@mcp-z/oauth-microsoft 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cjs/setup/config.js +3 -2
  2. package/dist/cjs/setup/config.js.map +1 -1
  3. package/dist/esm/setup/config.js +3 -2
  4. package/dist/esm/setup/config.js.map +1 -1
  5. package/package.json +1 -1
package/dist/cjs/setup/config.js CHANGED
@@ -153,9 +153,10 @@ function parseConfig(args, env, transport) {
153
153
  throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');
154
154
  }
155
155
  // Parse headless mode
156
- var cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;
156
+ if (typeof values.headless === 'string') throw new Error('Use --headless or --no-headless (do not pass a value)');
157
+ var cliHeadless = values['no-headless'] ? false : values.headless === true ? true : undefined;
157
158
  var envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;
158
- var headless = (_ref = cliHeadless !== null && cliHeadless !== void 0 ? cliHeadless : envHeadless) !== null && _ref !== void 0 ? _ref : redirectUri !== undefined; // default for redirectUri is headless (assume server http deployment); otherwise assume local and non-headless
159
+ var headless = (_ref = cliHeadless !== null && cliHeadless !== void 0 ? cliHeadless : envHeadless) !== null && _ref !== void 0 ? _ref : redirectUri !== undefined;
159
160
  // Parse tenant-id (CLI overrides environment)
160
161
  var cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;
161
162
  var tenantId = cliTenantId !== null && cliTenantId !== void 0 ? cliTenantId : requiredEnv('MS_TENANT_ID');
package/dist/cjs/setup/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["/Users/kevin/Dev/Projects/mcp-z/oauth-microsoft/src/setup/config.ts"],"sourcesContent":["/**\n * Microsoft OAuth configuration parsing from CLI arguments and environment variables.\n *\n * This module provides utilities to parse Microsoft OAuth configuration from\n * CLI arguments and environment variables, following the same pattern as @mcp-z/server's\n * parseConfig().\n */\n\nimport { parseArgs } from 'util';\nimport type { DcrConfig, OAuthConfig } from '../types.ts';\n\n// Re-export for external use\nexport type { DcrConfig, OAuthConfig };\n\n/**\n * Auth mode type (from OAuthConfig)\n */\ntype AuthMode = 'loopback-oauth' | 'device-code' | 'dcr';\n\n/**\n * Parse OAuth mode string into auth mode.\n *\n * @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')\n * @returns Parsed auth mode\n * @throws Error if value is invalid\n *\n * @example Valid formats\n * ```typescript\n * parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }\n * parseAuthMode('device-code') // { auth: 'device-code' }\n * parseAuthMode('dcr') // { auth: 'dcr' }\n * ```\n */\nfunction parseAuthMode(value: string): {\n auth: AuthMode;\n} {\n // Validate auth mode\n if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {\n throw new Error(`Invalid --auth value: \"${value}\". Valid values: loopback-oauth, device-code, dcr`);\n }\n\n return {\n auth: value as AuthMode,\n };\n}\n\n/**\n * Transport type for MCP servers\n *\n * - 'stdio': Standard input/output transport\n * - 'http': HTTP transport\n */\nexport type TransportType = 'stdio' | 'http';\n\n/**\n * Parse Microsoft OAuth configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --auth: OAuth mode ('loopback-oauth' | 'device-code' | 'dcr')\n * - Default: 'loopback-oauth' (if flag is omitted)\n * - --headless: Disable browser opening for OAuth flow (default: false, true in test env)\n * - --redirect-uri: Override OAuth redirect URI (default: ephemeral loopback)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - AUTH_MODE: OAuth mode (same format as --auth flag)\n * - HEADLESS: Headless mode flag ('true' to enable)\n * - REDIRECT_URI: OAuth redirect URI (overridden by --redirect-uri CLI flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param transport - Optional transport type. If 'stdio' and auth mode is 'dcr', throws an error.\n * @returns Parsed Microsoft OAuth configuration\n * @throws Error if required environment variables are missing, values are invalid, or DCR is used with stdio transport\n *\n * @example Default mode (no flags)\n * ```typescript\n * const config = parseConfig(process.argv, process.env);\n * // { auth: 'loopback-oauth' }\n * ```\n *\n * @example Override auth mode\n * ```typescript\n * parseConfig(['--auth=loopback-oauth'], process.env);\n * parseConfig(['--auth=device-code'], process.env);\n * ```\n *\n * @example With transport validation\n * ```typescript\n * parseConfig(['--auth=dcr'], process.env, 'http'); // OK\n * parseConfig(['--auth=dcr'], process.env, 'stdio'); // Throws error\n * ```\n *\n * Valid auth modes:\n * - loopback-oauth (default)\n * - device-code\n * - dcr (HTTP transport only)\n */\nexport function parseConfig(args: string[], env: Record<string, string | undefined>, transport?: TransportType): OAuthConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for Microsoft OAuth`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n auth: { type: 'string' },\n headless: { type: 'boolean' },\n 'redirect-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse OAuth mode\n const authArg = typeof values.auth === 'string' ? values.auth : undefined;\n const envAuthMode = env.AUTH_MODE;\n const mode = authArg || envAuthMode;\n\n let auth: AuthMode;\n\n if (mode) {\n const parsed = parseAuthMode(mode);\n auth = parsed.auth;\n } else {\n // DEFAULT: No flags provided, use loopback-oauth\n auth = 'loopback-oauth';\n }\n\n // Validate: DCR only works with HTTP transport\n if (auth === 'dcr' && transport === 'stdio') {\n throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');\n }\n\n // Parse redirect-uri (CLI overrides ENV)\n const cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;\n const envRedirectUri = env.REDIRECT_URI;\n const redirectUri = cliRedirectUri ?? envRedirectUri;\n if (redirectUri && transport === 'stdio') {\n throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');\n }\n\n // Parse headless mode\n const cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;\n const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;\n const headless = cliHeadless ?? envHeadless ?? redirectUri !== undefined; // default for redirectUri is headless (assume server http deployment); otherwise assume local and non-headless\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n clientId,\n tenantId,\n ...