@mcp-ts/sdk 2.3.3 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -2,7 +2,7 @@ import { Client } from '@modelcontextprotocol/sdk/client/index.js';
2
2
  import { customAlphabet, nanoid } from 'nanoid';
3
3
  import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
4
4
  import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
5
- import { UnauthorizedError as UnauthorizedError$1, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata, refreshAuthorization } from '@modelcontextprotocol/sdk/client/auth.js';
5
+ import { UnauthorizedError as UnauthorizedError$1 } from '@modelcontextprotocol/sdk/client/auth.js';
6
6
  import { ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, GetPromptResultSchema, ListResourcesResultSchema, ReadResourceResultSchema } from '@modelcontextprotocol/sdk/types.js';
7
7
  import * as fs2 from 'fs';
8
8
  import { promises } from 'fs';
@@ -862,7 +862,7 @@ var SupabaseStorageBackend = class {
862
862
  if ("active" in data) updateData.active = data.active;
863
863
  if ("headers" in data) updateData.headers = encryptObject(data.headers);
864
864
  if ("clientInformation" in data) updateData.client_information = data.clientInformation;
865
- if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
865
+ if ("tokens" in data) updateData.tokens = data.tokens === void 0 ? null : encryptObject(data.tokens);
866
866
  if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
867
867
  if ("clientId" in data) updateData.client_id = data.clientId;
868
868
  const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
@@ -1064,7 +1064,7 @@ var NeonStorageBackend = class {
1064
1064
  updatedSession.active ?? false,
1065
1065
  encryptObject(updatedSession.headers),
1066
1066
  updatedSession.clientInformation,
1067
- encryptObject(updatedSession.tokens),
1067
+ updatedSession.tokens === void 0 ? null : encryptObject(updatedSession.tokens),
1068
1068
  updatedSession.codeVerifier,
1069
1069
  updatedSession.clientId,
1070
1070
  expiresAt,
@@ -1713,14 +1713,7 @@ var RpcErrorCodes = {
1713
1713
  };
1714
1714
 
1715
1715
  // src/server/mcp/oauth-client.ts
1716
- function isInvalidRefreshTokenError(error) {
1717
- if (!(error instanceof Error)) {
1718
- return false;
1719
- }
1720
- const text = `${error.name} ${error.message}`.toLowerCase();
1721
- return text.includes("invalidgrant") || text.includes("invalid_grant") || text.includes("invalid refresh token") || /refresh\s+token\s+(?:is\s+)?(?:invalid|expired|revoked)/i.test(text);
1722
- }
1723
- var MCPClient = class _MCPClient {
1716
+ var MCPClient = class {
1724
1717
  /**
1725
1718
  * Creates a new MCP client instance
1726
1719
  * Can be initialized with minimal options (userId + sessionId) for session restoration
@@ -2054,8 +2047,6 @@ var MCPClient = class _MCPClient {
2054
2047
  throw new Error(error);
2055
2048
  }
2056
2049
  try {
2057
- this.emitProgress("Validating OAuth tokens...");
2058
- await this.getValidTokens();
2059
2050
  this.emitStateChange("CONNECTING");
2060
2051
  const { transportType } = await this.tryConnect();
2061
2052
  this.transportType = transportType;
@@ -2380,67 +2371,6 @@ var MCPClient = class _MCPClient {
2380
2371
  };
2381
2372
  return await this.client.request(request, ReadResourceResultSchema);
2382
2373
  }
2383
- /**
2384
- * Refreshes the OAuth access token using the refresh token
2385
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
2386
- * @returns True if refresh was successful, false otherwise
2387
- */
2388
- async refreshToken() {
2389
- await this.initialize();
2390
- if (!this.oauthProvider) {
2391
- return false;
2392
- }
2393
- const tokens = await this.oauthProvider.tokens();
2394
- if (!tokens || !tokens.refresh_token) {
2395
- return false;
2396
- }
2397
- const clientInformation = await this.oauthProvider.clientInformation();
2398
- if (!clientInformation) {
2399
- return false;
2400
- }
2401
- try {
2402
- const resourceMetadata = await discoverOAuthProtectedResourceMetadata(this.serverUrl);
2403
- const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
