@mcp-z/oauth-microsoft 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +98 -0
- package/dist/cjs/index.d.cts +16 -0
- package/dist/cjs/index.d.ts +16 -0
- package/dist/cjs/index.js +112 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/lib/dcr-router.d.cts +44 -0
- package/dist/cjs/lib/dcr-router.d.ts +44 -0
- package/dist/cjs/lib/dcr-router.js +1227 -0
- package/dist/cjs/lib/dcr-router.js.map +1 -0
- package/dist/cjs/lib/dcr-utils.d.cts +160 -0
- package/dist/cjs/lib/dcr-utils.d.ts +160 -0
- package/dist/cjs/lib/dcr-utils.js +860 -0
- package/dist/cjs/lib/dcr-utils.js.map +1 -0
- package/dist/cjs/lib/dcr-verify.d.cts +53 -0
- package/dist/cjs/lib/dcr-verify.d.ts +53 -0
- package/dist/cjs/lib/dcr-verify.js +193 -0
- package/dist/cjs/lib/dcr-verify.js.map +1 -0
- package/dist/cjs/lib/fetch-with-timeout.d.cts +14 -0
- package/dist/cjs/lib/fetch-with-timeout.d.ts +14 -0
- package/dist/cjs/lib/fetch-with-timeout.js +257 -0
- package/dist/cjs/lib/fetch-with-timeout.js.map +1 -0
- package/dist/cjs/lib/token-verifier.d.cts +44 -0
- package/dist/cjs/lib/token-verifier.d.ts +44 -0
- package/dist/cjs/lib/token-verifier.js +253 -0
- package/dist/cjs/lib/token-verifier.js.map +1 -0
- package/dist/cjs/package.json +1 -0
- package/dist/cjs/providers/dcr.d.cts +110 -0
- package/dist/cjs/providers/dcr.d.ts +110 -0
- package/dist/cjs/providers/dcr.js +600 -0
- package/dist/cjs/providers/dcr.js.map +1 -0
- package/dist/cjs/providers/device-code.d.cts +179 -0
- package/dist/cjs/providers/device-code.d.ts +179 -0
- package/dist/cjs/providers/device-code.js +896 -0
- package/dist/cjs/providers/device-code.js.map +1 -0
- package/dist/cjs/providers/loopback-oauth.d.cts +125 -0
- package/dist/cjs/providers/loopback-oauth.d.ts +125 -0
- package/dist/cjs/providers/loopback-oauth.js +1325 -0
- package/dist/cjs/providers/loopback-oauth.js.map +1 -0
- package/dist/cjs/schemas/index.d.cts +20 -0
- package/dist/cjs/schemas/index.d.ts +20 -0
- package/dist/cjs/schemas/index.js +37 -0
- package/dist/cjs/schemas/index.js.map +1 -0
- package/dist/cjs/setup/config.d.cts +113 -0
- package/dist/cjs/setup/config.d.ts +113 -0
- package/dist/cjs/setup/config.js +246 -0
- package/dist/cjs/setup/config.js.map +1 -0
- package/dist/cjs/types.d.cts +188 -0
- package/dist/cjs/types.d.ts +188 -0
- package/dist/cjs/types.js +18 -0
- package/dist/cjs/types.js.map +1 -0
- package/dist/esm/index.d.ts +16 -0
- package/dist/esm/index.js +16 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/lib/dcr-router.d.ts +44 -0
- package/dist/esm/lib/dcr-router.js +556 -0
- package/dist/esm/lib/dcr-router.js.map +1 -0
- package/dist/esm/lib/dcr-utils.d.ts +160 -0
- package/dist/esm/lib/dcr-utils.js +270 -0
- package/dist/esm/lib/dcr-utils.js.map +1 -0
- package/dist/esm/lib/dcr-verify.d.ts +53 -0
- package/dist/esm/lib/dcr-verify.js +53 -0
- package/dist/esm/lib/dcr-verify.js.map +1 -0
- package/dist/esm/lib/fetch-with-timeout.d.ts +14 -0
- package/dist/esm/lib/fetch-with-timeout.js +30 -0
- package/dist/esm/lib/fetch-with-timeout.js.map +1 -0
- package/dist/esm/lib/token-verifier.d.ts +44 -0
- package/dist/esm/lib/token-verifier.js +53 -0
- package/dist/esm/lib/token-verifier.js.map +1 -0
- package/dist/esm/package.json +1 -0
- package/dist/esm/providers/dcr.d.ts +110 -0
- package/dist/esm/providers/dcr.js +235 -0
- package/dist/esm/providers/dcr.js.map +1 -0
- package/dist/esm/providers/device-code.d.ts +179 -0
- package/dist/esm/providers/device-code.js +417 -0
- package/dist/esm/providers/device-code.js.map +1 -0
- package/dist/esm/providers/loopback-oauth.d.ts +125 -0
- package/dist/esm/providers/loopback-oauth.js +643 -0
- package/dist/esm/providers/loopback-oauth.js.map +1 -0
- package/dist/esm/schemas/index.d.ts +20 -0
- package/dist/esm/schemas/index.js +18 -0
- package/dist/esm/schemas/index.js.map +1 -0
- package/dist/esm/setup/config.d.ts +113 -0
- package/dist/esm/setup/config.js +268 -0
- package/dist/esm/setup/config.js.map +1 -0
- package/dist/esm/types.d.ts +188 -0
- package/dist/esm/types.js +8 -0
- package/dist/esm/types.js.map +1 -0
- package/package.json +87 -0
|
@@ -0,0 +1,246 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Microsoft OAuth configuration parsing from CLI arguments and environment variables.
|
|
3
|
+
*
|
|
4
|
+
* This module provides utilities to parse Microsoft OAuth configuration from
|
|
5
|
+
* CLI arguments and environment variables, following the same pattern as @mcp-z/server's
|
|
6
|
+
* parseConfig().