(clientSecret && { clientSecret }),\n auth,\n headless,\n ...(redirectUri && { redirectUri }),\n };\n}\n\n/**\n * Build production configuration from process globals.\n * Entry point for production server.\n */\nexport function createConfig(): OAuthConfig {\n return parseConfig(process.argv, process.env);\n}\n\n/**\n * Parse DCR configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --dcr-mode: DCR mode ('self-hosted' | 'external')\n * - Default: 'self-hosted' (if flag is omitted)\n * - --dcr-verify-url: External verification endpoint URL (required for external mode)\n * - --dcr-store-uri: DCR client storage URI (required for self-hosted mode)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - DCR_MODE: DCR mode (same format as --dcr-mode flag)\n * - DCR_VERIFY_URL: External verification URL (same as --dcr-verify-url flag)\n * - DCR_STORE_URI: DCR storage URI (same as --dcr-store-uri flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param scope - OAuth scopes to request (space-separated)\n * @returns Parsed DCR configuration\n * @throws Error if required environment variables are missing or validation fails\n *\n * @example Self-hosted mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=self-hosted', '--dcr-store-uri=file:///path/to/store.json'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n *\n * @example External mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=external', '--dcr-verify-url=https://auth0.example.com/verify'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n */\nexport function parseDcrConfig(args: string[], env: Record<string, string | undefined>, scope: string): DcrConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for DCR configuration`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n 'dcr-mode': { type: 'string' },\n 'dcr-verify-url': { type: 'string' },\n 'dcr-store-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse DCR mode (CLI overrides environment)\n const cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;\n const envMode = env.DCR_MODE;\n const mode = cliMode || envMode || 'self-hosted';\n\n // Validate DCR mode\n if (mode !== 'self-hosted' && mode !== 'external') {\n throw new Error(`Invalid --dcr-mode value: \"${mode}\". Valid values: self-hosted, external`);\n }\n\n // Parse verify URL (CLI overrides environment)\n const cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;\n const envVerifyUrl = env.DCR_VERIFY_URL;\n const verifyUrl = cliVerifyUrl || envVerifyUrl;\n\n // Parse store URI (CLI overrides environment)\n const cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;\n const envStoreUri = env.DCR_STORE_URI;\n const storeUri = cliStoreUri || envStoreUri;\n\n // Validate mode-specific required fields\n if (mode === 'external' && !verifyUrl) {\n throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');\n }\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n mode,\n ...(verifyUrl && { verifyUrl }),\n ...(storeUri && { storeUri }),\n clientId,\n ...(clientSecret && { clientSecret }),\n tenantId,\n scope,\n };\n}\n"],"names":["createConfig","parseConfig","parseDcrConfig","parseAuthMode","value","Error","auth","args","env","transport","cliHeadless","requiredEnv","key","values","parseArgs","options","type","headless","strict","allowPositionals","authArg","undefined","envAuthMode","AUTH_MODE","mode","parsed","cliRedirectUri","envRedirectUri","REDIRECT_URI","redirectUri","envHeadless","HEADLESS","cliTenantId","tenantId","clientId","clientSecret","MS_CLIENT_SECRET","process","argv","scope","cliMode","envMode","DCR_MODE","cliVerifyUrl","envVerifyUrl","DCR_VERIFY_URL","verifyUrl","cliStoreUri","envStoreUri","DCR_STORE_URI","storeUri"],"mappings":"AAAA;;;;;;CAMC;;;;;;;;;;;QA8KeA;eAAAA;;QA7EAC;eAAAA;;QA6HAC;eAAAA;;;oBA5NU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAW1B;;;;;;;;;;;;;CAaC,GACD,SAASC,cAAcC,KAAa;IAGlC,qBAAqB;IACrB,IAAIA,UAAU,oBAAoBA,UAAU,iBAAiBA,UAAU,OAAO;QAC5E,MAAM,IAAIC,MAAM,AAAC,0BAA+B,OAAND,OAAM;IAClD;IAEA,OAAO;QACLE,MAAMF;IACR;AACF;AA2DO,SAASH,YAAYM,IAAc,EAAEC,GAAuC,EAAEC,SAAyB;QAqD3FC;IApDjB,SAASC,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACPT,MAAM;gBAAEU,MAAM;YAAS;YACvBC,UAAU;gBAAED,MAAM;YAAU;YAC5B,gBAAgB;gBAAEA,MAAM;YAAS;YACjC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,mBAAmB;IACnB,IAAMO,UAAU,OAAOP,OAAOP,IAAI,KAAK,WAAWO,OAAOP,IAAI,GAAGe;IAChE,IAAMC,cAAcd,IAAIe,SAAS;IACjC,IAAMC,OAAOJ,WAAWE;IAExB,IAAIhB;IAEJ,IAAIkB,MAAM;QACR,IAAMC,SAAStB,cAAcqB;QAC7BlB,OAAOmB,OAAOnB,IAAI;IACpB,OAAO;QACL,iDAAiD;QACjDA,OAAO;IACT;IAEA,+CAA+C;IAC/C,IAAIA,SAAS,SAASG,cAAc,SAAS;QAC3C,MAAM,IAAIJ,MAAM;IAClB;IAEA,yCAAyC;IACzC,IAAMqB,iBAAiB,OAAOb,MAAM,CAAC,eAAe,KAAK,WAAWA,MAAM,CAAC,eAAe,GAAGQ;IAC7F,IAAMM,iBAAiBnB,IAAIoB,YAAY;IACvC,IAAMC,cAAcH,2BAAAA,4BAAAA,iBAAkBC;IACtC,IAAIE,eAAepB,cAAc,SAAS;QACxC,MAAM,IAAIJ,MAAM;IAClB;IAEA,sBAAsB;IACtB,IAAMK,cAAc,OAAOG,OAAOI,QAAQ,KAAK,YAAYJ,OAAOI,QAAQ,GAAGI;IAC7E,IAAMS,cAActB,IAAIuB,QAAQ,KAAK,SAAS,OAAOvB,IAAIuB,QAAQ,KAAK,UAAU,QAAQV;IACxF,IAAMJ,YAAWP,OAAAA,wBAAAA,yBAAAA,cAAeoB,yBAAfpB,kBAAAA,OAA8BmB,gBAAgBR,WAAW,+GAA+G;IAEzL,8CAA8C;IAC9C,IAAMW,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLF,UAAAA;QACAD,UAAAA;OACIE,gBAAgB;QAAEA,cAAAA;IAAa;QACnC7B,MAAAA;QACAW,UAAAA;QACIY,eAAe;QAAEA,aAAAA;IAAY;AAErC;AAMO,SAAS7B;IACd,OAAOC,YAAYoC,QAAQC,IAAI,EAAED,QAAQ7B,GAAG;AAC9C;AA8CO,SAASN,eAAeK,IAAc,EAAEC,GAAuC,EAAE+B,KAAa;IACnG,SAAS5B,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACP,YAAY;gBAAEC,MAAM;YAAS;YAC7B,kBAAkB;gBAAEA,MAAM;YAAS;YACnC,iBAAiB;gBAAEA,MAAM;YAAS;YAClC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,6CAA6C;IAC7C,IAAM2B,UAAU,OAAO3B,MAAM,CAAC,WAAW,KAAK,WAAWA,MAAM,CAAC,WAAW,GAAGQ;IAC9E,IAAMoB,UAAUjC,IAAIkC,QAAQ;IAC5B,IAAMlB,OAAOgB,WAAWC,WAAW;IAEnC,oBAAoB;IACpB,IAAIjB,SAAS,iBAAiBA,SAAS,YAAY;QACjD,MAAM,IAAInB,MAAM,AAAC,8BAAkC,OAALmB,MAAK;IACrD;IAEA,+CAA+C;IAC/C,IAAMmB,eAAe,OAAO9B,MAAM,CAAC,iBAAiB,KAAK,WAAWA,MAAM,CAAC,iBAAiB,GAAGQ;IAC/F,IAAMuB,eAAepC,IAAIqC,cAAc;IACvC,IAAMC,YAAYH,gBAAgBC;IAElC,8CAA8C;IAC9C,IAAMG,cAAc,OAAOlC,MAAM,CAAC,gBAAgB,KAAK,WAAWA,MAAM,CAAC,gBAAgB,GAAGQ;IAC5F,IAAM2B,cAAcxC,IAAIyC,aAAa;IACrC,IAAMC,WAAWH,eAAeC;IAEhC,yCAAyC;IACzC,IAAIxB,SAAS,cAAc,CAACsB,WAAW;QACrC,MAAM,IAAIzC,MAAM;IAClB;IAEA,8CAA8C;IAC9C,IAAM2B,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLZ,MAAAA;OACIsB,aAAa;QAAEA,WAAAA;IAAU,GACzBI,YAAY;QAAEA,UAAAA;IAAS;QAC3BhB,UAAAA;QACIC,gBAAgB;QAAEA,cAAAA;IAAa;QACnCF,UAAAA;QACAM,OAAAA;;AAEJ"}
1
