@modelcontextprotocol/sdk 1.11.5 → 1.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/cjs/client/auth.d.ts +27 -7
- package/dist/cjs/client/auth.d.ts.map +1 -1
- package/dist/cjs/client/auth.js +100 -17
- package/dist/cjs/client/auth.js.map +1 -1
- package/dist/cjs/client/index.d.ts.map +1 -1
- package/dist/cjs/client/index.js +5 -2
- package/dist/cjs/client/index.js.map +1 -1
- package/dist/cjs/client/sse.d.ts +1 -0
- package/dist/cjs/client/sse.d.ts.map +1 -1
- package/dist/cjs/client/sse.js +7 -4
- package/dist/cjs/client/sse.js.map +1 -1
- package/dist/cjs/client/streamableHttp.d.ts +1 -0
- package/dist/cjs/client/streamableHttp.d.ts.map +1 -1
- package/dist/cjs/client/streamableHttp.js +5 -3
- package/dist/cjs/client/streamableHttp.js.map +1 -1
- package/dist/cjs/examples/client/simpleOAuthClient.d.ts +3 -0
- package/dist/cjs/examples/client/simpleOAuthClient.d.ts.map +1 -0
- package/dist/cjs/examples/client/simpleOAuthClient.js +372 -0
- package/dist/cjs/examples/client/simpleOAuthClient.js.map +1 -0
- package/dist/cjs/examples/client/simpleStreamableHttp.js +45 -6
- package/dist/cjs/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts +70 -0
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -0
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js +165 -0
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js.map +1 -0
- package/dist/cjs/examples/server/simpleStreamableHttp.js +91 -10
- package/dist/cjs/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/cjs/server/auth/handlers/metadata.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/metadata.js.map +1 -1
- package/dist/cjs/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/token.js +3 -2
- package/dist/cjs/server/auth/handlers/token.js.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts +10 -3
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.js +13 -4
- package/dist/cjs/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/cjs/server/auth/provider.d.ts +10 -1
- package/dist/cjs/server/auth/provider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.js +4 -1
- package/dist/cjs/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/cjs/server/auth/router.d.ts +55 -1
- package/dist/cjs/server/auth/router.d.ts.map +1 -1
- package/dist/cjs/server/auth/router.js +76 -23
- package/dist/cjs/server/auth/router.js.map +1 -1
- package/dist/cjs/server/mcp.d.ts.map +1 -1
- package/dist/cjs/server/mcp.js +4 -1
- package/dist/cjs/server/mcp.js.map +1 -1
- package/dist/cjs/shared/auth.d.ts +54 -4
- package/dist/cjs/shared/auth.d.ts.map +1 -1
- package/dist/cjs/shared/auth.js +22 -1
- package/dist/cjs/shared/auth.js.map +1 -1
- package/dist/cjs/shared/protocol.d.ts.map +1 -1
- package/dist/cjs/shared/protocol.js +8 -5
- package/dist/cjs/shared/protocol.js.map +1 -1
- package/dist/cjs/types.d.ts +54 -0
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +4 -0
- package/dist/cjs/types.js.map +1 -1
- package/dist/esm/client/auth.d.ts +27 -7
- package/dist/esm/client/auth.d.ts.map +1 -1
- package/dist/esm/client/auth.js +99 -18
- package/dist/esm/client/auth.js.map +1 -1
- package/dist/esm/client/index.d.ts.map +1 -1
- package/dist/esm/client/index.js +2 -2
- package/dist/esm/client/index.js.map +1 -1
- package/dist/esm/client/sse.d.ts +1 -0
- package/dist/esm/client/sse.d.ts.map +1 -1
- package/dist/esm/client/sse.js +8 -5
- package/dist/esm/client/sse.js.map +1 -1
- package/dist/esm/client/streamableHttp.d.ts +1 -0
- package/dist/esm/client/streamableHttp.d.ts.map +1 -1
- package/dist/esm/client/streamableHttp.js +6 -4
- package/dist/esm/client/streamableHttp.js.map +1 -1
- package/dist/esm/examples/client/simpleOAuthClient.d.ts +3 -0
- package/dist/esm/examples/client/simpleOAuthClient.d.ts.map +1 -0
- package/dist/esm/examples/client/simpleOAuthClient.js +370 -0
- package/dist/esm/examples/client/simpleOAuthClient.js.map +1 -0
- package/dist/esm/examples/client/simpleStreamableHttp.js +45 -6