|
|
7
|
+
*/ "use strict";
|
|
8
|
+
Object.defineProperty(exports, "__esModule", {
|
|
9
|
+
value: true
|
|
10
|
+
});
|
|
11
|
+
function _export(target, all) {
|
|
12
|
+
for(var name in all)Object.defineProperty(target, name, {
|
|
13
|
+
enumerable: true,
|
|
14
|
+
get: Object.getOwnPropertyDescriptor(all, name).get
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
_export(exports, {
|
|
18
|
+
get createConfig () {
|
|
19
|
+
return createConfig;
|
|
20
|
+
},
|
|
21
|
+
get parseConfig () {
|
|
22
|
+
return parseConfig;
|
|
23
|
+
},
|
|
24
|
+
get parseDcrConfig () {
|
|
25
|
+
return parseDcrConfig;
|
|
26
|
+
}
|
|
27
|
+
});
|
|
28
|
+
var _util = require("util");
|
|
29
|
+
function _define_property(obj, key, value) {
|
|
30
|
+
if (key in obj) {
|
|
31
|
+
Object.defineProperty(obj, key, {
|
|
32
|
+
value: value,
|
|
33
|
+
enumerable: true,
|
|
34
|
+
configurable: true,
|
|
35
|
+
writable: true
|
|
36
|
+
});
|
|
37
|
+
} else {
|
|
38
|
+
obj[key] = value;
|
|
39
|
+
}
|
|
40
|
+
return obj;
|
|
41
|
+
}
|
|
42
|
+
function _object_spread(target) {
|
|
43
|
+
for(var i = 1; i < arguments.length; i++){
|
|
44
|
+
var source = arguments[i] != null ? arguments[i] : {};
|
|
45
|
+
var ownKeys = Object.keys(source);
|
|
46
|
+
if (typeof Object.getOwnPropertySymbols === "function") {
|
|
47
|
+
ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
|
|
48
|
+
return Object.getOwnPropertyDescriptor(source, sym).enumerable;
|
|
49
|
+
}));
|
|
50
|
+
}
|
|
51
|
+
ownKeys.forEach(function(key) {
|
|
52
|
+
_define_property(target, key, source[key]);
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
return target;
|
|
56
|
+
}
|
|
57
|
+
function ownKeys(object, enumerableOnly) {
|
|
58
|
+
var keys = Object.keys(object);
|
|
59
|
+
if (Object.getOwnPropertySymbols) {
|
|
60
|
+
var symbols = Object.getOwnPropertySymbols(object);
|
|
61
|
+
if (enumerableOnly) {
|
|
62
|
+
symbols = symbols.filter(function(sym) {
|
|
63
|
+
return Object.getOwnPropertyDescriptor(object, sym).enumerable;
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
keys.push.apply(keys, symbols);
|
|
67
|
+
}
|
|
68
|
+
return keys;
|
|
69
|
+
}
|
|
70
|
+
function _object_spread_props(target, source) {
|
|
71
|
+
source = source != null ? source : {};
|
|
72
|
+
if (Object.getOwnPropertyDescriptors) {
|
|
73
|
+
Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
|
|
74
|
+
} else {
|
|
75
|
+
ownKeys(Object(source)).forEach(function(key) {
|
|
76
|
+
Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
return target;
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Parse OAuth mode string into auth mode.
|
|
83
|
+
*
|
|
84
|
+
* @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')
|
|
85
|
+
* @returns Parsed auth mode
|
|
86
|
+
* @throws Error if value is invalid
|
|
87
|
+
*
|
|
88
|
+
* @example Valid formats
|
|
89
|
+
* ```typescript
|
|
90
|
+
* parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }
|
|
91
|
+
* parseAuthMode('device-code') // { auth: 'device-code' }
|
|
92
|
+
* parseAuthMode('dcr') // { auth: 'dcr' }
|
|
93
|
+
* ```
|
|
94
|
+
*/ function parseAuthMode(value) {
|
|
95
|
+
// Validate auth mode
|
|
96
|
+
if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {
|
|
97
|
+
throw new Error('Invalid --auth value: "'.concat(value, '". Valid values: loopback-oauth, device-code, dcr'));
|
|
98
|
+
}
|
|
99
|
+
return {
|
|
100
|
+
auth: value
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
function parseConfig(args, env, transport) {
|
|
104
|
+
var _ref;
|
|
105
|
+
function requiredEnv(key) {
|
|
106
|
+
var value = env[key];
|
|
107
|
+
if (!value) {
|
|
108
|
+
throw new Error("Environment variable ".concat(key, " is required for Microsoft OAuth"));
|
|
109
|
+
}
|
|
110
|
+
return value;
|
|
111
|
+
}
|
|
112
|
+
// Parse CLI arguments
|
|
113
|
+
var values = (0, _util.parseArgs)({
|
|
114
|
+
args: args,
|
|
115
|
+
options: {
|
|
116
|
+
auth: {
|
|
117
|
+
type: 'string'
|
|
118
|
+
},
|
|
119
|
+
headless: {
|
|
120
|
+
type: 'boolean'
|
|
121
|
+
},
|
|
122
|
+
'redirect-uri': {
|
|
123
|
+
type: 'string'
|
|
124
|
+
},
|
|
125
|
+
'tenant-id': {
|
|
126
|
+
type: 'string'
|
|
127
|
+
}
|
|
128
|
+
},
|
|
129
|
+
strict: false,
|
|
130
|
+
allowPositionals: true
|
|
131
|
+
}).values;
|
|
132
|
+
// Parse OAuth mode
|
|
133
|
+
var authArg = typeof values.auth === 'string' ? values.auth : undefined;
|
|
134
|
+
var envAuthMode = env.AUTH_MODE;
|
|
135
|
+
var mode = authArg || envAuthMode;
|
|
136
|
+
var auth;
|
|
137
|
+
if (mode) {
|
|
138
|
+
var parsed = parseAuthMode(mode);
|
|
139
|
+
auth = parsed.auth;
|
|
140
|
+
} else {
|
|
141
|
+
// DEFAULT: No flags provided, use loopback-oauth
|
|
142
|
+
auth = 'loopback-oauth';
|
|
143
|
+
}
|
|
144
|
+
// Validate: DCR only works with HTTP transport
|
|
145
|
+
if (auth === 'dcr' && transport === 'stdio') {
|
|
146
|
+
throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');
|
|
147
|
+
}
|
|
148
|
+
// Parse headless mode
|
|
149
|
+
var cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;
|
|
150
|
+
var envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;
|
|
151
|
+
var headless = (_ref = cliHeadless !== null && cliHeadless !== void 0 ? cliHeadless : envHeadless) !== null && _ref !== void 0 ? _ref : false;
|
|
152
|
+
// Parse redirect-uri (CLI overrides ENV)
|
|
153
|
+
var cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;
|
|
154
|
+