+ {"version":3,"sources":["/Users/kevin/Dev/Projects/mcp-z/oauth-microsoft/src/setup/config.ts"],"sourcesContent":["/**\n * Microsoft OAuth configuration parsing from CLI arguments and environment variables.\n *\n * This module provides utilities to parse Microsoft OAuth configuration from\n * CLI arguments and environment variables, following the same pattern as @mcp-z/server's\n * parseConfig().\n */\n\nimport { parseArgs } from 'util';\nimport type { DcrConfig, OAuthConfig } from '../types.ts';\n\n// Re-export for external use\nexport type { DcrConfig, OAuthConfig };\n\n/**\n * Auth mode type (from OAuthConfig)\n */\ntype AuthMode = 'loopback-oauth' | 'device-code' | 'dcr';\n\n/**\n * Parse OAuth mode string into auth mode.\n *\n * @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')\n * @returns Parsed auth mode\n * @throws Error if value is invalid\n *\n * @example Valid formats\n * ```typescript\n * parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }\n * parseAuthMode('device-code') // { auth: 'device-code' }\n * parseAuthMode('dcr') // { auth: 'dcr' }\n * ```\n */\nfunction parseAuthMode(value: string): {\n auth: AuthMode;\n} {\n // Validate auth mode\n if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {\n throw new Error(`Invalid --auth value: \"${value}\". Valid values: loopback-oauth, device-code, dcr`);\n }\n\n return {\n auth: value as AuthMode,\n };\n}\n\n/**\n * Transport type for MCP servers\n *\n * - 'stdio': Standard input/output transport\n * - 'http': HTTP transport\n */\nexport type TransportType = 'stdio' | 'http';\n\n/**\n * Parse Microsoft OAuth configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --auth: OAuth mode ('loopback-oauth' | 'device-code' | 'dcr')\n * - Default: 'loopback-oauth' (if flag is omitted)\n * - --headless: Disable browser opening for OAuth flow (default: false, true in test env)\n * - --redirect-uri: Override OAuth redirect URI (default: ephemeral loopback)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - AUTH_MODE: OAuth mode (same format as --auth flag)\n * - HEADLESS: Headless mode flag ('true' to enable)\n * - REDIRECT_URI: OAuth redirect URI (overridden by --redirect-uri CLI flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param transport - Optional transport type. If 'stdio' and auth mode is 'dcr', throws an error.\n * @returns Parsed Microsoft OAuth configuration\n * @throws Error if required environment variables are missing, values are invalid, or DCR is used with stdio transport\n *\n * @example Default mode (no flags)\n * ```typescript\n * const config = parseConfig(process.argv, process.env);\n * // { auth: 'loopback-oauth' }\n * ```\n *\n * @example Override auth mode\n * ```typescript\n * parseConfig(['--auth=loopback-oauth'], process.env);\n * parseConfig(['--auth=device-code'], process.env);\n * ```\n *\n * @example With transport validation\n * ```typescript\n * parseConfig(['--auth=dcr'], process.env, 'http'); // OK\n * parseConfig(['--auth=dcr'], process.env, 'stdio'); // Throws error\n * ```\n *\n * Valid auth modes:\n * - loopback-oauth (default)\n * - device-code\n * - dcr (HTTP transport only)\n */\nexport function parseConfig(args: string[], env: Record<string, string | undefined>, transport?: TransportType): OAuthConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for Microsoft OAuth`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n auth: { type: 'string' },\n headless: { type: 'boolean' },\n 'redirect-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse OAuth mode\n const authArg = typeof values.auth === 'string' ? values.auth : undefined;\n const envAuthMode = env.AUTH_MODE;\n const mode = authArg || envAuthMode;\n\n let auth: AuthMode;\n\n if (mode) {\n const parsed = parseAuthMode(mode);\n auth = parsed.auth;\n } else {\n // DEFAULT: No flags provided, use loopback-oauth\n auth = 'loopback-oauth';\n }\n\n // Validate: DCR only works with HTTP transport\n if (auth === 'dcr' && transport === 'stdio') {\n throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');\n }\n\n // Parse redirect-uri (CLI overrides ENV)\n const cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;\n const envRedirectUri = env.REDIRECT_URI;\n const redirectUri = cliRedirectUri ?? envRedirectUri;\n if (redirectUri && transport === 'stdio') {\n throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');\n }\n\n // Parse headless mode\n if (typeof values.headless === 'string') throw new Error('Use --headless or --no-headless (do not pass a value)');\n const cliHeadless = values['no-headless'] ? false : values.headless === true ? true : undefined;\n const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;\n const headless = cliHeadless ?? envHeadless ?? redirectUri !== undefined;\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n clientId,\n tenantId,\n ...(clientSecret && { clientSecret }),\n auth,\n headless,\n ...(redirectUri && { redirectUri }),\n };\n}\n\n/**\n * Build production configuration from process globals.\n * Entry point for production server.\n */\nexport function createConfig(): OAuthConfig {\n return parseConfig(process.argv, process.env);\n}\n\n/**\n * Parse DCR configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --dcr-mode: DCR mode ('self-hosted' | 'external')\n * - Default: 'self-hosted' (if flag is omitted)\n * - --dcr-verify-url: External verification endpoint URL (required for external mode)\n * - --dcr-store-uri: DCR client storage URI (required for self-hosted mode)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - DCR_MODE: DCR mode (same format as --dcr-mode flag)\n * - DCR_VERIFY_URL: External verification URL (same as --dcr-verify-url flag)\n * - DCR_STORE_URI: DCR storage URI (same as --dcr-store-uri flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param scope - OAuth scopes to request (space-separated)\n * @returns Parsed DCR configuration\n * @throws Error if required environment variables are missing or validation fails\n *\n * @example Self-hosted mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=self-hosted', '--dcr-store-uri=file:///path/to/store.json'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n *\n * @example External mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=external', '--dcr-verify-url=https://auth0.example.com/verify'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n */\nexport function parseDcrConfig(args: string[], env: Record<string, string | undefined>, scope: string): DcrConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for DCR configuration`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n 'dcr-mode': { type: 'string' },\n 'dcr-verify-url': { type: 'string' },\n 'dcr-store-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse DCR mode (CLI overrides environment)\n const cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;\n const envMode = env.DCR_MODE;\n const mode = cliMode || envMode || 'self-hosted';\n\n // Validate DCR mode\n if (mode !