@mcp-ts/sdk 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -265,18 +265,6 @@ declare class MCPClient {
265
265
  * @throws {Error} When client is not connected
266
266
  */
267
267
  readResource(uri: string): Promise<ReadResourceResult>;
268
- /**
269
- * Refreshes the OAuth access token using the refresh token
270
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
271
- * @returns True if refresh was successful, false otherwise
272
- */
273
- refreshToken(): Promise<boolean>;
274
- /**
275
- * Ensures OAuth tokens are valid, refreshing them if expired
276
- * Called automatically by connect() - rarely needs to be called manually
277
- * @returns True if valid tokens are available, false otherwise
278
- */
279
- getValidTokens(): Promise<boolean>;
280
268
  /**
281
269
  * Reconnects to MCP server using existing OAuth provider from Redis
282
270
  * Used for session restoration in serverless environments
@@ -336,10 +324,14 @@ declare class MCPClient {
336
324
  getSessionId(): string;
337
325
  /**
338
326
  * Gets MCP server configuration for all active user sessions
339
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
340
- * Returns ready-to-use configuration with valid auth headers
327
+ * Loads sessions from storage and returns server connection metadata.
328
+ * OAuth refresh is handled by SDK transports through their authProvider.
329
+ * @deprecated This returns legacy connection metadata only and does not
330
+ * include OAuth tokens or generated Authorization headers. Prefer
331
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
332
+ * own OAuth refresh and reauthorization.
341
333
  * @param userId - User ID to fetch sessions for
342
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
334
+ * @returns Object keyed by sanitized server labels containing transport and url.
343
335
  * @static
344
336
  */
345
337
  static getMcpServerConfig(userId: string): Promise<Record<string, any>>;
@@ -265,18 +265,6 @@ declare class MCPClient {
265
265
  * @throws {Error} When client is not connected
266
266
  */
267
267
  readResource(uri: string): Promise<ReadResourceResult>;
268
- /**
269
- * Refreshes the OAuth access token using the refresh token
270
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
271
- * @returns True if refresh was successful, false otherwise
272
- */
273
- refreshToken(): Promise<boolean>;
274
- /**
275
- * Ensures OAuth tokens are valid, refreshing them if expired
276
- * Called automatically by connect() - rarely needs to be called manually
277
- * @returns True if valid tokens are available, false otherwise
278
- */
279
- getValidTokens(): Promise<boolean>;
280
268
  /**
281
269
  * Reconnects to MCP server using existing OAuth provider from Redis
282
270
  * Used for session restoration in serverless environments
@@ -336,10 +324,14 @@ declare class MCPClient {
336
324
  getSessionId(): string;
337
325
  /**
338
326
  * Gets MCP server configuration for all active user sessions
339
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
340
- * Returns ready-to-use configuration with valid auth headers
327
+ * Loads sessions from storage and returns server connection metadata.
328
+ * OAuth refresh is handled by SDK transports through their authProvider.
329
+ * @deprecated This returns legacy connection metadata only and does not
330
+ * include OAuth tokens or generated Authorization headers. Prefer
331
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
332
+ * own OAuth refresh and reauthorization.
341
333
  * @param userId - User ID to fetch sessions for
342
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
334
+ * @returns Object keyed by sanitized server labels containing transport and url.
343
335
  * @static
344
336
  */
345
337
  static getMcpServerConfig(userId: string): Promise<Record<string, any>>;
@@ -1,4 +1,4 @@
1
- export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-DYNe6az3.mjs';
1
+ export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-C7hGqzgM.mjs';
2
2
  export { U as UnauthorizedError, s as sanitizeServerLabel } from '../utils-DELRKQPU.mjs';
3
3
  import { OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
4
4
  export { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
@@ -1,4 +1,4 @@
1
- export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-BYtguGJm.js';
1
+ export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-C_kPHpD5.js';
2
2
  export { U as UnauthorizedError, s as sanitizeServerLabel } from '../utils-DELRKQPU.js';
3
3
  import { OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
4
4
  export { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
@@ -920,7 +920,7 @@ var SupabaseStorageBackend = class {
920
920
  if ("active" in data) updateData.active = data.active;
921
921
  if ("headers" in data) updateData.headers = encryptObject(data.headers);
922
922
  if ("clientInformation" in data) updateData.client_information = data.clientInformation;
923
- if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
923
+ if ("tokens" in data) updateData.tokens = data.tokens === void 0 ? null : encryptObject(data.tokens);
924
924
  if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
925
925
  if ("clientId" in data) updateData.client_id = data.clientId;
926
926
  const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
@@ -1123,7 +1123,7 @@ var NeonStorageBackend = class {
1123
1123
  updatedSession.active ?? false,
1124
1124
  encryptObject(updatedSession.headers),
1125
1125
  updatedSession.clientInformation,
1126
- encryptObject(updatedSession.tokens),
1126