var envRedirectUri = env.REDIRECT_URI;
|
|
155
|
+
var redirectUri = cliRedirectUri !== null && cliRedirectUri !== void 0 ? cliRedirectUri : envRedirectUri;
|
|
156
|
+
// Parse tenant-id (CLI overrides environment)
|
|
157
|
+
var cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;
|
|
158
|
+
var tenantId = cliTenantId !== null && cliTenantId !== void 0 ? cliTenantId : requiredEnv('MS_TENANT_ID');
|
|
159
|
+
// Parse credentials
|
|
160
|
+
var clientId = requiredEnv('MS_CLIENT_ID');
|
|
161
|
+
var clientSecret = env.MS_CLIENT_SECRET;
|
|
162
|
+
return _object_spread(_object_spread_props(_object_spread({
|
|
163
|
+
clientId: clientId,
|
|
164
|
+
tenantId: tenantId
|
|
165
|
+
}, clientSecret && {
|
|
166
|
+
clientSecret: clientSecret
|
|
167
|
+
}), {
|
|
168
|
+
auth: auth,
|
|
169
|
+
headless: headless
|
|
170
|
+
}), redirectUri && {
|
|
171
|
+
redirectUri: redirectUri
|
|
172
|
+
});
|
|
173
|
+
}
|
|
174
|
+
function createConfig() {
|
|
175
|
+
return parseConfig(process.argv, process.env);
|
|
176
|
+
}
|
|
177
|
+
function parseDcrConfig(args, env, scope) {
|
|
178
|
+
function requiredEnv(key) {
|
|
179
|
+
var value = env[key];
|
|
180
|
+
if (!value) {
|
|
181
|
+
throw new Error("Environment variable ".concat(key, " is required for DCR configuration"));
|
|
182
|
+
}
|
|
183
|
+
return value;
|
|
184
|
+
}
|
|
185
|
+
// Parse CLI arguments
|
|
186
|
+
var values = (0, _util.parseArgs)({
|
|
187
|
+
args: args,
|
|
188
|
+
options: {
|
|
189
|
+
'dcr-mode': {
|
|
190
|
+
type: 'string'
|
|
191
|
+
},
|
|
192
|
+
'dcr-verify-url': {
|
|
193
|
+
type: 'string'
|
|
194
|
+
},
|
|
195
|
+
'dcr-store-uri': {
|
|
196
|
+
type: 'string'
|
|
197
|
+
},
|
|
198
|
+
'tenant-id': {
|
|
199
|
+
type: 'string'
|
|
200
|
+
}
|
|
201
|
+
},
|
|
202
|
+
strict: false,
|
|
203
|
+
allowPositionals: true
|
|
204
|
+
}).values;
|
|
205
|
+
// Parse DCR mode (CLI overrides environment)
|
|
206
|
+
var cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;
|
|
207
|
+
var envMode = env.DCR_MODE;
|
|
208
|
+
var mode = cliMode || envMode || 'self-hosted';
|
|
209
|
+
// Validate DCR mode
|
|
210
|
+
if (mode !== 'self-hosted' && mode !== 'external') {
|
|
211
|
+
throw new Error('Invalid --dcr-mode value: "'.concat(mode, '". Valid values: self-hosted, external'));
|
|
212
|
+
}
|
|
213
|
+
// Parse verify URL (CLI overrides environment)
|
|
214
|
+
var cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;
|
|
215
|
+
var envVerifyUrl = env.DCR_VERIFY_URL;
|
|
216
|
+
var verifyUrl = cliVerifyUrl || envVerifyUrl;
|
|
217
|
+
// Parse store URI (CLI overrides environment)
|
|
218
|
+
var cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;
|
|
219
|
+
var envStoreUri = env.DCR_STORE_URI;
|
|
220
|
+
var storeUri = cliStoreUri || envStoreUri;
|
|
221
|
+
// Validate mode-specific required fields
|
|
222
|
+
if (mode === 'external' && !verifyUrl) {
|
|
223
|
+
throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');
|
|
224
|
+
}
|
|
225
|
+
// Parse tenant-id (CLI overrides environment)
|
|
226
|
+
var cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;
|
|
227
|
+
var tenantId = cliTenantId !== null && cliTenantId !== void 0 ? cliTenantId : requiredEnv('MS_TENANT_ID');
|
|
228
|
+
// Parse credentials
|
|
229
|
+
var clientId = requiredEnv('MS_CLIENT_ID');
|
|
230
|
+
var clientSecret = env.MS_CLIENT_SECRET;
|
|
231
|
+
return _object_spread_props(_object_spread(_object_spread_props(_object_spread({
|
|
232
|
+
mode: mode
|
|
233
|
+
}, verifyUrl && {
|
|
234
|
+
verifyUrl: verifyUrl
|
|
235
|
+
}, storeUri && {
|
|
236
|
+
storeUri: storeUri
|
|
237
|
+
}), {
|
|
238
|
+
clientId: clientId
|
|
239
|
+
}), clientSecret && {
|
|
240
|
+
clientSecret: clientSecret
|
|
241
|
+
}), {
|
|
242
|
+
tenantId: tenantId,
|
|
243
|
+
scope: scope
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["/Users/kevin/Dev/Projects/ai/mcp-z/oauth/oauth-microsoft/src/setup/config.ts"],"sourcesContent":["/**\n * Microsoft OAuth configuration parsing from CLI arguments and environment variables.\n *\n * This module provides utilities to parse Microsoft OAuth configuration from\n * CLI arguments and environment variables, following the same pattern as @mcp-z/server's\n * parseConfig().\n */\n\nimport { parseArgs } from 'util';\nimport type { DcrConfig, OAuthConfig } from '../types.ts';\n\n// Re-export for external use\nexport type { DcrConfig, OAuthConfig };\n\n/**\n * Auth mode type (from OAuthConfig)\n */\ntype AuthMode = 'loopback-oauth' | 'device-code' | 'dcr';\n\n/**\n * Parse OAuth mode string into auth mode.\n *\n * @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')\n * @returns Parsed auth mode\n * @throws Error if value is invalid\n *\n * @example Valid formats\n * ```typescript\n * parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }\n * parseAuthMode('device-code') // { auth: 'device-code' }\n * parseAuthMode('dcr') // { auth: 'dcr' }\n * ```\n */\nfunction parseAuthMode(value: string): {\n auth: AuthMode;\n} {\n // Validate auth mode\n if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {\n throw new Error(`Invalid --auth value: \"${value}\". Valid values: loopback-oauth, device-code, dcr`);\n }\n\n return {\n auth: value as AuthMode,\n };\n}\n\n/**\n * Transport type for MCP servers\n */\ntype TransportType = 'stdio' | 'http';\n\n/**\n * Parse Microsoft OAuth configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --auth: OAuth mode ('loopback-oauth' | 'device-code' | 'dcr')\n * - Default: 'loopback-oauth' (if flag is omitted)\n * - --headless: Disable browser opening for OAuth flow (default: false, true in test env)\n * - --redirect-uri: Override OAuth redirect URI (default: ephemeral loopback)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - AUTH_MODE: OAuth mode (same format as --auth flag)\n * - HEADLESS: Headless mode flag ('true' to enable)\n * - REDIRECT_URI: OAuth redirect URI (overridden by --redirect-uri CLI flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param transport - Optional transport type. If 'stdio' and auth mode is 'dcr', throws an error.