== 'self-hosted' && mode !== 'external') {\n throw new Error(`Invalid --dcr-mode value: \"${mode}\". Valid values: self-hosted, external`);\n }\n\n // Parse verify URL (CLI overrides environment)\n const cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;\n const envVerifyUrl = env.DCR_VERIFY_URL;\n const verifyUrl = cliVerifyUrl || envVerifyUrl;\n\n // Parse store URI (CLI overrides environment)\n const cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;\n const envStoreUri = env.DCR_STORE_URI;\n const storeUri = cliStoreUri || envStoreUri;\n\n // Validate mode-specific required fields\n if (mode === 'external' && !verifyUrl) {\n throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');\n }\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n mode,\n ...(verifyUrl && { verifyUrl }),\n ...(storeUri && { storeUri }),\n clientId,\n ...(clientSecret && { clientSecret }),\n tenantId,\n scope,\n };\n}\n"],"names":["createConfig","parseConfig","parseDcrConfig","parseAuthMode","value","Error","auth","args","env","transport","cliHeadless","requiredEnv","key","values","parseArgs","options","type","headless","strict","allowPositionals","authArg","undefined","envAuthMode","AUTH_MODE","mode","parsed","cliRedirectUri","envRedirectUri","REDIRECT_URI","redirectUri","envHeadless","HEADLESS","cliTenantId","tenantId","clientId","clientSecret","MS_CLIENT_SECRET","process","argv","scope","cliMode","envMode","DCR_MODE","cliVerifyUrl","envVerifyUrl","DCR_VERIFY_URL","verifyUrl","cliStoreUri","envStoreUri","DCR_STORE_URI","storeUri"],"mappings":"AAAA;;;;;;CAMC;;;;;;;;;;;QA+KeA;eAAAA;;QA9EAC;eAAAA;;QA8HAC;eAAAA;;;oBA7NU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAW1B;;;;;;;;;;;;;CAaC,GACD,SAASC,cAAcC,KAAa;IAGlC,qBAAqB;IACrB,IAAIA,UAAU,oBAAoBA,UAAU,iBAAiBA,UAAU,OAAO;QAC5E,MAAM,IAAIC,MAAM,AAAC,0BAA+B,OAAND,OAAM;IAClD;IAEA,OAAO;QACLE,MAAMF;IACR;AACF;AA2DO,SAASH,YAAYM,IAAc,EAAEC,GAAuC,EAAEC,SAAyB;QAsD3FC;IArDjB,SAASC,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACPT,MAAM;gBAAEU,MAAM;YAAS;YACvBC,UAAU;gBAAED,MAAM;YAAU;YAC5B,gBAAgB;gBAAEA,MAAM;YAAS;YACjC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,mBAAmB;IACnB,IAAMO,UAAU,OAAOP,OAAOP,IAAI,KAAK,WAAWO,OAAOP,IAAI,GAAGe;IAChE,IAAMC,cAAcd,IAAIe,SAAS;IACjC,IAAMC,OAAOJ,WAAWE;IAExB,IAAIhB;IAEJ,IAAIkB,MAAM;QACR,IAAMC,SAAStB,cAAcqB;QAC7BlB,OAAOmB,OAAOnB,IAAI;IACpB,OAAO;QACL,iDAAiD;QACjDA,OAAO;IACT;IAEA,+CAA+C;IAC/C,IAAIA,SAAS,SAASG,cAAc,SAAS;QAC3C,MAAM,IAAIJ,MAAM;IAClB;IAEA,yCAAyC;IACzC,IAAMqB,iBAAiB,OAAOb,MAAM,CAAC,eAAe,KAAK,WAAWA,MAAM,CAAC,eAAe,GAAGQ;IAC7F,IAAMM,iBAAiBnB,IAAIoB,YAAY;IACvC,IAAMC,cAAcH,2BAAAA,4BAAAA,iBAAkBC;IACtC,IAAIE,eAAepB,cAAc,SAAS;QACxC,MAAM,IAAIJ,MAAM;IAClB;IAEA,sBAAsB;IACtB,IAAI,OAAOQ,OAAOI,QAAQ,KAAK,UAAU,MAAM,IAAIZ,MAAM;IACzD,IAAMK,cAAcG,MAAM,CAAC,cAAc,GAAG,QAAQA,OAAOI,QAAQ,KAAK,OAAO,OAAOI;IACtF,IAAMS,cAActB,IAAIuB,QAAQ,KAAK,SAAS,OAAOvB,IAAIuB,QAAQ,KAAK,UAAU,QAAQV;IACxF,IAAMJ,YAAWP,OAAAA,wBAAAA,yBAAAA,cAAeoB,yBAAfpB,kBAAAA,OAA8BmB,gBAAgBR;IAE/D,8CAA8C;IAC9C,IAAMW,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLF,UAAAA;QACAD,UAAAA;OACIE,gBAAgB;QAAEA,cAAAA;IAAa;QACnC7B,MAAAA;QACAW,UAAAA;QACIY,eAAe;QAAEA,aAAAA;IAAY;AAErC;AAMO,SAAS7B;IACd,OAAOC,YAAYoC,QAAQC,IAAI,EAAED,QAAQ7B,GAAG;AAC9C;AA8CO,SAASN,eAAeK,IAAc,EAAEC,GAAuC,EAAE+B,KAAa;IACnG,SAAS5B,YAAYC,GAAW;QAC9B,IAAMR,QAAQI,GAAG,CAACI,IAAI;QACtB,IAAI,CAACR,OAAO;YACV,MAAM,IAAIC,MAAM,AAAC,wBAA2B,OAAJO,KAAI;QAC9C;QACA,OAAOR;IACT;IAEA,sBAAsB;IACtB,IAAM,AAAES,SAAWC,IAAAA,eAAS,EAAC;QAC3BP,MAAAA;QACAQ,SAAS;YACP,YAAY;gBAAEC,MAAM;YAAS;YAC7B,kBAAkB;gBAAEA,MAAM;YAAS;YACnC,iBAAiB;gBAAEA,MAAM;YAAS;YAClC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB,GAVQN;IAYR,6CAA6C;IAC7C,IAAM2B,UAAU,OAAO3B,MAAM,CAAC,WAAW,KAAK,WAAWA,MAAM,CAAC,WAAW,GAAGQ;IAC9E,IAAMoB,UAAUjC,IAAIkC,QAAQ;IAC5B,IAAMlB,OAAOgB,WAAWC,WAAW;IAEnC,oBAAoB;IACpB,IAAIjB,SAAS,iBAAiBA,SAAS,YAAY;QACjD,MAAM,IAAInB,MAAM,AAAC,8BAAkC,OAALmB,MAAK;IACrD;IAEA,+CAA+C;IAC/C,IAAMmB,eAAe,OAAO9B,MAAM,CAAC,iBAAiB,KAAK,WAAWA,MAAM,CAAC,iBAAiB,GAAGQ;IAC/F,IAAMuB,eAAepC,IAAIqC,cAAc;IACvC,IAAMC,YAAYH,gBAAgBC;IAElC,8CAA8C;IAC9C,IAAMG,cAAc,OAAOlC,MAAM,CAAC,gBAAgB,KAAK,WAAWA,MAAM,CAAC,gBAAgB,GAAGQ;IAC5F,IAAM2B,cAAcxC,IAAIyC,aAAa;IACrC,IAAMC,WAAWH,eAAeC;IAEhC,yCAAyC;IACzC,IAAIxB,SAAS,cAAc,CAACsB,WAAW;QACrC,MAAM,IAAIzC,MAAM;IAClB;IAEA,8CAA8C;IAC9C,IAAM2B,cAAc,OAAOnB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGQ;IACpF,IAAMY,WAAWD,wBAAAA,yBAAAA,cAAerB,YAAY;IAE5C,oBAAoB;IACpB,IAAMuB,WAAWvB,YAAY;IAC7B,IAAMwB,eAAe3B,IAAI4B,gBAAgB;IAEzC,OAAO;QACLZ,MAAAA;OACIsB,aAAa;QAAEA,WAAAA;IAAU,GACzBI,YAAY;QAAEA,UAAAA;IAAS;QAC3BhB,UAAAA;QACIC,gBAAgB;QAAEA,cAAAA;IAAa;QACnCF,UAAAA;QACAM,OAAAA;;AAEJ"}
package/dist/esm/setup/config.js CHANGED
@@ -128,9 +128,10 @@
128
128
  throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');
129
129
  }
130
130
  // Parse headless mode
131
- const cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;
131
+ if (typeof values.headless === 'string') throw new Error('Use --headless or --no-headless (do not pass a value)');
132
+ const cliHeadless = values['no-headless'] ? false : values.headless === true ? true : undefined;
132
133
  const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;
133
- const headless = (_ref = cliHeadless !== null && cliHeadless !== void 0 ? cliHeadless : envHeadless) !== null && _ref !== void 0 ? _ref : redirectUri !== undefined; // default for redirectUri is headless (assume server http deployment); otherwise assume local and non-headless
134
+ const headless = (_ref = cliHeadless !== null && cliHeadless !== void 0 ? cliHeadless : envHeadless) !== null && _ref !== void 0 ? _ref : redirectUri !== undefined;
134
135
  // Parse tenant-id (CLI overrides environment)
135
136
  const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;
136
137
  const tenantId = cliTenantId !== null && cliTenantId !== void 0 ? cliTenantId : requiredEnv('MS_TENANT_ID');
