@mcp-z/client 1.0.0

package/dist/cjs/auth/oauth-callback-listener.d.cts

@@ -0,0 +1,56 @@
+/**
+ * OAuth Callback Server for CLI Authentication
+ * Listens for OAuth authorization callbacks and captures authorization code
+ */
+import { type Logger } from '../utils/logger.js';
+import type { CallbackResult } from './types.js';
+export interface OAuthCallbackListenerOptions {
+    /** Port to listen on (required - use get-port package to find available port) */
+    port: number;
+    /** Optional logger for debug output (defaults to singleton logger) */
+    logger?: Logger;
+}
+/**
+ * OAuthCallbackListener handles OAuth redirect callbacks
+ * Starts a temporary HTTP server to receive authorization code
+ *
+ * Note: Caller is responsible for finding an available port using get-port package
+ */
+export declare class OAuthCallbackListener {
+    private server;
+    private resolveCallback?;
+    private rejectCallback?;
+    private timeout;
+    private port;
+    private logger;
+    constructor(options: OAuthCallbackListenerOptions);
+    /**
+     * Start the callback server
+     * Fails fast if port is already in use - caller should use get-port to find available port
+     */
+    start(): Promise<void>;
+    /**
+     * Listen on a specific port
+     */
+    private listen;
+    /**
+     * Handle incoming HTTP requests
+     */
+    private handleRequest;
+    /**
+     * Handle OAuth callback
+     */
+    private handleCallback;
+    /**
+     * Wait for OAuth callback with timeout
+     */
+    waitForCallback(timeoutMs?: number): Promise<CallbackResult>;
+    /**
+     * Stop the callback server and close
+     */
+    stop(): Promise<void>;
+    /**
+     * Get the callback URL for this server
+     */
+    getCallbackUrl(): string;
+}

package/dist/cjs/auth/oauth-callback-listener.d.ts

@@ -0,0 +1,56 @@
+/**
+ * OAuth Callback Server for CLI Authentication
+ * Listens for OAuth authorization callbacks and captures authorization code
+ */
+import { type Logger } from '../utils/logger.js';
+import type { CallbackResult } from './types.js';
+export interface OAuthCallbackListenerOptions {
+    /** Port to listen on (required - use get-port package to find available port) */
+    port: number;
+    /** Optional logger for debug output (defaults to singleton logger) */
+    logger?: Logger;
+}
+/**
+ * OAuthCallbackListener handles OAuth redirect callbacks
+ * Starts a temporary HTTP server to receive authorization code
+ *
+ * Note: Caller is responsible for finding an available port using get-port package
+ */
+export declare class OAuthCallbackListener {
+    private server;
+    private resolveCallback?;
+    private rejectCallback?;
+    private timeout;
+    private port;
+    private logger;
+    constructor(options: OAuthCallbackListenerOptions);
+    /**
+     * Start the callback server
+     * Fails fast if port is already in use - caller should use get-port to find available port
+     */
+    start(): Promise<void>;
+    /**
+     * Listen on a specific port
+     */
+    private listen;
+    /**
+     * Handle incoming HTTP requests
+     */
+    private handleRequest;
+    /**
+     * Handle OAuth callback
+     */
+    private handleCallback;
+    /**
+     * Wait for OAuth callback with timeout
+     */
+    waitForCallback(timeoutMs?: number): Promise<CallbackResult>;
+    /**
+     * Stop the callback server and close
+     */
+    stop(): Promise<void>;
+    /**
+     * Get the callback URL for this server
+     */
+    getCallbackUrl(): string;
+}

package/dist/cjs/auth/oauth-callback-listener.js

@@ -0,0 +1,333 @@
+/**
+ * OAuth Callback Server for CLI Authentication
+ * Listens for OAuth authorization callbacks and captures authorization code