\n * @returns Parsed Microsoft OAuth configuration\n * @throws Error if required environment variables are missing, values are invalid, or DCR is used with stdio transport\n *\n * @example Default mode (no flags)\n * ```typescript\n * const config = parseConfig(process.argv, process.env);\n * // { auth: 'loopback-oauth' }\n * ```\n *\n * @example Override auth mode\n * ```typescript\n * parseConfig(['--auth=loopback-oauth'], process.env);\n * parseConfig(['--auth=device-code'], process.env);\n * ```\n *\n * @example With transport validation\n * ```typescript\n * parseConfig(['--auth=dcr'], process.env, 'http'); // OK\n * parseConfig(['--auth=dcr'], process.env, 'stdio'); // Throws error\n * ```\n *\n * Valid auth modes:\n * - loopback-oauth (default)\n * - device-code\n * - dcr (HTTP transport only)\n */\nexport function parseConfig(args: string[], env: Record<string, string | undefined>, transport?: TransportType): OAuthConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for Microsoft OAuth`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n auth: { type: 'string' },\n headless: { type: 'boolean' },\n 'redirect-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse OAuth mode\n const authArg = typeof values.auth === 'string' ? values.auth : undefined;\n const envAuthMode = env.AUTH_MODE;\n const mode = authArg || envAuthMode;\n\n let auth: AuthMode;\n\n if (mode) {\n const parsed = parseAuthMode(mode);\n auth = parsed.auth;\n } else {\n // DEFAULT: No flags provided, use loopback-oauth\n auth = 'loopback-oauth';\n }\n\n // Validate: DCR only works with HTTP transport\n if (auth === 'dcr' && transport === 'stdio') {\n throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');\n }\n\n // Parse headless mode\n const cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;\n const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;\n const headless = cliHeadless ?? envHeadless ?? false;\n\n // Parse redirect-uri (CLI overrides ENV)\n const cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;\n const envRedirectUri = env.REDIRECT_URI;\n const redirectUri = cliRedirectUri ?? envRedirectUri;\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n clientId,\n tenantId,\n ...(clientSecret && { clientSecret }),\n auth,\n headless,\n ...(redirectUri && { redirectUri }),\n };\n}\n\n/**\n * Build production configuration from process globals.\n * Entry point for production server.\n */\nexport function createConfig(): OAuthConfig {\n return parseConfig(process.argv, process.env);\n}\n\n/**\n * Parse DCR configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --dcr-mode: DCR mode ('self-hosted' | 'external')\n * - Default: 'self-hosted' (if flag is omitted)\n * - --dcr-verify-url: External verification endpoint URL (required for external mode)\n * - --dcr-store-uri: DCR client storage URI (required for self-hosted mode)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - DCR_MODE: DCR mode (same format as --dcr-mode flag)\n * - DCR_VERIFY_URL: External verification URL (same as --dcr-verify-url flag)\n * - DCR_STORE_URI: DCR storage URI (same as --dcr-store-uri flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param scope - OAuth scopes to request (space-separated)\n * @returns Parsed DCR configuration\n * @throws Error if required environment variables are missing or validation fails\n *\n * @example Self-hosted mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=self-hosted', '--dcr-store-uri=file:///path/to/store.json'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n *\n * @example External mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=external', '--dcr-verify-url=https://auth0.example.com/verify'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n */\nexport function parseDcrConfig(args: string[], env: Record<string, string | undefined>, scope: string): DcrConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for DCR configuration`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n 'dcr-mode': { type: 'string' },\n 'dcr-verify-url': { type: 'string' },\n 'dcr-store-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse DCR mode (CLI overrides environment)\n const cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;\n const envMode = env.DCR_MODE;\n const mode = cliMode || envMode || 'self-hosted';\n\n // Validate DCR mode\n if (mode !== 'self-hosted' && mode !== 'external') {\n throw new Error(`Invalid --dcr-mode value: \"${mode}\". Valid values: self-hosted, external`);\n }\n\n // Parse verify URL (CLI overrides environment)\n const cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;\n const envVerifyUrl = env.DCR_VERIFY_URL;\n const verifyUrl = cliVerifyUrl || envVerifyUrl;\n\n // Parse store URI (CLI overrides environment)\n const cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;\n const envStoreUri = env.DCR_STORE_URI;\n const storeUri = cliStoreUri || envStoreUri;\n\n // Validate mode-specific required fields\n if (mode === 'external' && !verifyUrl) {\n throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');\n }\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n mode,\n ...