package/dist/esm/setup/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["/Users/kevin/Dev/Projects/mcp-z/oauth-microsoft/src/setup/config.ts"],"sourcesContent":["/**\n * Microsoft OAuth configuration parsing from CLI arguments and environment variables.\n *\n * This module provides utilities to parse Microsoft OAuth configuration from\n * CLI arguments and environment variables, following the same pattern as @mcp-z/server's\n * parseConfig().\n */\n\nimport { parseArgs } from 'util';\nimport type { DcrConfig, OAuthConfig } from '../types.ts';\n\n// Re-export for external use\nexport type { DcrConfig, OAuthConfig };\n\n/**\n * Auth mode type (from OAuthConfig)\n */\ntype AuthMode = 'loopback-oauth' | 'device-code' | 'dcr';\n\n/**\n * Parse OAuth mode string into auth mode.\n *\n * @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')\n * @returns Parsed auth mode\n * @throws Error if value is invalid\n *\n * @example Valid formats\n * ```typescript\n * parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }\n * parseAuthMode('device-code') // { auth: 'device-code' }\n * parseAuthMode('dcr') // { auth: 'dcr' }\n * ```\n */\nfunction parseAuthMode(value: string): {\n auth: AuthMode;\n} {\n // Validate auth mode\n if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {\n throw new Error(`Invalid --auth value: \"${value}\". Valid values: loopback-oauth, device-code, dcr`);\n }\n\n return {\n auth: value as AuthMode,\n };\n}\n\n/**\n * Transport type for MCP servers\n *\n * - 'stdio': Standard input/output transport\n * - 'http': HTTP transport\n */\nexport type TransportType = 'stdio' | 'http';\n\n/**\n * Parse Microsoft OAuth configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --auth: OAuth mode ('loopback-oauth' | 'device-code' | 'dcr')\n * - Default: 'loopback-oauth' (if flag is omitted)\n * - --headless: Disable browser opening for OAuth flow (default: false, true in test env)\n * - --redirect-uri: Override OAuth redirect URI (default: ephemeral loopback)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - AUTH_MODE: OAuth mode (same format as --auth flag)\n * - HEADLESS: Headless mode flag ('true' to enable)\n * - REDIRECT_URI: OAuth redirect URI (overridden by --redirect-uri CLI flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param transport - Optional transport type. If 'stdio' and auth mode is 'dcr', throws an error.\n * @returns Parsed Microsoft OAuth configuration\n * @throws Error if required environment variables are missing, values are invalid, or DCR is used with stdio transport\n *\n * @example Default mode (no flags)\n * ```typescript\n * const config = parseConfig(process.argv, process.env);\n * // { auth: 'loopback-oauth' }\n * ```\n *\n * @example Override auth mode\n * ```typescript\n * parseConfig(['--auth=loopback-oauth'], process.env);\n * parseConfig(['--auth=device-code'], process.env);\n * ```\n *\n * @example With transport validation\n * ```typescript\n * parseConfig(['--auth=dcr'], process.env, 'http'); // OK\n * parseConfig(['--auth=dcr'], process.env, 'stdio'); // Throws error\n * ```\n *\n * Valid auth modes:\n * - loopback-oauth (default)\n * - device-code\n * - dcr (HTTP transport only)\n */\nexport function parseConfig(args: string[], env: Record<string, string | undefined>, transport?: TransportType): OAuthConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for Microsoft OAuth`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n auth: { type: 'string' },\n headless: { type: 'boolean' },\n 'redirect-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse OAuth mode\n const authArg = typeof values.auth === 'string' ? values.auth : undefined;\n const envAuthMode = env.AUTH_MODE;\n const mode = authArg || envAuthMode;\n\n let auth: AuthMode;\n\n if (mode) {\n const parsed = parseAuthMode(mode);\n auth = parsed.auth;\n } else {\n // DEFAULT: No flags provided, use loopback-oauth\n auth = 'loopback-oauth';\n }\n\n // Validate: DCR only works with HTTP transport\n if (auth === 'dcr' && transport === 'stdio') {\n throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');\n }\n\n // Parse redirect-uri (CLI overrides ENV)\n const cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;\n const envRedirectUri = env.REDIRECT_URI;\n const redirectUri = cliRedirectUri ?? envRedirectUri;\n if (redirectUri && transport === 'stdio') {\n throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');\n }\n\n // Parse headless mode\n const cliHeadless = typeof values.headless === 'boolean' ? values.headless : undefined;\n const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;\n const headless = cliHeadless ?? envHeadless ?? redirectUri !== undefined; // default for redirectUri is headless (assume server http deployment); otherwise assume local and non-headless\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n clientId,\n tenantId,\n ...(clientSecret && { clientSecret }),\n auth,\n headless,\n ...(redirectUri && { redirectUri }),\n };\n}\n\n/**\n * Build production configuration from process globals.\n * Entry point for production server.\n */\nexport function createConfig(): OAuthConfig {\n return parseConfig(process.argv, process.env);\n}\n\n/**\n * Parse DCR configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --dcr-mode: DCR mode ('self-hosted' | 'external')\n * - Default: 'self-hosted' (if flag is omitted)\n * - --dcr-verify-url: External verification endpoint URL (required for external mode)\n * - --dcr-store-uri: DCR client storage URI (required for self-hosted mode)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - DCR_MODE: DCR mode (same format as --dcr-mode flag)\n * - DCR_VERIFY_URL: External verification URL (same as --dcr-verify-url flag)\n * - DCR_STORE_URI: DCR storage URI (same as --dcr-store-uri flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param scope - OAuth scopes to request (space-separated)\n * @returns Parsed DCR configuration\n * @throws Error if required environment variables are missing or validation fails\n *\n * @example Self-hosted mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=self-hosted', '--dcr-store-uri=file:///path/to/store.json'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n *\n * @example External mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=external', '--dcr-verify-url=https://auth0.example.com/verify'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n */\nexport function parseDcrConfig(args: string[], env: Record<string, string | undefined>, scope: string): DcrConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for DCR configuration`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n 'dcr-mode': { type: 'string' },\n 'dcr-verify-url': { type: 'string' },\n 'dcr-store-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse DCR mode (CLI overrides environment)\n const cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;\n const envMode = env.DCR_MODE;\n const mode = cliMode || envMode || 'self-hosted';\n\n // Validate DCR mode\n if (mode !