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "OAuthCallbackListener", {
+    enumerable: true,
+    get: function() {
+        return OAuthCallbackListener;
+    }
+});
+var _nodehttp = /*#__PURE__*/ _interop_require_default(require("node:http"));
+var _loggerts = require("../utils/logger.js");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
+    try {
+        var info = gen[key](arg);
+        var value = info.value;
+    } catch (error) {
+        reject(error);
+        return;
+    }
+    if (info.done) {
+        resolve(value);
+    } else {
+        Promise.resolve(value).then(_next, _throw);
+    }
+}
+function _async_to_generator(fn) {
+    return function() {
+        var self = this, args = arguments;
+        return new Promise(function(resolve, reject) {
+            var gen = fn.apply(self, args);
+            function _next(value) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
+            }
+            function _throw(err) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
+            }
+            _next(undefined);
+        });
+    };
+}
+function _class_call_check(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+function _ts_generator(thisArg, body) {
+    var f, y, t, _ = {
+        label: 0,
+        sent: function() {
+            if (t[0] & 1) throw t[1];
+            return t[1];
+        },
+        trys: [],
+        ops: []
+    }, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype), d = Object.defineProperty;
+    return d(g, "next", {
+        value: verb(0)
+    }), d(g, "throw", {
+        value: verb(1)
+    }), d(g, "return", {
+        value: verb(2)
+    }), typeof Symbol === "function" && d(g, Symbol.iterator, {
+        value: function() {
+            return this;
+        }
+    }), g;
+    function verb(n) {
+        return function(v) {
+            return step([
+                n,
+                v
+            ]);
+        };
+    }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while(g && (g = 0, op[0] && (_ = 0)), _)try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [
+                op[0] & 2,
+                t.value
+            ];
+            switch(op[0]){
+                case 0:
+                case 1:
+                    t = op;
+                    break;
+                case 4:
+                    _.label++;
+                    return {
+                        value: op[1],
+                        done: false
+                    };
+                case 5:
+                    _.label++;
+                    y = op[1];
+                    op = [
+                        0
+                    ];
+                    continue;
+                case 7:
+                    op = _.ops.pop();
+                    _.trys.pop();
+                    continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
+                        _ = 0;
+                        continue;
+                    }
+                    if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
+                        _.label = op[1];
+                        break;
+                    }
+                    if (op[0] === 6 && _.label < t[1]) {
+                        _.label = t[1];
+                        t = op;
+                        break;
+                    }
+                    if (t && _.label < t[2]) {
+                        _.label = t[2];
+                        _.ops.push(op);
+                        break;
+                    }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop();
+                    continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) {
+            op = [
+                6,