(verifyUrl && { verifyUrl }),\n ...(storeUri && { storeUri }),\n clientId,\n ...(clientSecret && { clientSecret }),\n tenantId,\n scope,\n };\n}\n"],"names":["createConfig","parseConfig","parseDcrConfig","parseAuthMode","value","Error","auth","args","env","transport","cliHeadless","requiredEnv","key","values","parseArgs","options","type","headless","strict","allowPositionals","authArg","undefined","envAuthMode","AUTH_MODE","mode","parsed","envHeadless","HEADLESS","cliRedirectUri","envRedirectUri","REDIRECT_URI","redirectUri","cliTenantId","tenantId","clientId","clientSecret","MS_CLIENT_SECRET","process","argv","scope","cliMode","envMode","DCR_MODE","cliVerifyUrl","envVerifyUrl","DCR_VERIFY_URL","verifyUrl","cliStoreUri","envStoreUri","DCR_STORE_URI","storeUri"],"mappings":"AAAA;;;;;;CAMC;;;;;;;;;;;QAwKeA;eAAAA;;QA1EAC;eAAAA;;QA0HAC;eAAAA;;;oBAtNU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAW1B;;;;;;;;;;;;;CAaC,GACD,SAASC,cAAcC,KAAa;IAGlC,qBAAqB;IACrB,IAAIA,UAAU,oBAAoBA,UAAU,iBAAiBA,UAAU,OAAO;QAC5E,MAAM,IAAIC,MAAM,AAAC,0BAA+B,OAAND,OAAM;IAClD;IAEA,OAAO;QACLE,MAAMF;IACR;AACF;AAwDO,SAASH,YAAYM,IAAc,EAAEC,GAAuC,EAAEC,SAAyB;QA6C3FC;IA5CjB,SAASC,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACPT,MAAM;gBAAEU,MAAM;YAAS;YACvBC,UAAU;gBAAED,MAAM;YAAU;YAC5B,gBAAgB;gBAAEA,MAAM;YAAS;YACjC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,mBAAmB;IACnB,IAAMO,UAAU,OAAOP,OAAOP,IAAI,KAAK,WAAWO,OAAOP,IAAI,GAAGe;IAChE,IAAMC,cAAcd,IAAIe,SAAS;IACjC,IAAMC,OAAOJ,WAAWE;IAExB,IAAIhB;IAEJ,IAAIkB,MAAM;QACR,IAAMC,SAAStB,cAAcqB;QAC7BlB,OAAOmB,OAAOnB,IAAI;IACpB,OAAO;QACL,iDAAiD;QACjDA,OAAO;IACT;IAEA,+CAA+C;IAC/C,IAAIA,SAAS,SAASG,cAAc,SAAS;QAC3C,MAAM,IAAIJ,MAAM;IAClB;IAEA,sBAAsB;IACtB,IAAMK,cAAc,OAAOG,OAAOI,QAAQ,KAAK,YAAYJ,OAAOI,QAAQ,GAAGI;IAC7E,IAAMK,cAAclB,IAAImB,QAAQ,KAAK,SAAS,OAAOnB,IAAImB,QAAQ,KAAK,UAAU,QAAQN;IACxF,IAAMJ,YAAWP,OAAAA,wBAAAA,yBAAAA,cAAegB,yBAAfhB,kBAAAA,OAA8B;IAE/C,yCAAyC;IACzC,IAAMkB,iBAAiB,OAAOf,MAAM,CAAC,eAAe,KAAK,WAAWA,MAAM,CAAC,eAAe,GAAGQ;IAC7F,IAAMQ,iBAAiBrB,IAAIsB,YAAY;IACvC,IAAMC,cAAcH,2BAAAA,4BAAAA,iBAAkBC;IAEtC,8CAA8C;IAC9C,IAAMG,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLF,UAAAA;QACAD,UAAAA;OACIE,gBAAgB;QAAEA,cAAAA;IAAa;QACnC7B,MAAAA;QACAW,UAAAA;QACIc,eAAe;QAAEA,aAAAA;IAAY;AAErC;AAMO,SAAS/B;IACd,OAAOC,YAAYoC,QAAQC,IAAI,EAAED,QAAQ7B,GAAG;AAC9C;AA8CO,SAASN,eAAeK,IAAc,EAAEC,GAAuC,EAAE+B,KAAa;IACnG,SAAS5B,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACP,YAAY;gBAAEC,MAAM;YAAS;YAC7B,kBAAkB;gBAAEA,MAAM;YAAS;YACnC,iBAAiB;gBAAEA,MAAM;YAAS;YAClC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,6CAA6C;IAC7C,IAAM2B,UAAU,OAAO3B,MAAM,CAAC,WAAW,KAAK,WAAWA,MAAM,CAAC,WAAW,GAAGQ;IAC9E,IAAMoB,UAAUjC,IAAIkC,QAAQ;IAC5B,IAAMlB,OAAOgB,WAAWC,WAAW;IAEnC,oBAAoB;IACpB,IAAIjB,SAAS,iBAAiBA,SAAS,YAAY;QACjD,MAAM,IAAInB,MAAM,AAAC,8BAAkC,OAALmB,MAAK;IACrD;IAEA,+CAA+C;IAC/C,IAAMmB,eAAe,OAAO9B,MAAM,CAAC,iBAAiB,KAAK,WAAWA,MAAM,CAAC,iBAAiB,GAAGQ;IAC/F,IAAMuB,eAAepC,IAAIqC,cAAc;IACvC,IAAMC,YAAYH,gBAAgBC;IAElC,8CAA8C;IAC9C,IAAMG,cAAc,OAAOlC,MAAM,CAAC,gBAAgB,KAAK,WAAWA,MAAM,CAAC,gBAAgB,GAAGQ;IAC5F,IAAM2B,cAAcxC,IAAIyC,aAAa;IACrC,IAAMC,WAAWH,eAAeC;IAEhC,yCAAyC;IACzC,IAAIxB,SAAS,cAAc,CAACsB,WAAW;QACrC,MAAM,IAAIzC,MAAM;IAClB;IAEA,8CAA8C;IAC9C,IAAM2B,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLZ,MAAAA;OACIsB,aAAa;QAAEA,WAAAA;IAAU,GACzBI,YAAY;QAAEA,UAAAA;IAAS;QAC3BhB,UAAAA;QACIC,gBAAgB;QAAEA,cAAAA;IAAa;QACnCF,UAAAA;QACAM,OAAAA;;AAEJ"}
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Standalone types for Microsoft OAuth
|
|
3
|
+
* No dependencies on other @mcp-z packages except @mcp-z/oauth
|
|
4
|
+
*/
|
|
5
|
+
import type { AuthFlowDescriptor, CachedToken, DcrClientInformation, DcrClientMetadata, Logger, OAuth2TokenStorageProvider, ProviderTokens, ToolHandler, ToolModule, UserAuthProvider } from '@mcp-z/oauth';
|
|
6
|
+
import type { RequestHandlerExtra } from '@modelcontextprotocol/sdk/shared/protocol.js';
|
|
7
|
+
import type { ServerNotification, ServerRequest } from '@modelcontextprotocol/sdk/types.js';
|
|
8
|
+
import type { Keyv } from 'keyv';
|
|
9
|
+
export type { Logger, CachedToken, ToolModule, ProviderTokens, DcrClientMetadata, DcrClientInformation };
|
|
10
|
+
export { AuthRequiredError } from '@mcp-z/oauth';
|
|
11
|
+
export type { ToolHandler, AuthFlowDescriptor, OAuth2TokenStorageProvider, UserAuthProvider, RequestHandlerExtra, ServerRequest, ServerNotification };
|
|
12
|
+
/**
|
|
13
|
+
* Microsoft service types that support OAuth
|
|
14
|
+
* OAuth clients support all Microsoft services provided by Microsoft Graph
|
|
15
|
+
* @public
|
|
16
|
+
*/
|
|
17
|
+
export type MicrosoftService = string;
|
|
18
|
+
/**
|
|
19
|
+
* OAuth client configuration for upstream provider
|
|
20
|
+
* @public
|
|
21
|
+
*/
|
|
22
|
+
export interface OAuthClientConfig {
|
|
23
|
+
/** OAuth client ID for upstream provider */
|
|
24
|
+
clientId: string;
|
|
25
|
+
/** OAuth client secret (optional for some flows) */
|
|
26
|
+
clientSecret?: string;
|
|
27
|
+
/** Tenant/directory ID (for multi-tenant providers) */
|
|
28
|
+
tenantId?: string;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Microsoft OAuth configuration interface.