== 'self-hosted' && mode !== 'external') {\n throw new Error(`Invalid --dcr-mode value: \"${mode}\". Valid values: self-hosted, external`);\n }\n\n // Parse verify URL (CLI overrides environment)\n const cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;\n const envVerifyUrl = env.DCR_VERIFY_URL;\n const verifyUrl = cliVerifyUrl || envVerifyUrl;\n\n // Parse store URI (CLI overrides environment)\n const cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;\n const envStoreUri = env.DCR_STORE_URI;\n const storeUri = cliStoreUri || envStoreUri;\n\n // Validate mode-specific required fields\n if (mode === 'external' && !verifyUrl) {\n throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');\n }\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n mode,\n ...(verifyUrl && { verifyUrl }),\n ...(storeUri && { storeUri }),\n clientId,\n ...(clientSecret && { clientSecret }),\n tenantId,\n scope,\n };\n}\n"],"names":["parseArgs","parseAuthMode","value","Error","auth","parseConfig","args","env","transport","cliHeadless","requiredEnv","key","values","options","type","headless","strict","allowPositionals","authArg","undefined","envAuthMode","AUTH_MODE","mode","parsed","cliRedirectUri","envRedirectUri","REDIRECT_URI","redirectUri","envHeadless","HEADLESS","cliTenantId","tenantId","clientId","clientSecret","MS_CLIENT_SECRET","createConfig","process","argv","parseDcrConfig","scope","cliMode","envMode","DCR_MODE","cliVerifyUrl","envVerifyUrl","DCR_VERIFY_URL","verifyUrl","cliStoreUri","envStoreUri","DCR_STORE_URI","storeUri"],"mappings":"AAAA;;;;;;CAMC,GAED,SAASA,SAAS,QAAQ,OAAO;AAWjC;;;;;;;;;;;;;CAaC,GACD,SAASC,cAAcC,KAAa;IAGlC,qBAAqB;IACrB,IAAIA,UAAU,oBAAoBA,UAAU,iBAAiBA,UAAU,OAAO;QAC5E,MAAM,IAAIC,MAAM,CAAC,uBAAuB,EAAED,MAAM,iDAAiD,CAAC;IACpG;IAEA,OAAO;QACLE,MAAMF;IACR;AACF;AAUA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgDC,GACD,OAAO,SAASG,YAAYC,IAAc,EAAEC,GAAuC,EAAEC,SAAyB;QAqD3FC;IApDjB,SAASC,YAAYC,GAAW;QAC9B,MAAMT,QAAQK,GAAG,CAACI,IAAI;QACtB,IAAI,CAACT,OAAO;YACV,MAAM,IAAIC,MAAM,CAAC,qBAAqB,EAAEQ,IAAI,gCAAgC,CAAC;QAC/E;QACA,OAAOT;IACT;IAEA,sBAAsB;IACtB,MAAM,EAAEU,MAAM,EAAE,GAAGZ,UAAU;QAC3BM;QACAO,SAAS;YACPT,MAAM;gBAAEU,MAAM;YAAS;YACvBC,UAAU;gBAAED,MAAM;YAAU;YAC5B,gBAAgB;gBAAEA,MAAM;YAAS;YACjC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB;IAEA,mBAAmB;IACnB,MAAMC,UAAU,OAAON,OAAOR,IAAI,KAAK,WAAWQ,OAAOR,IAAI,GAAGe;IAChE,MAAMC,cAAcb,IAAIc,SAAS;IACjC,MAAMC,OAAOJ,WAAWE;IAExB,IAAIhB;IAEJ,IAAIkB,MAAM;QACR,MAAMC,SAAStB,cAAcqB;QAC7BlB,OAAOmB,OAAOnB,IAAI;IACpB,OAAO;QACL,iDAAiD;QACjDA,OAAO;IACT;IAEA,+CAA+C;IAC/C,IAAIA,SAAS,SAASI,cAAc,SAAS;QAC3C,MAAM,IAAIL,MAAM;IAClB;IAEA,yCAAyC;IACzC,MAAMqB,iBAAiB,OAAOZ,MAAM,CAAC,eAAe,KAAK,WAAWA,MAAM,CAAC,eAAe,GAAGO;IAC7F,MAAMM,iBAAiBlB,IAAImB,YAAY;IACvC,MAAMC,cAAcH,2BAAAA,4BAAAA,iBAAkBC;IACtC,IAAIE,eAAenB,cAAc,SAAS;QACxC,MAAM,IAAIL,MAAM;IAClB;IAEA,sBAAsB;IACtB,MAAMM,cAAc,OAAOG,OAAOG,QAAQ,KAAK,YAAYH,OAAOG,QAAQ,GAAGI;IAC7E,MAAMS,cAAcrB,IAAIsB,QAAQ,KAAK,SAAS,OAAOtB,IAAIsB,QAAQ,KAAK,UAAU,QAAQV;IACxF,MAAMJ,YAAWN,OAAAA,wBAAAA,yBAAAA,cAAemB,yBAAfnB,kBAAAA,OAA8BkB,gBAAgBR,WAAW,+GAA+G;IAEzL,8CAA8C;IAC9C,MAAMW,cAAc,OAAOlB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGO;IACpF,MAAMY,WAAWD,wBAAAA,yBAAAA,cAAepB,YAAY;IAE5C,oBAAoB;IACpB,MAAMsB,WAAWtB,YAAY;IAC7B,MAAMuB,eAAe1B,IAAI2B,gBAAgB;IAEzC,OAAO;QACLF;QACAD;QACA,GAAIE,gBAAgB;YAAEA;QAAa,CAAC;QACpC7B;QACAW;QACA,GAAIY,eAAe;YAAEA;QAAY,CAAC;IACpC;AACF;AAEA;;;CAGC,GACD,OAAO,SAASQ;IACd,OAAO9B,YAAY+B,QAAQC,IAAI,EAAED,QAAQ7B,GAAG;AAC9C;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CC,GACD,OAAO,SAAS+B,eAAehC,IAAc,EAAEC,GAAuC,EAAEgC,KAAa;IACnG,SAAS7B,YAAYC,GAAW;QAC9B,MAAMT,QAAQK,GAAG,CAACI,IAAI;QACtB,IAAI,CAACT,OAAO;YACV,MAAM,IAAIC,MAAM,CAAC,qBAAqB,EAAEQ,IAAI,kCAAkC,CAAC;QACjF;QACA,OAAOT;IACT;IAEA,sBAAsB;IACtB,MAAM,EAAEU,MAAM,EAAE,GAAGZ,UAAU;QAC3BM;QACAO,SAAS;YACP,YAAY;gBAAEC,MAAM;YAAS;YAC7B,kBAAkB;gBAAEA,MAAM;YAAS;YACnC,iBAAiB;gBAAEA,MAAM;YAAS;YAClC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB;IAEA,6CAA6C;IAC7C,MAAMuB,UAAU,OAAO5B,MAAM,CAAC,WAAW,KAAK,WAAWA,MAAM,CAAC,WAAW,GAAGO;IAC9E,MAAMsB,UAAUlC,IAAImC,QAAQ;IAC5B,MAAMpB,OAAOkB,WAAWC,WAAW;IAEnC,oBAAoB;IACpB,IAAInB,SAAS,iBAAiBA,SAAS,YAAY;QACjD,MAAM,IAAInB,MAAM,CAAC,2BAA2B,EAAEmB,KAAK,sCAAsC,CAAC;IAC5F;IAEA,+CAA+C;IAC/C,MAAMqB,eAAe,OAAO/B,MAAM,CAAC,iBAAiB,KAAK,WAAWA,MAAM,CAAC,iBAAiB,GAAGO;IAC/F,MAAMyB,eAAerC,IAAIsC,cAAc;IACvC,MAAMC,YAAYH,gBAAgBC;IAElC,8CAA8C;IAC9C,MAAMG,cAAc,OAAOnC,MAAM,CAAC,gBAAgB,KAAK,WAAWA,MAAM,CAAC,gBAAgB,GAAGO;IAC5F,MAAM6B,cAAczC,IAAI0C,aAAa;IACrC,MAAMC,WAAWH,eAAeC;IAEhC,yCAAyC;IACzC,IAAI1B,SAAS,cAAc,CAACwB,WAAW;QACrC,MAAM,IAAI3C,MAAM;IAClB;IAEA,8CAA8C;IAC9C,MAAM2B,cAAc,OAAOlB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGO;IACpF,MAAMY,WAAWD,wBAAAA,yBAAAA,cAAepB,YAAY;IAE5C,oBAAoB;IACpB,MAAMsB,WAAWtB,YAAY;IAC7B,MAAMuB,eAAe1B,IAAI2B,gBAAgB;IAEzC,OAAO;QACLZ;QACA,GAAIwB,aAAa;YAAEA;QAAU,CAAC;QAC9B,GAAII,YAAY;YAAEA;QAAS,CAAC;QAC5BlB;QACA,GAAIC,gBAAgB;YAAEA;QAAa,CAAC;QACpCF;QACAQ;IACF;AACF"}
1