+                e
+            ];
+            y = 0;
+        } finally{
+            f = t = 0;
+        }
+        if (op[0] & 5) throw op[1];
+        return {
+            value: op[0] ? op[1] : void 0,
+            done: true
+        };
+    }
+}
+var OAuthCallbackListener = /*#__PURE__*/ function() {
+    "use strict";
+    function OAuthCallbackListener(options) {
+        _class_call_check(this, OAuthCallbackListener);
+        var _options_logger;
+        this.port = options.port;
+        this.logger = (_options_logger = options.logger) !== null && _options_logger !== void 0 ? _options_logger : _loggerts.logger;
+    }
+    var _proto = OAuthCallbackListener.prototype;
+    /**
+   * Start the callback server
+   * Fails fast if port is already in use - caller should use get-port to find available port
+   */ _proto.start = function start() {
+        return _async_to_generator(function() {
+            return _ts_generator(this, function(_state) {
+                switch(_state.label){
+                    case 0:
+                        return [
+                            4,
+                            this.listen(this.port)
+                        ];
+                    case 1:
+                        _state.sent();
+                        this.logger.debug("✅ Callback server listening on http://localhost:".concat(this.port, "/callback"));
+                        return [
+                            2
+                        ];
+                }
+            });
+        }).call(this);
+    };
+    /**
+   * Listen on a specific port
+   */ _proto.listen = function listen(port) {
+        var _this = this;
+        return new Promise(function(resolve, reject) {
+            _this.server = _nodehttp.default.createServer(function(req, res) {
+                _this.handleRequest(req, res);
+            });
+            _this.server.on('error', function(error) {
+                reject(error);
+            });
+            _this.server.listen(port, function() {
+                resolve();
+            });
+        });
+    };
+    /**
+   * Handle incoming HTTP requests
+   */ _proto.handleRequest = function handleRequest(req, res) {
+        var url = new URL(req.url || '', "http://localhost:".concat(this.port));
+        if (url.pathname === '/callback') {
+            this.handleCallback(url, res);
+        } else {
+            res.writeHead(404, {
+                'Content-Type': 'text/plain'
+            });
+            res.end('Not Found');
+        }
+    };
+    /**
+   * Handle OAuth callback
+   */ _proto.handleCallback = function handleCallback(url, res) {
+        var code = url.searchParams.get('code');
+        var state = url.searchParams.get('state');
+        var error = url.searchParams.get('error');
+        var errorDescription = url.searchParams.get('error_description');
+        // Handle OAuth errors
+        if (error) {
+            var errorMessage = errorDescription ? "".concat(error, ": ").concat(errorDescription) : error;
+            res.writeHead(400, {
+                'Content-Type': 'text/html'
+            });
+            res.end("\n        <html>\n          <body>\n            <h1>Authorization Failed</h1>\n            <p>".concat(errorMessage, "</p>\n            <script>setTimeout(() => window.close(), 3000);</script>\n          </body>\n        </html>\n      "));
+            if (this.rejectCallback) {
+                this.rejectCallback(new Error(errorMessage));
+            }
+            return;
+        }
+        // Validate code parameter
+        if (!code) {
+            res.writeHead(400, {
+                'Content-Type': 'text/html'
+            });