|
|
32
|
+
* Contains all OAuth-related configuration from CLI arguments and environment variables.
|
|
33
|
+
* @public
|
|
34
|
+
*/
|
|
35
|
+
export interface OAuthConfig {
|
|
36
|
+
/** OAuth client ID */
|
|
37
|
+
clientId: string;
|
|
38
|
+
/** OAuth client secret (optional for public clients) */
|
|
39
|
+
clientSecret?: string;
|
|
40
|
+
/** Azure AD tenant ID */
|
|
41
|
+
tenantId: string;
|
|
42
|
+
/** OAuth adapter mode */
|
|
43
|
+
auth: 'loopback-oauth' | 'device-code' | 'dcr';
|
|
44
|
+
/** Whether to run in headless mode (no browser interaction) */
|
|
45
|
+
headless: boolean;
|
|
46
|
+
/** Optional redirect URI override (defaults to ephemeral loopback) */
|
|
47
|
+
redirectUri?: string;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* DCR configuration for dynamic client registration
|
|
51
|
+
* @public
|
|
52
|
+
*/
|
|
53
|
+
export interface DcrConfig {
|
|
54
|
+
/** DCR mode: self-hosted (runs own OAuth server) or external (uses Auth0/Stitch) */
|
|
55
|
+
mode: 'self-hosted' | 'external';
|
|
56
|
+
/** External verification endpoint URL (required for external mode) */
|
|
57
|
+
verifyUrl?: string;
|
|
58
|
+
/** DCR client storage URI (required for self-hosted mode) */
|
|
59
|
+
storeUri?: string;
|
|
60
|
+
/** OAuth client ID for Microsoft Graph */
|
|
61
|
+
clientId: string;
|
|
62
|
+
/** OAuth client secret (optional for public clients) */
|
|
63
|
+
clientSecret?: string;
|
|
64
|
+
/** Azure AD tenant ID */
|
|
65
|
+
tenantId: string;
|
|
66
|
+
/** OAuth scopes to request */
|
|
67
|
+
scope: string;
|
|
68
|
+
/** Logger instance */
|
|
69
|
+
logger?: Logger;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Configuration for loopback OAuth client
|
|
73
|
+
* @public
|
|
74
|
+
*/
|
|
75
|
+
export interface LoopbackOAuthConfig {
|
|
76
|
+
/** Microsoft service type (e.g., 'outlook') */
|
|
77
|
+
service: MicrosoftService;
|
|
78
|
+
/** OAuth client ID */
|
|
79
|
+
clientId: string;
|
|
80
|
+
/** OAuth client secret (optional for public clients) */
|
|
81
|
+
clientSecret?: string | undefined;
|
|
82
|
+
/** Azure AD tenant ID */
|
|
83
|
+
tenantId: string;
|
|
84
|
+
/** OAuth scopes to request */
|
|
85
|
+
scope: string;
|
|
86
|
+
/** Whether to run in headless mode (no browser interaction) */
|
|
87
|
+
headless: boolean;
|
|
88
|
+
/** Logger instance */
|
|
89
|
+
logger: Logger;
|
|
90
|
+
/** Token storage */
|
|
91
|
+
tokenStore: Keyv<unknown>;
|
|
92
|
+
/** Optional redirect URI override (defaults to ephemeral loopback) */
|
|
93
|
+
redirectUri?: string;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Microsoft Graph AuthenticationProvider interface
|
|
97
|
+
* Used by Microsoft Graph SDK for API authentication
|
|
98
|
+
* @public
|
|
99
|
+
*/
|
|
100
|
+
export interface MicrosoftAuthProvider {
|
|
101
|
+
getAccessToken: () => Promise<string>;
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Auth context injected into extra by middleware
|
|
105
|
+
* @public
|
|
106
|
+
*/
|
|
107
|
+
export interface AuthContext {
|
|
108
|
+
/**
|
|
109
|
+
* Microsoft Graph AuthenticationProvider ready for Graph SDK
|
|
110
|
+
* GUARANTEED to exist when handler runs
|
|
111
|
+
*/
|
|
112
|
+
auth: MicrosoftAuthProvider;
|
|
113
|
+
/**
|
|
114
|
+
* Account being used (for logging, debugging)
|
|
115
|
+
*/
|
|
116
|
+
accountId: string;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Enriched extra with guaranteed auth context and logger
|
|
120
|
+
* Handlers receive this type - never plain RequestHandlerExtra
|
|
121
|
+
* @public
|
|
122
|
+
*/
|
|
123
|
+
export interface EnrichedExtra extends RequestHandlerExtra<ServerRequest, ServerNotification> {
|
|
124
|
+
/**
|
|
125
|
+
* Auth context injected by middleware
|
|
126
|
+
* GUARANTEED to exist (middleware catches auth failures)
|
|
127
|
+
*/
|
|
128
|
+
authContext: AuthContext;
|
|
129
|
+
/**
|
|