+ {"version":3,"sources":["/Users/kevin/Dev/Projects/mcp-z/oauth-microsoft/src/setup/config.ts"],"sourcesContent":["/**\n * Microsoft OAuth configuration parsing from CLI arguments and environment variables.\n *\n * This module provides utilities to parse Microsoft OAuth configuration from\n * CLI arguments and environment variables, following the same pattern as @mcp-z/server's\n * parseConfig().\n */\n\nimport { parseArgs } from 'util';\nimport type { DcrConfig, OAuthConfig } from '../types.ts';\n\n// Re-export for external use\nexport type { DcrConfig, OAuthConfig };\n\n/**\n * Auth mode type (from OAuthConfig)\n */\ntype AuthMode = 'loopback-oauth' | 'device-code' | 'dcr';\n\n/**\n * Parse OAuth mode string into auth mode.\n *\n * @param value - OAuth mode string ('loopback-oauth', 'device-code', or 'dcr')\n * @returns Parsed auth mode\n * @throws Error if value is invalid\n *\n * @example Valid formats\n * ```typescript\n * parseAuthMode('loopback-oauth') // { auth: 'loopback-oauth' }\n * parseAuthMode('device-code') // { auth: 'device-code' }\n * parseAuthMode('dcr') // { auth: 'dcr' }\n * ```\n */\nfunction parseAuthMode(value: string): {\n auth: AuthMode;\n} {\n // Validate auth mode\n if (value !== 'loopback-oauth' && value !== 'device-code' && value !== 'dcr') {\n throw new Error(`Invalid --auth value: \"${value}\". Valid values: loopback-oauth, device-code, dcr`);\n }\n\n return {\n auth: value as AuthMode,\n };\n}\n\n/**\n * Transport type for MCP servers\n *\n * - 'stdio': Standard input/output transport\n * - 'http': HTTP transport\n */\nexport type TransportType = 'stdio' | 'http';\n\n/**\n * Parse Microsoft OAuth configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --auth: OAuth mode ('loopback-oauth' | 'device-code' | 'dcr')\n * - Default: 'loopback-oauth' (if flag is omitted)\n * - --headless: Disable browser opening for OAuth flow (default: false, true in test env)\n * - --redirect-uri: Override OAuth redirect URI (default: ephemeral loopback)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - AUTH_MODE: OAuth mode (same format as --auth flag)\n * - HEADLESS: Headless mode flag ('true' to enable)\n * - REDIRECT_URI: OAuth redirect URI (overridden by --redirect-uri CLI flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param transport - Optional transport type. If 'stdio' and auth mode is 'dcr', throws an error.\n * @returns Parsed Microsoft OAuth configuration\n * @throws Error if required environment variables are missing, values are invalid, or DCR is used with stdio transport\n *\n * @example Default mode (no flags)\n * ```typescript\n * const config = parseConfig(process.argv, process.env);\n * // { auth: 'loopback-oauth' }\n * ```\n *\n * @example Override auth mode\n * ```typescript\n * parseConfig(['--auth=loopback-oauth'], process.env);\n * parseConfig(['--auth=device-code'], process.env);\n * ```\n *\n * @example With transport validation\n * ```typescript\n * parseConfig(['--auth=dcr'], process.env, 'http'); // OK\n * parseConfig(['--auth=dcr'], process.env, 'stdio'); // Throws error\n * ```\n *\n * Valid auth modes:\n * - loopback-oauth (default)\n * - device-code\n * - dcr (HTTP transport only)\n */\nexport function parseConfig(args: string[], env: Record<string, string | undefined>, transport?: TransportType): OAuthConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for Microsoft OAuth`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n auth: { type: 'string' },\n headless: { type: 'boolean' },\n 'redirect-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse OAuth mode\n const authArg = typeof values.auth === 'string' ? values.auth : undefined;\n const envAuthMode = env.AUTH_MODE;\n const mode = authArg || envAuthMode;\n\n let auth: AuthMode;\n\n if (mode) {\n const parsed = parseAuthMode(mode);\n auth = parsed.auth;\n } else {\n // DEFAULT: No flags provided, use loopback-oauth\n auth = 'loopback-oauth';\n }\n\n // Validate: DCR only works with HTTP transport\n if (auth === 'dcr' && transport === 'stdio') {\n throw new Error('DCR authentication mode requires HTTP transport. DCR is not supported with stdio transport.');\n }\n\n // Parse redirect-uri (CLI overrides ENV)\n const cliRedirectUri = typeof values['redirect-uri'] === 'string' ? values['redirect-uri'] : undefined;\n const envRedirectUri = env.REDIRECT_URI;\n const redirectUri = cliRedirectUri ?? envRedirectUri;\n if (redirectUri && transport === 'stdio') {\n throw new Error('REDIRECT_URI requires HTTP transport. The OAuth callback must be served over HTTP.');\n }\n\n // Parse headless mode\n if (typeof values.headless === 'string') throw new Error('Use --headless or --no-headless (do not pass a value)');\n const cliHeadless = values['no-headless'] ? false : values.headless === true ? true : undefined;\n const envHeadless = env.HEADLESS === 'true' ? true : env.HEADLESS === 'false' ? false : undefined;\n const headless = cliHeadless ?? envHeadless ?? redirectUri !== undefined;\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n clientId,\n tenantId,\n ...(clientSecret && { clientSecret }),\n auth,\n headless,\n ...(redirectUri && { redirectUri }),\n };\n}\n\n/**\n * Build production configuration from process globals.\n * Entry point for production server.\n */\nexport function createConfig(): OAuthConfig {\n return parseConfig(process.argv, process.env);\n}\n\n/**\n * Parse DCR configuration from CLI arguments and environment variables.\n *\n * CLI Arguments:\n * - --dcr-mode: DCR mode ('self-hosted' | 'external')\n * - Default: 'self-hosted' (if flag is omitted)\n * - --dcr-verify-url: External verification endpoint URL (required for external mode)\n * - --dcr-store-uri: DCR client storage URI (required for self-hosted mode)\n * - --tenant-id: Override Microsoft tenant ID\n *\n * Required environment variables:\n * - MS_CLIENT_ID: Azure AD application (client) ID\n * - MS_TENANT_ID: Azure AD tenant ID ('common', 'organizations', 'consumers', or tenant GUID)\n *\n * Optional environment variables:\n * - MS_CLIENT_SECRET: Azure AD client secret (optional for public clients)\n * - DCR_MODE: DCR mode (same format as --dcr-mode flag)\n * - DCR_VERIFY_URL: External verification URL (same as --dcr-verify-url flag)\n * - DCR_STORE_URI: DCR storage URI (same as --dcr-store-uri flag)\n *\n * @param args - CLI arguments array (typically process.argv)\n * @param env - Environment variables object (typically process.env)\n * @param scope - OAuth scopes to request (space-separated)\n * @returns Parsed DCR configuration\n * @throws Error if required environment variables are missing or validation fails\n *\n * @example Self-hosted mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=self-hosted', '--dcr-store-uri=file:///path/to/store.json'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n *\n * @example External mode\n * ```typescript\n * const config = parseDcrConfig(\n * ['--dcr-mode=external', '--dcr-verify-url=https://auth0.example.com/verify'],\n * process.env,\n * 'https://graph.microsoft.com/.default'\n * );\n * ```\n */\nexport function parseDcrConfig(args: string[], env: Record<string, string | undefined>, scope: string): DcrConfig {\n function requiredEnv(key: string): string {\n const value = env[key];\n if (!value) {\n throw new Error(`Environment variable ${key} is required for DCR configuration`);\n }\n return value;\n }\n\n // Parse CLI arguments\n const { values } = parseArgs({\n args,\n options: {\n 'dcr-mode': { type: 'string' },\n 'dcr-verify-url': { type: 'string' },\n 'dcr-store-uri': { type: 'string' },\n 'tenant-id': { type: 'string' },\n },\n strict: false, // Allow other arguments\n allowPositionals: true,\n });\n\n // Parse DCR mode (CLI overrides environment)\n const cliMode = typeof values['dcr-mode'] === 'string' ? values['dcr-mode'] : undefined;\n const envMode = env.DCR_MODE;\n const mode = cliMode || envMode || 'self-hosted';\n\n // Validate DCR mode\n if (mode !