+            res.end("\n        <html>\n          <body>\n            <h1>Invalid Callback</h1>\n            <p>Missing authorization code</p>\n            <script>setTimeout(() => window.close(), 3000);</script>\n          </body>\n        </html>\n      ");
+            if (this.rejectCallback) {
+                this.rejectCallback(new Error('Missing authorization code'));
+            }
+            return;
+        }
+        // Success - send confirmation page
+        res.writeHead(200, {
+            'Content-Type': 'text/html; charset=utf-8'
+        });
+        res.end('\n      <html>\n        <head>\n          <meta charset="UTF-8">\n        </head>\n        <body>\n          <h1>Authorization Successful</h1>\n          <p>You can close this window and return to the terminal.</p>\n          <script>setTimeout(() => window.close(), 2000);</script>\n        </body>\n      </html>\n    ');
+        // Resolve the promise with authorization code
+        if (this.resolveCallback) {
+            var result = {
+                code: code
+            };
+            if (state) {
+                result.state = state;
+            }
+            this.resolveCallback(result);
+        }
+    };
+    /**
+   * Wait for OAuth callback with timeout
+   */ _proto.waitForCallback = function waitForCallback() {
+        var timeoutMs = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : 300000;
+        return _async_to_generator(function() {
+            var _this;
+            return _ts_generator(this, function(_state) {
+                _this = this;
+                return [
+                    2,
+                    new Promise(function(resolve, reject) {
+                        _this.resolveCallback = resolve;
+                        _this.rejectCallback = reject;
+                        // Set timeout to prevent hanging forever
+                        _this.timeout = setTimeout(function() {
+                            reject(new Error("Authorization timeout - no callback received within ".concat(timeoutMs / 1000, " seconds")));
+                            _this.stop();
+                        }, timeoutMs);
+                    })
+                ];
+            });
+        }).call(this);
+    };
+    /**
+   * Stop the callback server and close
+   */ _proto.stop = function stop() {
+        return _async_to_generator(function() {
+            var _this;
+            return _ts_generator(this, function(_state) {
+                switch(_state.label){
+                    case 0:
+                        _this = this;
+                        // Clear the timeout
+                        if (this.timeout) {
+                            clearTimeout(this.timeout);
+                            this.timeout = undefined;
+                        }
+                        if (!this.server) return [
+                            3,
+                            2
+                        ];
+                        return [
+                            4,
+                            new Promise(function(resolve) {
+                                var _this_server;
+                                (_this_server = _this.server) === null || _this_server === void 0 ? void 0 : _this_server.close(function() {
+                                    _this.logger.debug('🔒 Callback server closed');
+                                    resolve();
+                                });
+                            })
+                        ];
+                    case 1:
+                        _state.sent();
+                        this.server = undefined;
+                        _state.label = 2;
+                    case 2:
+                        return [