130
|
+
* Logger injected by middleware
|
|
131
|
+
* GUARANTEED to exist
|
|
132
|
+
*/
|
|
133
|
+
logger: Logger;
|
|
134
|
+
/**
|
|
135
|
+
* HTTP request object (for HTTP transport scenarios)
|
|
136
|
+
* Optional - present when using HTTP transport with JWT/session auth
|
|
137
|
+
*/
|
|
138
|
+
req?: unknown;
|
|
139
|
+
_meta?: {
|
|
140
|
+
accountId?: string;
|
|
141
|
+
[key: string]: unknown;
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Registered client with full metadata
|
|
146
|
+
* Extends DcrClientInformation with internal timestamps
|
|
147
|
+
* @internal
|
|
148
|
+
*/
|
|
149
|
+
export interface RegisteredClient extends DcrClientInformation {
|
|
150
|
+
/** Creation timestamp (milliseconds since epoch) */
|
|
151
|
+
created_at: number;
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Authorization code data structure
|
|
155
|
+
* @public
|
|
156
|
+
*/
|
|
157
|
+
export interface AuthorizationCode {
|
|
158
|
+
code: string;
|
|
159
|
+
client_id: string;
|
|
160
|
+
redirect_uri: string;
|
|
161
|
+
scope: string;
|
|
162
|
+
code_challenge?: string;
|
|
163
|
+
code_challenge_method?: string;
|
|
164
|
+
/** Microsoft provider tokens obtained during authorization */
|
|
165
|
+
providerTokens: ProviderTokens;
|
|
166
|
+
created_at: number;
|
|
167
|
+
expires_at: number;
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Access token data structure
|
|
171
|
+
* @public
|
|
172
|
+
*/
|
|
173
|
+
export interface AccessToken {
|
|
174
|
+
access_token: string;
|
|
175
|
+
token_type: 'Bearer';
|
|
176
|
+
expires_in: number;
|
|
177
|
+
refresh_token?: string;
|
|
178
|
+
scope: string;
|
|
179
|
+
client_id: string;
|
|
180
|
+
/** Microsoft provider tokens */
|
|
181
|
+
providerTokens: ProviderTokens;
|
|
182
|
+
created_at: number;
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Auth required response interface
|
|
186
|
+
* Re-exported from @mcp-z/oauth for consistency
|
|
187
|
+
*/
|
|
188
|
+
export type { AuthRequired, AuthRequiredBranch } from './schemas/index.js';
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Standalone types for Microsoft OAuth
|
|
3
|
+
* No dependencies on other @mcp-z packages except @mcp-z/oauth
|
|
4
|
+
*/
|
|
5
|
+
import type { AuthFlowDescriptor, CachedToken, DcrClientInformation, DcrClientMetadata, Logger, OAuth2TokenStorageProvider, ProviderTokens, ToolHandler, ToolModule, UserAuthProvider } from '@mcp-z/oauth';
|
|
6
|
+
import type { RequestHandlerExtra } from '@modelcontextprotocol/sdk/shared/protocol.js';
|
|
7
|
+
import type { ServerNotification, ServerRequest } from '@modelcontextprotocol/sdk/types.js';
|
|
8
|
+
import type { Keyv } from 'keyv';
|
|
9
|
+
export type { Logger, CachedToken, ToolModule, ProviderTokens, DcrClientMetadata, DcrClientInformation };
|
|
10
|
+
export { AuthRequiredError } from '@mcp-z/oauth';
|
|
11
|
+
export type { ToolHandler, AuthFlowDescriptor, OAuth2TokenStorageProvider, UserAuthProvider, RequestHandlerExtra, ServerRequest, ServerNotification };
|
|
12
|
+
/**
|
|
13
|
+
* Microsoft service types that support OAuth
|
|
14
|
+
* OAuth clients support all Microsoft services provided by Microsoft Graph
|
|
15
|
+
* @public
|
|
16
|
+
*/
|
|
17
|
+
export type MicrosoftService = string;
|
|
18
|
+
/**
|
|
19
|
+
* OAuth client configuration for upstream provider
|
|
20
|
+
* @public
|
|
21
|
+
*/
|
|
22
|
+
export interface OAuthClientConfig {
|
|
23
|
+
/** OAuth client ID for upstream provider */
|
|
24
|
+
clientId: string;
|
|
25
|
+
/** OAuth client secret (optional for some flows) */
|
|
26
|
+
clientSecret?: string;
|
|
27
|
+
/** Tenant/directory ID (for multi-tenant providers) */
|
|
28
|
+
tenantId?: string;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Microsoft OAuth configuration interface.
|
|
32
|
+
* Contains all OAuth-related configuration from CLI arguments and environment variables.