== 'self-hosted' && mode !== 'external') {\n throw new Error(`Invalid --dcr-mode value: \"${mode}\". Valid values: self-hosted, external`);\n }\n\n // Parse verify URL (CLI overrides environment)\n const cliVerifyUrl = typeof values['dcr-verify-url'] === 'string' ? values['dcr-verify-url'] : undefined;\n const envVerifyUrl = env.DCR_VERIFY_URL;\n const verifyUrl = cliVerifyUrl || envVerifyUrl;\n\n // Parse store URI (CLI overrides environment)\n const cliStoreUri = typeof values['dcr-store-uri'] === 'string' ? values['dcr-store-uri'] : undefined;\n const envStoreUri = env.DCR_STORE_URI;\n const storeUri = cliStoreUri || envStoreUri;\n\n // Validate mode-specific required fields\n if (mode === 'external' && !verifyUrl) {\n throw new Error('DCR external mode requires --dcr-verify-url or DCR_VERIFY_URL environment variable');\n }\n\n // Parse tenant-id (CLI overrides environment)\n const cliTenantId = typeof values['tenant-id'] === 'string' ? values['tenant-id'] : undefined;\n const tenantId = cliTenantId ?? requiredEnv('MS_TENANT_ID');\n\n // Parse credentials\n const clientId = requiredEnv('MS_CLIENT_ID');\n const clientSecret = env.MS_CLIENT_SECRET;\n\n return {\n mode,\n ...(verifyUrl && { verifyUrl }),\n ...(storeUri && { storeUri }),\n clientId,\n ...(clientSecret && { clientSecret }),\n tenantId,\n scope,\n };\n}\n"],"names":["parseArgs","parseAuthMode","value","Error","auth","parseConfig","args","env","transport","cliHeadless","requiredEnv","key","values","options","type","headless","strict","allowPositionals","authArg","undefined","envAuthMode","AUTH_MODE","mode","parsed","cliRedirectUri","envRedirectUri","REDIRECT_URI","redirectUri","envHeadless","HEADLESS","cliTenantId","tenantId","clientId","clientSecret","MS_CLIENT_SECRET","createConfig","process","argv","parseDcrConfig","scope","cliMode","envMode","DCR_MODE","cliVerifyUrl","envVerifyUrl","DCR_VERIFY_URL","verifyUrl","cliStoreUri","envStoreUri","DCR_STORE_URI","storeUri"],"mappings":"AAAA;;;;;;CAMC,GAED,SAASA,SAAS,QAAQ,OAAO;AAWjC;;;;;;;;;;;;;CAaC,GACD,SAASC,cAAcC,KAAa;IAGlC,qBAAqB;IACrB,IAAIA,UAAU,oBAAoBA,UAAU,iBAAiBA,UAAU,OAAO;QAC5E,MAAM,IAAIC,MAAM,CAAC,uBAAuB,EAAED,MAAM,iDAAiD,CAAC;IACpG;IAEA,OAAO;QACLE,MAAMF;IACR;AACF;AAUA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgDC,GACD,OAAO,SAASG,YAAYC,IAAc,EAAEC,GAAuC,EAAEC,SAAyB;QAsD3FC;IArDjB,SAASC,YAAYC,GAAW;QAC9B,MAAMT,QAAQK,GAAG,CAACI,IAAI;QACtB,IAAI,CAACT,OAAO;YACV,MAAM,IAAIC,MAAM,CAAC,qBAAqB,EAAEQ,IAAI,gCAAgC,CAAC;QAC/E;QACA,OAAOT;IACT;IAEA,sBAAsB;IACtB,MAAM,EAAEU,MAAM,EAAE,GAAGZ,UAAU;QAC3BM;QACAO,SAAS;YACPT,MAAM;gBAAEU,MAAM;YAAS;YACvBC,UAAU;gBAAED,MAAM;YAAU;YAC5B,gBAAgB;gBAAEA,MAAM;YAAS;YACjC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB;IAEA,mBAAmB;IACnB,MAAMC,UAAU,OAAON,OAAOR,IAAI,KAAK,WAAWQ,OAAOR,IAAI,GAAGe;IAChE,MAAMC,cAAcb,IAAIc,SAAS;IACjC,MAAMC,OAAOJ,WAAWE;IAExB,IAAIhB;IAEJ,IAAIkB,MAAM;QACR,MAAMC,SAAStB,cAAcqB;QAC7BlB,OAAOmB,OAAOnB,IAAI;IACpB,OAAO;QACL,iDAAiD;QACjDA,OAAO;IACT;IAEA,+CAA+C;IAC/C,IAAIA,SAAS,SAASI,cAAc,SAAS;QAC3C,MAAM,IAAIL,MAAM;IAClB;IAEA,yCAAyC;IACzC,MAAMqB,iBAAiB,OAAOZ,MAAM,CAAC,eAAe,KAAK,WAAWA,MAAM,CAAC,eAAe,GAAGO;IAC7F,MAAMM,iBAAiBlB,IAAImB,YAAY;IACvC,MAAMC,cAAcH,2BAAAA,4BAAAA,iBAAkBC;IACtC,IAAIE,eAAenB,cAAc,SAAS;QACxC,MAAM,IAAIL,MAAM;IAClB;IAEA,sBAAsB;IACtB,IAAI,OAAOS,OAAOG,QAAQ,KAAK,UAAU,MAAM,IAAIZ,MAAM;IACzD,MAAMM,cAAcG,MAAM,CAAC,cAAc,GAAG,QAAQA,OAAOG,QAAQ,KAAK,OAAO,OAAOI;IACtF,MAAMS,cAAcrB,IAAIsB,QAAQ,KAAK,SAAS,OAAOtB,IAAIsB,QAAQ,KAAK,UAAU,QAAQV;IACxF,MAAMJ,YAAWN,OAAAA,wBAAAA,yBAAAA,cAAemB,yBAAfnB,kBAAAA,OAA8BkB,gBAAgBR;IAE/D,8CAA8C;IAC9C,MAAMW,cAAc,OAAOlB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGO;IACpF,MAAMY,WAAWD,wBAAAA,yBAAAA,cAAepB,YAAY;IAE5C,oBAAoB;IACpB,MAAMsB,WAAWtB,YAAY;IAC7B,MAAMuB,eAAe1B,IAAI2B,gBAAgB;IAEzC,OAAO;QACLF;QACAD;QACA,GAAIE,gBAAgB;YAAEA;QAAa,CAAC;QACpC7B;QACAW;QACA,GAAIY,eAAe;YAAEA;QAAY,CAAC;IACpC;AACF;AAEA;;;CAGC,GACD,OAAO,SAASQ;IACd,OAAO9B,YAAY+B,QAAQC,IAAI,EAAED,QAAQ7B,GAAG;AAC9C;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CC,GACD,OAAO,SAAS+B,eAAehC,IAAc,EAAEC,GAAuC,EAAEgC,KAAa;IACnG,SAAS7B,YAAYC,GAAW;QAC9B,MAAMT,QAAQK,GAAG,CAACI,IAAI;QACtB,IAAI,CAACT,OAAO;YACV,MAAM,IAAIC,MAAM,CAAC,qBAAqB,EAAEQ,IAAI,kCAAkC,CAAC;QACjF;QACA,OAAOT;IACT;IAEA,sBAAsB;IACtB,MAAM,EAAEU,MAAM,EAAE,GAAGZ,UAAU;QAC3BM;QACAO,SAAS;YACP,YAAY;gBAAEC,MAAM;YAAS;YAC7B,kBAAkB;gBAAEA,MAAM;YAAS;YACnC,iBAAiB;gBAAEA,MAAM;YAAS;YAClC,aAAa;gBAAEA,MAAM;YAAS;QAChC;QACAE,QAAQ;QACRC,kBAAkB;IACpB;IAEA,6CAA6C;IAC7C,MAAMuB,UAAU,OAAO5B,MAAM,CAAC,WAAW,KAAK,WAAWA,MAAM,CAAC,WAAW,GAAGO;IAC9E,MAAMsB,UAAUlC,IAAImC,QAAQ;IAC5B,MAAMpB,OAAOkB,WAAWC,WAAW;IAEnC,oBAAoB;IACpB,IAAInB,SAAS,iBAAiBA,SAAS,YAAY;QACjD,MAAM,IAAInB,MAAM,CAAC,2BAA2B,EAAEmB,KAAK,sCAAsC,CAAC;IAC5F;IAEA,+CAA+C;IAC/C,MAAMqB,eAAe,OAAO/B,MAAM,CAAC,iBAAiB,KAAK,WAAWA,MAAM,CAAC,iBAAiB,GAAGO;IAC/F,MAAMyB,eAAerC,IAAIsC,cAAc;IACvC,MAAMC,YAAYH,gBAAgBC;IAElC,8CAA8C;IAC9C,MAAMG,cAAc,OAAOnC,MAAM,CAAC,gBAAgB,KAAK,WAAWA,MAAM,CAAC,gBAAgB,GAAGO;IAC5F,MAAM6B,cAAczC,IAAI0C,aAAa;IACrC,MAAMC,WAAWH,eAAeC;IAEhC,yCAAyC;IACzC,IAAI1B,SAAS,cAAc,CAACwB,WAAW;QACrC,MAAM,IAAI3C,MAAM;IAClB;IAEA,8CAA8C;IAC9C,MAAM2B,cAAc,OAAOlB,MAAM,CAAC,YAAY,KAAK,WAAWA,MAAM,CAAC,YAAY,GAAGO;IACpF,MAAMY,WAAWD,wBAAAA,yBAAAA,cAAepB,YAAY;IAE5C,oBAAoB;IACpB,MAAMsB,WAAWtB,YAAY;IAC7B,MAAMuB,eAAe1B,IAAI2B,gBAAgB;IAEzC,OAAO;QACLZ;QACA,GAAIwB,aAAa;YAAEA;QAAU,CAAC;QAC9B,GAAII,YAAY;YAAEA;QAAS,CAAC;QAC5BlB;QACA,GAAIC,gBAAgB;YAAEA;QAAa,CAAC;QACpCF;QACAQ;IACF;AACF"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mcp-z/oauth-microsoft",
3
- "version": "1.0.2",
3
+ "version": "1.0.3",
4
4
  "description": "OAuth 2.0 client for Microsoft Graph with multi-account support, PKCE security, and swappable storage backends",
5
5
  "keywords": [
6
6
  "oauth2",