3
  import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
4
4
  import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
5
- import { UnauthorizedError as UnauthorizedError$1, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata, refreshAuthorization } from '@modelcontextprotocol/sdk/client/auth.js';
5
+ import { UnauthorizedError as UnauthorizedError$1 } from '@modelcontextprotocol/sdk/client/auth.js';
6
6
  import { ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, GetPromptResultSchema, ListResourcesResultSchema, ReadResourceResultSchema } from '@modelcontextprotocol/sdk/types.js';
7
7
  import * as fs2 from 'fs';
8
8
  import { promises } from 'fs';
@@ -862,7 +862,7 @@ var SupabaseStorageBackend = class {
862
862
  if ("active" in data) updateData.active = data.active;
863
863
  if ("headers" in data) updateData.headers = encryptObject(data.headers);
864
864
  if ("clientInformation" in data) updateData.client_information = data.clientInformation;
865
- if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
865
+ if ("tokens" in data) updateData.tokens = data.tokens === void 0 ? null : encryptObject(data.tokens);
866
866
  if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
867
867
  if ("clientId" in data) updateData.client_id = data.clientId;
868
868
  const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
@@ -1064,7 +1064,7 @@ var NeonStorageBackend = class {
1064
1064
  updatedSession.active ?? false,
1065
1065
  encryptObject(updatedSession.headers),
1066
1066
  updatedSession.clientInformation,
1067
- encryptObject(updatedSession.tokens),
1067
+ updatedSession.tokens === void 0 ? null : encryptObject(updatedSession.tokens),
1068
1068
  updatedSession.codeVerifier,
1069
1069
  updatedSession.clientId,
1070
1070
  expiresAt,
@@ -1713,7 +1713,7 @@ var RpcErrorCodes = {
1713
1713
  };
1714
1714
 
1715
1715
  // src/server/mcp/oauth-client.ts
1716
- var MCPClient = class _MCPClient {
1716
+ var MCPClient = class {
1717
1717
  /**
1718
1718
  * Creates a new MCP client instance
1719
1719
  * Can be initialized with minimal options (userId + sessionId) for session restoration
@@ -2047,8 +2047,6 @@ var MCPClient = class _MCPClient {
2047
2047
  throw new Error(error);
2048
2048
  }
2049
2049
  try {
2050
- this.emitProgress("Validating OAuth tokens...");
2051
- await this.getValidTokens();
2052
2050
  this.emitStateChange("CONNECTING");
2053
2051
  const { transportType } = await this.tryConnect();
2054
2052
  this.transportType = transportType;
@@ -2373,59 +2371,6 @@ var MCPClient = class _MCPClient {
2373
2371
  };
2374
2372
  return await this.client.request(request, ReadResourceResultSchema);
2375
2373
  }
2376
- /**
2377
- * Refreshes the OAuth access token using the refresh token
2378
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
2379
- * @returns True if refresh was successful, false otherwise
2380
- */
2381
- async refreshToken() {
2382
- await this.initialize();
2383
- if (!this.oauthProvider) {
2384
- return false;
2385
- }
2386
- const tokens = await this.oauthProvider.tokens();
2387
- if (!tokens || !tokens.refresh_token) {
2388
- return false;
2389
- }
2390
- const clientInformation = await this.oauthProvider.clientInformation();
2391
- if (!clientInformation) {
2392
- return false;
2393
- }
2394
- try {
2395
- const resourceMetadata = await discoverOAuthProtectedResourceMetadata(this.serverUrl);
2396
- const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
2397
- const authMetadata = await discoverAuthorizationServerMetadata(authServerUrl);
2398
- const newTokens = await refreshAuthorization(authServerUrl, {
2399
- metadata: authMetadata,
2400
- clientInformation,
2401
- refreshToken: tokens.refresh_token
2402
- });
2403
- await this.oauthProvider.saveTokens(newTokens);
2404
- return true;
2405
- } catch (error) {
2406
- console.error("[OAuth] Token refresh failed:", error);
2407
- return false;
2408
- }
2409
- }
2410
- /**
2411
- * Ensures OAuth tokens are valid, refreshing them if expired
2412
- * Called automatically by connect() - rarely needs to be called manually
2413
- * @returns True if valid tokens are available, false otherwise
2414
- */
2415
- async getValidTokens() {
2416
- await this.initialize();
2417
- if (!this.oauthProvider) {
2418
- return false;
2419
- }
2420
- const tokens = await this.oauthProvider.tokens();
2421
- if (!tokens) {
2422
- return false;
2423
- }
2424
- if (this.oauthProvider.isTokenExpired()) {
2425
- return await this.refreshToken();
2426
- }
2427
- return true;
2428
- }
2429
2374
  /**
2430
2375
  * Reconnects to MCP server using existing OAuth provider from Redis
2431
2376
  * Used for session restoration in serverless environments
@@ -2557,10 +2502,14 @@ var MCPClient = class _MCPClient {
2557
2502
  }
2558
2503
  /**
2559
2504
  * Gets MCP server configuration for all active user sessions
2560
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
2561
- * Returns ready-to-use configuration with valid auth headers
2505
+ * Loads sessions from storage and returns server connection metadata.
2506
+ * OAuth refresh is handled by SDK transports through their authProvider.
2507
+ * @deprecated This returns legacy connection metadata only and does not
2508
+ * include OAuth tokens or generated Authorization headers. Prefer
2509
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
2510
+ * own OAuth refresh and reauthorization.
2562
2511
  * @param userId - User ID to fetch sessions for
2563
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
2512
+ * @returns Object keyed by sanitized server labels containing transport and url.
2564
2513
  * @static
2565
2514
  */
2566
2515
  static async getMcpServerConfig(userId) {
@@ -2574,29 +2523,6 @@ var MCPClient = class _MCPClient {
2574
2523
  await sessions.delete(userId, sessionId);
2575
2524
  return;
2576
2525
  }
2577
- let headers;
2578
- try {
2579
- const client = new _MCPClient({
2580
- userId,
2581
- sessionId,
2582
- serverId: sessionData.serverId,
2583
- serverUrl: sessionData.serverUrl,
2584
- callbackUrl: sessionData.callbackUrl,
2585
- serverName: sessionData.serverName,
2586
- transportType: sessionData.transportType,
2587
- headers: sessionData.headers
2588
- });
2589
- await client.initialize();
2590
- const hasValidTokens = await client.getValidTokens();
2591
- if (hasValidTokens && client.oauthProvider) {
2592
- const tokens = await client.oauthProvider.tokens();
2593
- if (tokens?.access_token) {
2594
- headers = { Authorization: `Bearer ${tokens.access_token}` };
2595
- }
2596
- }
2597
- } catch (error) {
2598
- console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
2599
- }
2600
2526
  const label = sanitizeServerLabel(
2601
2527
  sessionData.serverName || sessionData.serverId || "server"
2602
2528
  );
@@ -2606,8 +2532,7 @@ var MCPClient = class _MCPClient {
2606
2532
  ...sessionData.serverName && {
2607
2533
  serverName: sessionData.serverName,
2608
2534
  serverLabel: label
2609
- },
2610
- ...headers && { headers }
2535
+ }
2611
2536
  };
2612
2537
  } catch (error) {
2613
2538
  await sessions.delete(userId, sessionId);