|
|
33
|
+
* @public
|
|
34
|
+
*/
|
|
35
|
+
export interface OAuthConfig {
|
|
36
|
+
/** OAuth client ID */
|
|
37
|
+
clientId: string;
|
|
38
|
+
/** OAuth client secret (optional for public clients) */
|
|
39
|
+
clientSecret?: string;
|
|
40
|
+
/** Azure AD tenant ID */
|
|
41
|
+
tenantId: string;
|
|
42
|
+
/** OAuth adapter mode */
|
|
43
|
+
auth: 'loopback-oauth' | 'device-code' | 'dcr';
|
|
44
|
+
/** Whether to run in headless mode (no browser interaction) */
|
|
45
|
+
headless: boolean;
|
|
46
|
+
/** Optional redirect URI override (defaults to ephemeral loopback) */
|
|
47
|
+
redirectUri?: string;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* DCR configuration for dynamic client registration
|
|
51
|
+
* @public
|
|
52
|
+
*/
|
|
53
|
+
export interface DcrConfig {
|
|
54
|
+
/** DCR mode: self-hosted (runs own OAuth server) or external (uses Auth0/Stitch) */
|
|
55
|
+
mode: 'self-hosted' | 'external';
|
|
56
|
+
/** External verification endpoint URL (required for external mode) */
|
|
57
|
+
verifyUrl?: string;
|
|
58
|
+
/** DCR client storage URI (required for self-hosted mode) */
|
|
59
|
+
storeUri?: string;
|
|
60
|
+
/** OAuth client ID for Microsoft Graph */
|
|
61
|
+
clientId: string;
|
|
62
|
+
/** OAuth client secret (optional for public clients) */
|
|
63
|
+
clientSecret?: string;
|
|
64
|
+
/** Azure AD tenant ID */
|
|
65
|
+
tenantId: string;
|
|
66
|
+
/** OAuth scopes to request */
|
|
67
|
+
scope: string;
|
|
68
|
+
/** Logger instance */
|
|
69
|
+
logger?: Logger;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Configuration for loopback OAuth client
|
|
73
|
+
* @public
|
|
74
|
+
*/
|
|
75
|
+
export interface LoopbackOAuthConfig {
|
|
76
|
+
/** Microsoft service type (e.g., 'outlook') */
|
|
77
|
+
service: MicrosoftService;
|
|
78
|
+
/** OAuth client ID */
|
|
79
|
+
clientId: string;
|
|
80
|
+
/** OAuth client secret (optional for public clients) */
|
|
81
|
+
clientSecret?: string | undefined;
|
|
82
|
+
/** Azure AD tenant ID */
|
|
83
|
+
tenantId: string;
|
|
84
|
+
/** OAuth scopes to request */
|
|
85
|
+
scope: string;
|
|
86
|
+
/** Whether to run in headless mode (no browser interaction) */
|
|
87
|
+
headless: boolean;
|
|
88
|
+
/** Logger instance */
|
|
89
|
+
logger: Logger;
|
|
90
|
+
/** Token storage */
|
|
91
|
+
tokenStore: Keyv<unknown>;
|
|
92
|
+
/** Optional redirect URI override (defaults to ephemeral loopback) */
|
|
93
|
+
redirectUri?: string;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Microsoft Graph AuthenticationProvider interface
|
|
97
|
+
* Used by Microsoft Graph SDK for API authentication
|
|
98
|
+
* @public
|
|
99
|
+
*/
|
|
100
|
+
export interface MicrosoftAuthProvider {
|
|
101
|
+
getAccessToken: () => Promise<string>;
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Auth context injected into extra by middleware
|
|
105
|
+
* @public
|
|
106
|
+
*/
|
|
107
|
+
export interface AuthContext {
|
|
108
|
+
/**
|
|
109
|
+
* Microsoft Graph AuthenticationProvider ready for Graph SDK
|
|
110
|
+
* GUARANTEED to exist when handler runs
|
|
111
|
+
*/
|
|
112
|
+
auth: MicrosoftAuthProvider;
|
|
113
|
+
/**
|
|
114
|
+
* Account being used (for logging, debugging)
|
|
115
|
+
*/
|
|
116
|
+
accountId: string;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Enriched extra with guaranteed auth context and logger
|
|
120
|
+
* Handlers receive this type - never plain RequestHandlerExtra
|
|
121
|
+
* @public
|
|
122
|
+
*/
|
|
123
|
+
export interface EnrichedExtra extends RequestHandlerExtra<ServerRequest, ServerNotification> {
|
|
124
|
+
/**
|
|
125
|
+
* Auth context injected by middleware
|
|
126
|
+
* GUARANTEED to exist (middleware catches auth failures)
|
|
127
|
+
*/
|
|
128
|
+
authContext: AuthContext;
|
|
129
|
+
/**
|
|
130
|
+
* Logger injected by middleware
|
|
131
|
+
* GUARANTEED to exist
|
|
132
|
+
*/
|
|
133
|
+
logger: Logger;
|
|
134
|
+
/**
|
|
135
|
+
* HTTP request object (for HTTP transport scenarios)
|
|
136
|
+
* Optional - present when using HTTP transport with JWT/session auth
|
|
137
|
+
*/
|
|
138
|
+
req?: unknown;
|
|
139
|
+
_meta?: {
|
|
140
|
+
accountId?: string;
|
|
141
|
+
[key: string]: unknown;
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Registered client with full metadata
|
|
146
|
+
* Extends DcrClientInformation with internal timestamps
|
|
147
|
+
* @internal
|
|
148
|
+
*/
|
|
149
|
+
export interface RegisteredClient extends DcrClientInformation {
|
|
150
|
+
/** Creation timestamp (milliseconds since epoch) */
|
|
151
|
+
created_at: number;
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Authorization code data structure
|
|
155
|
+
* @public
|
|
156
|
+
*/
|
|
157
|
+
export interface AuthorizationCode {
|
|
158
|
+
code: string;
|
|
159
|
+
client_id: string;
|
|
160
|
+
redirect_uri: string;
|
|
161
|
+
scope: string;
|
|
162
|
+
code_challenge?: string;
|
|
163
|
+
code_challenge_method?: string;
|
|
164
|
+
/** Microsoft provider tokens obtained during authorization */
|
|
165
|
+
providerTokens: ProviderTokens;
|
|
166
|
+
created_at: number;
|
|
167
|
+
expires_at: number;
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Access token data structure
|
|
171
|
+
* @public
|
|
172
|
+
*/
|
|
173
|
+
export interface AccessToken {
|
|
174
|
+
access_token: string;
|
|
175
|
+
token_type: 'Bearer';
|
|
176
|
+
expires_in: number;
|
|
177
|
+
refresh_token?: string;
|
|
178
|
+
scope: string;
|
|
179
|
+
client_id: string;
|
|
180
|
+
/** Microsoft provider tokens */
|
|
181
|
+
providerTokens: ProviderTokens;
|
|
182
|
+
created_at: number;
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Auth required response interface
|
|
186
|
+
* Re-exported from @mcp-z/oauth for consistency
|
|
187
|
+
*/
|
|
188
|
+
export type { AuthRequired, AuthRequiredBranch } from './schemas/index.js';
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Standalone types for Microsoft OAuth
|
|
3
|
+
* No dependencies on other @mcp-z packages except @mcp-z/oauth
|
|
4
|
+
*/ // Import shared types from base @mcp-z/oauth package
|
|
5
|
+
// Public types (will be re-exported)
|
|
6
|
+
// Internal-only types (not re-exported, used by providers)
|
|
7
|
+
"use strict";
|
|
8
|
+
Object.defineProperty(exports, "__esModule", {
|
|
9
|
+
value: true
|
|
10
|
+
});
|
|
11
|
+
Object.defineProperty(exports, "AuthRequiredError", {
|
|
12
|
+
enumerable: true,
|
|
13
|
+
get: function() {
|
|
14
|
+
return _oauth.AuthRequiredError;
|
|
15
|
+
}
|
|
16
|
+
});
|
|
17
|
+
var _oauth = require("@mcp-z/oauth");
|
|
18
|
+
/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }
|