+                            2
+                        ];
+                }
+            });
+        }).call(this);
+    };
+    /**
+   * Get the callback URL for this server
+   */ _proto.getCallbackUrl = function getCallbackUrl() {
+        if (!this.port) {
+            throw new Error('Server not started - call start() first');
+        }
+        return "http://localhost:".concat(this.port, "/callback");
+    };
+    return OAuthCallbackListener;
+}();
+/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }

package/dist/cjs/auth/oauth-callback-listener.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/kevin/Dev/Projects/ai/mcp-z/libs/client/src/auth/oauth-callback-listener.ts"],"sourcesContent":["/**\n * OAuth Callback Server for CLI Authentication\n * Listens for OAuth authorization callbacks and captures authorization code\n */\n\nimport http from 'node:http';\nimport { logger as defaultLogger, type Logger } from '../utils/logger.ts';\nimport type { CallbackResult } from './types.ts';\n\nexport interface OAuthCallbackListenerOptions {\n  /** Port to listen on (required - use get-port package to find available port) */\n  port: number;\n  /** Optional logger for debug output (defaults to singleton logger) */\n  logger?: Logger;\n}\n\n/**\n * OAuthCallbackListener handles OAuth redirect callbacks\n * Starts a temporary HTTP server to receive authorization code\n *\n * Note: Caller is responsible for finding an available port using get-port package\n */\nexport class OAuthCallbackListener {\n  private server: http.Server | undefined;\n  private resolveCallback?: (result: CallbackResult) => void;\n  private rejectCallback?: (error: Error) => void;\n  private timeout: NodeJS.Timeout | undefined;\n  private port: number;\n  private logger: Logger;\n\n  constructor(options: OAuthCallbackListenerOptions) {\n    this.port = options.port;\n    this.logger = options.logger ?? defaultLogger;\n  }\n\n  /**\n   * Start the callback server\n   * Fails fast if port is already in use - caller should use get-port to find available port\n   */\n  async start(): Promise<void> {\n    await this.listen(this.port);\n    this.logger.debug(`✅ Callback server listening on http://localhost:${this.port}/callback`);\n  }\n\n  /**\n   * Listen on a specific port\n   */\n  private listen(port: number): Promise<void> {\n    return new Promise((resolve, reject) => {\n      this.server = http.createServer((req, res) => {\n        this.handleRequest(req, res);\n      });\n\n      this.server.on('error', (error) => {\n        reject(error);\n      });\n\n      this.server.listen(port, () => {\n        resolve();\n      });\n    });\n  }\n\n  /**\n   * Handle incoming HTTP requests\n   */\n  private handleRequest(req: http.IncomingMessage, res: http.ServerResponse): void {\n    const url = new URL(req.url || '', `http://localhost:${this.port}`);\n\n    if (url.pathname === '/callback') {\n      this.handleCallback(url, res);\n    } else {\n      res.writeHead(404, { 'Content-Type': 'text/plain' });\n      res.end('Not Found');\n    }\n  }\n\n  /**\n   * Handle OAuth callback\n   */\n  private handleCallback(url: URL, res: http.ServerResponse): void {\n    const code = url.searchParams.get('code');\n    const state = url.searchParams.get('state');\n    const error = url.searchParams.get('error');\n    const errorDescription = url.searchParams.get('error_description');\n\n    // Handle OAuth errors\n    if (error) {\n      const errorMessage = errorDescription ? `${error}: ${errorDescription}` : error;\n\n      res.writeHead(400, { 'Content-Type': 'text/html' });\n      res.end(`\n        <html>\n          <body>\n            <h1>Authorization Failed</h1>\n            <p>${errorMessage}</p>\n            <script>setTimeout(() => window.close(), 3000);</script>\n          </body>\n        </html>\n      `);\n\n      if (this.rejectCallback) {\n        this.rejectCallback(new Error(errorMessage));\n      }\n      return;\n    }\n\n    // Validate code parameter\n    if (!code) {\n      res.writeHead(400, { 'Content-Type': 'text/html' });\n      res.end(`\n        <html>\n          <body>\n            <h1>Invalid Callback</h1>\n            <p>Missing authorization code</p>\n            <script>setTimeout(() => window.close(), 3000);</script>\n          </body>\n        </html>\n      `);\n\n      if (this.rejectCallback) {\n        this.rejectCallback(new Error('Missing authorization code'));\n      }\n      return;\n    }\n\n    // Success - send confirmation page\n    res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });\n    res.end(`\n      <html>\n        <head>\n          <meta charset=\"UTF-8\">\n        </head>\n        <body>\n          <h1>Authorization Successful</h1>\n          <p>You can close this window and return to the terminal.</p>\n          <script>setTimeout(() => window.close(), 2000);</script>\n        </body>\n      </html>\n    `);\n\n    // Resolve the promise with authorization code\n    if (this.resolveCallback) {\n      const result: CallbackResult = { code };\n      if (state) {\n        result.state = state;\n      }\n      this.resolveCallback(result);\n    }\n  }\n\n  /**\n   * Wait for OAuth callback with timeout\n   */\n  async waitForCallback(timeoutMs = 300000): Promise<CallbackResult> {\n    return new Promise((resolve, reject) => {\n      this.resolveCallback = resolve;\n      this.rejectCallback = reject;\n\n      // Set timeout to prevent hanging forever\n      this.timeout = setTimeout(() => {\n        reject(new Error(`Authorization timeout - no callback received within ${timeoutMs / 1000} seconds`));\n        this.stop();\n      }, timeoutMs);\n    });\n  }\n\n  /**\n   * Stop the callback server and close\n   */\n  async stop(): Promise<void> {\n    // Clear the timeout\n    if (this.timeout) {\n      clearTimeout(this.timeout);\n      this.timeout = undefined;\n    }\n\n    // Close the server\n    if (this.server) {\n      await new Promise<void>((resolve) => {\n        this.server?.close(() => {\n          this.logger.debug('🔒 Callback server closed');\n          resolve();\n        });\n      });\n      this.server = undefined;\n    }\n  }\n\n  /**\n   * Get the callback URL for this server\n   */\n  getCallbackUrl(): string {\n    if (!this.port) {\n      throw new Error('Server not started - call start() first');\n    }\n    return `http://localhost:${this.port}/callback`;\n  }\n}\n"],"names":["OAuthCallbackListener","options","port","logger","defaultLogger","start","listen","debug","Promise","resolve","reject","server","http","createServer","req","res","handleRequest","on","error","url","URL","pathname","handleCallback","writeHead","end","code","searchParams","get","state","errorDescription","errorMessage","rejectCallback","Error","resolveCallback","result","waitForCallback","timeoutMs","timeout","setTimeout","stop","clearTimeout","undefined","close","getCallbackUrl"],"mappings":"AAAA;;;CAGC;;;;+BAmBYA;;;eAAAA;;;+DAjBI;wBACoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgB9C,IAAA,AAAMA,sCAAN;;aAAMA,sBAQCC,OAAqC;gCARtCD;YAUKC;QADd,IAAI,CAACC,IAAI,GAAGD,QAAQC,IAAI;QACxB,IAAI,CAACC,MAAM,IAAGF,kBAAAA,QAAQE,MAAM,cAAdF,6BAAAA,kBAAkBG,gBAAa;;iBAVpCJ;IAaX;;;GAGC,GACD,OAAMK,KAGL,GAHD,SAAMA;;;;;wBACJ;;4BAAM,IAAI,CAACC,MAAM,CAAC,IAAI,CAACJ,IAAI;;;wBAA3B;wBACA,IAAI,CAACC,MAAM,CAACI,KAAK,CAAC,AAAC,mDAA4D,OAAV,IAAI,CAACL,IAAI,EAAC;;;;;;QACjF;;IAEA;;GAEC,GACD,OAAQI,MAcP,GAdD,SAAQA,OAAOJ,IAAY;;QACzB,OAAO,IAAIM,QAAQ,SAACC,SAASC;YAC3B,MAAKC,MAAM,GAAGC,iBAAI,CAACC,YAAY,CAAC,SAACC,KAAKC;gBACpC,MAAKC,aAAa,CAACF,KAAKC;YAC1B;YAEA,MAAKJ,MAAM,CAACM,EAAE,CAAC,SAAS,SAACC;gBACvBR,OAAOQ;YACT;YAEA,MAAKP,MAAM,CAACL,MAAM,CAACJ,MAAM;gBACvBO;YACF;QACF;IACF;IAEA;;GAEC,GACD,OAAQO,aASP,GATD,SAAQA,cAAcF,GAAyB,EAAEC,GAAwB;QACvE,IAAMI,MAAM,IAAIC,IAAIN,IAAIK,GAAG,IAAI,IAAI,AAAC,oBAA6B,OAAV,IAAI,CAACjB,IAAI;QAEhE,IAAIiB,IAAIE,QAAQ,KAAK,aAAa;YAChC,IAAI,CAACC,cAAc,CAACH,KAAKJ;QAC3B,OAAO;YACLA,IAAIQ,SAAS,CAAC,KAAK;gBAAE,gBAAgB;YAAa;YAClDR,IAAIS,GAAG,CAAC;QACV;IACF;IAEA;;GAEC,GACD,OAAQF,cAqEP,GArED,SAAQA,eAAeH,GAAQ,EAAEJ,GAAwB;QACvD,IAAMU,OAAON,IAAIO,YAAY,CAACC,GAAG,CAAC;QAClC,IAAMC,QAAQT,IAAIO,YAAY,CAACC,GAAG,CAAC;QACnC,IAAMT,QAAQC,IAAIO,YAAY,CAACC,GAAG,CAAC;QACnC,IAAME,mBAAmBV,IAAIO,YAAY,CAACC,GAAG,CAAC;QAE9C,sBAAsB;QACtB,IAAIT,OAAO;YACT,IAAMY,eAAeD,mBAAmB,AAAC,GAAYA,OAAVX,OAAM,MAAqB,OAAjBW,oBAAqBX;YAE1EH,IAAIQ,SAAS,CAAC,KAAK;gBAAE,gBAAgB;YAAY;YACjDR,IAAIS,GAAG,CAAC,AAAC,iGAIe,OAAbM,cAAa;YAMxB,IAAI,IAAI,CAACC,cAAc,EAAE;gBACvB,IAAI,CAACA,cAAc,CAAC,IAAIC,MAAMF;YAChC;YACA;QACF;QAEA,0BAA0B;QAC1B,IAAI,CAACL,MAAM;YACTV,IAAIQ,SAAS,CAAC,KAAK;gBAAE,gBAAgB;YAAY;YACjDR,IAAIS,GAAG,CAAC;YAUR,IAAI,IAAI,CAACO,cAAc,EAAE;gBACvB,IAAI,CAACA,cAAc,CAAC,IAAIC,MAAM;YAChC;YACA;QACF;QAEA,mCAAmC;QACnCjB,IAAIQ,SAAS,CAAC,KAAK;YAAE,gBAAgB;QAA2B;QAChER,IAAIS,GAAG,CAAC;QAaR,8CAA8C;QAC9C,IAAI,IAAI,CAACS,eAAe,EAAE;YACxB,IAAMC,SAAyB;gBAAET,MAAAA;YAAK;YACtC,IAAIG,OAAO;gBACTM,OAAON,KAAK,GAAGA;YACjB;YACA,IAAI,CAACK,eAAe,CAACC;QACvB;IACF;IAEA;;GAEC,GACD,OAAMC,eAWL,GAXD,SAAMA;YAAgBC,YAAAA,iEAAY;;;;;gBAChC;;oBAAO,IAAI5B,QAAQ,SAACC,SAASC;wBAC3B,MAAKuB,eAAe,GAAGxB;wBACvB,MAAKsB,cAAc,GAAGrB;wBAEtB,yCAAyC;wBACzC,MAAK2B,OAAO,GAAGC,WAAW;4BACxB5B,OAAO,IAAIsB,MAAM,AAAC,uDAAuE,OAAjBI,YAAY,MAAK;4BACzF,MAAKG,IAAI;wBACX,GAAGH;oBACL;;;QACF;;IAEA;;GAEC,GACD,OAAMG,IAiBL,GAjBD,SAAMA;;;;;;;wBACJ,oBAAoB;wBACpB,IAAI,IAAI,CAACF,OAAO,EAAE;4BAChBG,aAAa,IAAI,CAACH,OAAO;4BACzB,IAAI,CAACA,OAAO,GAAGI;wBACjB;6BAGI,IAAI,CAAC9B,MAAM,EAAX;;;;wBACF;;4BAAM,IAAIH,QAAc,SAACC;oCACvB;iCAAA,eAAA,MAAKE,MAAM,cAAX,mCAAA,aAAa+B,KAAK,CAAC;oCACjB,MAAKvC,MAAM,CAACI,KAAK,CAAC;oCAClBE;gCACF;4BACF;;;wBALA;wBAMA,IAAI,CAACE,MAAM,GAAG8B;;;;;;;;QAElB;;IAEA;;GAEC,GACDE,OAAAA,cAKC,GALDA,SAAAA;QACE,IAAI,CAAC,IAAI,CAACzC,IAAI,EAAE;YACd,MAAM,IAAI8B,MAAM;QAClB;QACA,OAAO,AAAC,oBAA6B,OAAV,IAAI,CAAC9B,IAAI,EAAC;IACvC;WA/KWF"}

package/dist/cjs/auth/pkce.d.cts

@@ -0,0 +1,17 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ * Implements RFC 7636 for OAuth 2.0 public client security
+ */
+import type { PkceParams } from './types.js';
+/**
+ * Generate PKCE parameters for OAuth 2.0 authorization code flow
+ * Uses S256 method (SHA-256 hash) as recommended by RFC 7636
+ *
+ * @returns PkceParams with code verifier, challenge, and method
+ *
+ * @example
+ * const pkce = await generatePkce();
+ * // Use pkce.codeChallenge and pkce.codeChallengeMethod in authorization URL
+ * // Store pkce.codeVerifier for token exchange
+ */
+export declare function generatePkce(): Promise<PkceParams>;

package/dist/cjs/auth/pkce.d.ts

@@ -0,0 +1,17 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities
+ * Implements RFC 7636 for OAuth 2.0 public client security
+ */
+import type { PkceParams } from './types.js';
+/**
+ * Generate PKCE parameters for OAuth 2.0 authorization code flow
+ * Uses S256 method (SHA-256 hash) as recommended by RFC 7636
+ *
+ * @returns PkceParams with code verifier, challenge, and method
+ *
+ * @example
+ * const pkce = await generatePkce();
+ * // Use pkce.codeChallenge and pkce.codeChallengeMethod in authorization URL
+ * // Store pkce.codeVerifier for token exchange
+ */
+export declare function generatePkce(): Promise<PkceParams>;