+ updatedSession.tokens === void 0 ? null : encryptObject(updatedSession.tokens),
1127
1127
  updatedSession.codeVerifier,
1128
1128
  updatedSession.clientId,
1129
1129
  expiresAt,
@@ -1709,7 +1709,7 @@ var RpcErrorCodes = {
1709
1709
  EXECUTION_ERROR: "EXECUTION_ERROR"};
1710
1710
 
1711
1711
  // src/server/mcp/oauth-client.ts
1712
- var MCPClient = class _MCPClient {
1712
+ var MCPClient = class {
1713
1713
  /**
1714
1714
  * Creates a new MCP client instance
1715
1715
  * Can be initialized with minimal options (userId + sessionId) for session restoration
@@ -2043,8 +2043,6 @@ var MCPClient = class _MCPClient {
2043
2043
  throw new Error(error);
2044
2044
  }
2045
2045
  try {
2046
- this.emitProgress("Validating OAuth tokens...");
2047
- await this.getValidTokens();
2048
2046
  this.emitStateChange("CONNECTING");
2049
2047
  const { transportType } = await this.tryConnect();
2050
2048
  this.transportType = transportType;
@@ -2369,59 +2367,6 @@ var MCPClient = class _MCPClient {
2369
2367
  };
2370
2368
  return await this.client.request(request, types_js.ReadResourceResultSchema);
2371
2369
  }
2372
- /**
2373
- * Refreshes the OAuth access token using the refresh token
2374
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
2375
- * @returns True if refresh was successful, false otherwise
2376
- */
2377
- async refreshToken() {
2378
- await this.initialize();
2379
- if (!this.oauthProvider) {
2380
- return false;
2381
- }
2382
- const tokens = await this.oauthProvider.tokens();
2383
- if (!tokens || !tokens.refresh_token) {
2384
- return false;
2385
- }
2386
- const clientInformation = await this.oauthProvider.clientInformation();
2387
- if (!clientInformation) {
2388
- return false;
2389
- }
2390
- try {
2391
- const resourceMetadata = await auth_js.discoverOAuthProtectedResourceMetadata(this.serverUrl);
2392
- const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
2393
- const authMetadata = await auth_js.discoverAuthorizationServerMetadata(authServerUrl);
2394
- const newTokens = await auth_js.refreshAuthorization(authServerUrl, {
2395
- metadata: authMetadata,
2396
- clientInformation,
2397
- refreshToken: tokens.refresh_token
2398
- });
2399
- await this.oauthProvider.saveTokens(newTokens);
2400
- return true;
2401
- } catch (error) {
2402
- console.error("[OAuth] Token refresh failed:", error);
2403
- return false;
2404
- }
2405
- }
2406
- /**
2407
- * Ensures OAuth tokens are valid, refreshing them if expired
2408
- * Called automatically by connect() - rarely needs to be called manually
2409
- * @returns True if valid tokens are available, false otherwise
2410
- */
2411
- async getValidTokens() {
2412
- await this.initialize();
2413
- if (!this.oauthProvider) {
2414
- return false;
2415
- }
2416
- const tokens = await this.oauthProvider.tokens();
2417
- if (!tokens) {
2418
- return false;
2419
- }
2420
- if (this.oauthProvider.isTokenExpired()) {
2421
- return await this.refreshToken();
2422
- }
2423
- return true;
2424
- }
2425
2370
  /**
2426
2371
  * Reconnects to MCP server using existing OAuth provider from Redis
2427
2372
  * Used for session restoration in serverless environments
@@ -2553,10 +2498,14 @@ var MCPClient = class _MCPClient {
2553
2498
  }
2554
2499
  /**
2555
2500
  * Gets MCP server configuration for all active user sessions
2556
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
2557
- * Returns ready-to-use configuration with valid auth headers
2501
+ * Loads sessions from storage and returns server connection metadata.
2502
+ * OAuth refresh is handled by SDK transports through their authProvider.
2503
+ * @deprecated This returns legacy connection metadata only and does not
2504
+ * include OAuth tokens or generated Authorization headers. Prefer
2505
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
2506
+ * own OAuth refresh and reauthorization.
2558
2507
  * @param userId - User ID to fetch sessions for
2559
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
2508
+ * @returns Object keyed by sanitized server labels containing transport and url.
2560
2509
  * @static
2561
2510
  */
2562
2511
  static async getMcpServerConfig(userId) {
@@ -2570,29 +2519,6 @@ var MCPClient = class _MCPClient {
2570
2519
  await sessions.delete(userId, sessionId);
2571
2520
  return;
2572
2521
  }
2573
- let headers;
2574
- try {
2575
- const client = new _MCPClient({
2576
- userId,
2577
- sessionId,
2578
- serverId: sessionData.serverId,
2579
- serverUrl: sessionData.serverUrl,
2580
- callbackUrl: sessionData.callbackUrl,
2581
- serverName: sessionData.serverName,
2582
- transportType: sessionData.transportType,
2583
- headers: sessionData.headers
2584
- });
2585
- await client.initialize();
2586
- const hasValidTokens = await client.getValidTokens();
2587
- if (hasValidTokens && client.oauthProvider) {
2588
- const tokens = await client.oauthProvider.tokens();
2589
- if (tokens?.access_token) {
2590
- headers = { Authorization: `Bearer ${tokens.access_token}` };
2591
- }
2592
- }
2593
- } catch (error) {
2594
- console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
2595
- }
2596
2522
  const label = sanitizeServerLabel(
2597
2523
  sessionData.serverName || sessionData.serverId || "server"
2598
2524
  );
@@ -2602,8 +2528,7 @@ var MCPClient = class _MCPClient {
2602
2528
  ...sessionData.serverName && {
2603
2529
  serverName: sessionData.serverName,
2604
2530
  serverLabel: label
2605
- },
2606
- ...headers && { headers }
2531
+ }
2607
2532
  };
2608
2533
  } catch (error) {
2609
2534
  await sessions.delete(userId, sessionId);