2404
- const authMetadata = await discoverAuthorizationServerMetadata(authServerUrl);
2405
- const newTokens = await refreshAuthorization(authServerUrl, {
2406
- metadata: authMetadata,
2407
- clientInformation,
2408
- refreshToken: tokens.refresh_token
2409
- });
2410
- await this.oauthProvider.saveTokens(newTokens);
2411
- return true;
2412
- } catch (error) {
2413
- console.error("[OAuth] Token refresh failed:", error);
2414
- if (isInvalidRefreshTokenError(error)) {
2415
- try {
2416
- await this.oauthProvider.invalidateCredentials?.("tokens");
2417
- this.emitProgress("OAuth refresh token is invalid; requesting reauthorization...");
2418
- } catch (invalidateError) {
2419
- console.warn("[OAuth] Failed to invalidate stale refresh token credentials:", invalidateError);
2420
- }
2421
- }
2422
- return false;
2423
- }
2424
- }
2425
- /**
2426
- * Ensures OAuth tokens are valid, refreshing them if expired
2427
- * Called automatically by connect() - rarely needs to be called manually
2428
- * @returns True if valid tokens are available, false otherwise
2429
- */
2430
- async getValidTokens() {
2431
- await this.initialize();
2432
- if (!this.oauthProvider) {
2433
- return false;
2434
- }
2435
- const tokens = await this.oauthProvider.tokens();
2436
- if (!tokens) {
2437
- return false;
2438
- }
2439
- if (this.oauthProvider.isTokenExpired()) {
2440
- return await this.refreshToken();
2441
- }
2442
- return true;
2443
- }
2444
2374
  /**
2445
2375
  * Reconnects to MCP server using existing OAuth provider from Redis
2446
2376
  * Used for session restoration in serverless environments
@@ -2572,10 +2502,14 @@ var MCPClient = class _MCPClient {
2572
2502
  }
2573
2503
  /**
2574
2504
  * Gets MCP server configuration for all active user sessions
2575
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
2576
- * Returns ready-to-use configuration with valid auth headers
2505
+ * Loads sessions from storage and returns server connection metadata.
2506
+ * OAuth refresh is handled by SDK transports through their authProvider.
2507
+ * @deprecated This returns legacy connection metadata only and does not
2508
+ * include OAuth tokens or generated Authorization headers. Prefer
2509
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
2510
+ * own OAuth refresh and reauthorization.
2577
2511
  * @param userId - User ID to fetch sessions for
2578
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
2512
+ * @returns Object keyed by sanitized server labels containing transport and url.
2579
2513
  * @static
2580
2514
  */
2581
2515
  static async getMcpServerConfig(userId) {
@@ -2589,29 +2523,6 @@ var MCPClient = class _MCPClient {
2589
2523
  await sessions.delete(userId, sessionId);
2590
2524
  return;
2591
2525
  }
2592
- let headers;
2593
- try {
2594
- const client = new _MCPClient({
2595
- userId,
2596
- sessionId,
2597
- serverId: sessionData.serverId,
2598
- serverUrl: sessionData.serverUrl,
2599
- callbackUrl: sessionData.callbackUrl,
2600
- serverName: sessionData.serverName,
2601
- transportType: sessionData.transportType,
2602
- headers: sessionData.headers
2603
- });
2604
- await client.initialize();
2605
- const hasValidTokens = await client.getValidTokens();
2606
- if (hasValidTokens && client.oauthProvider) {
2607
- const tokens = await client.oauthProvider.tokens();
2608
- if (tokens?.access_token) {
2609
- headers = { Authorization: `Bearer ${tokens.access_token}` };
2610
- }
2611
- }
2612
- } catch (error) {
2613
- console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
2614
- }
2615
2526
  const label = sanitizeServerLabel(
2616
2527
  sessionData.serverName || sessionData.serverId || "server"
2617
2528
  );
@@ -2621,8 +2532,7 @@ var MCPClient = class _MCPClient {
2621
2532
  ...sessionData.serverName && {
2622
2533
  serverName: sessionData.serverName,
2623
2534
  serverLabel: label
2624
- },
2625
- ...headers && { headers }
2535
+ }
2626
2536
  };
2627
2537
  } catch (error) {
2628
2538
  await sessions.delete(userId, sessionId);