- package/dist/esm/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts +70 -0
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -0
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js +156 -0
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js.map +1 -0
- package/dist/esm/examples/server/simpleStreamableHttp.js +91 -10
- package/dist/esm/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/esm/server/auth/handlers/metadata.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/metadata.js.map +1 -1
- package/dist/esm/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/token.js +3 -2
- package/dist/esm/server/auth/handlers/token.js.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts +10 -3
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.js +13 -4
- package/dist/esm/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/esm/server/auth/provider.d.ts +10 -1
- package/dist/esm/server/auth/provider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.d.ts +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.js +4 -1
- package/dist/esm/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/esm/server/auth/router.d.ts +55 -1
- package/dist/esm/server/auth/router.d.ts.map +1 -1
- package/dist/esm/server/auth/router.js +72 -23
- package/dist/esm/server/auth/router.js.map +1 -1
- package/dist/esm/server/mcp.d.ts.map +1 -1
- package/dist/esm/server/mcp.js +4 -1
- package/dist/esm/server/mcp.js.map +1 -1
- package/dist/esm/shared/auth.d.ts +54 -4
- package/dist/esm/shared/auth.d.ts.map +1 -1
- package/dist/esm/shared/auth.js +21 -0
- package/dist/esm/shared/auth.js.map +1 -1
- package/dist/esm/shared/protocol.d.ts.map +1 -1
- package/dist/esm/shared/protocol.js +8 -5
- package/dist/esm/shared/protocol.js.map +1 -1
- package/dist/esm/types.d.ts +54 -0
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +4 -0
- package/dist/esm/types.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { AuthorizationParams, OAuthServerProvider } from '../../server/auth/provider.js';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from '../../server/auth/clients.js';
|
|
3
|
+
import { OAuthClientInformationFull, OAuthMetadata, OAuthTokens } from 'src/shared/auth.js';
|
|
4
|
+
import { Response } from "express";
|
|
5
|
+
import { AuthInfo } from 'src/server/auth/types.js';
|
|
6
|
+
export declare class DemoInMemoryClientsStore implements OAuthRegisteredClientsStore {
|
|
7
|
+
private clients;
|
|
8
|
+
getClient(clientId: string): Promise<{
|
|
9
|
+
redirect_uris: string[];
|
|
10
|
+
client_id: string;
|
|
11
|
+
jwks_uri?: string | undefined;
|
|
12
|
+
scope?: string | undefined;
|
|
13
|
+
token_endpoint_auth_method?: string | undefined;
|
|
14
|
+
grant_types?: string[] | undefined;
|
|
15
|
+
response_types?: string[] | undefined;
|
|
16
|
+
client_name?: string | undefined;
|
|
17
|
+
client_uri?: string | undefined;
|
|
18
|
+
logo_uri?: string | undefined;
|
|
19
|
+
contacts?: string[] | undefined;
|
|
20
|
+
tos_uri?: string | undefined;
|
|
21
|
+
policy_uri?: string | undefined;
|
|
22
|
+
jwks?: any;
|
|
23
|
+
software_id?: string | undefined;
|
|
24
|
+
software_version?: string | undefined;
|
|
25
|
+
client_secret?: string | undefined;
|
|
26
|
+
client_id_issued_at?: number | undefined;
|
|
27
|
+
client_secret_expires_at?: number | undefined;
|
|
28
|
+
} | undefined>;
|
|
29
|
+
registerClient(clientMetadata: OAuthClientInformationFull): Promise<{
|
|
30
|
+
redirect_uris: string[];
|
|
31
|
+
client_id: string;
|
|
32
|
+
jwks_uri?: string | undefined;
|
|
33
|
+
scope?: string | undefined;
|
|
34
|
+
token_endpoint_auth_method?: string | undefined;
|
|
35
|
+
grant_types?: string[] | undefined;
|
|
36
|
+
response_types?: string[] | undefined;
|
|
37
|
+
client_name?: string | undefined;
|
|
38
|
+
client_uri?: string | undefined;
|
|
39
|
+
logo_uri?: string | undefined;
|
|
40
|
+
contacts?: string[] | undefined;
|
|
41
|
+
tos_uri?: string | undefined;
|
|
42
|
+
policy_uri?: string | undefined;
|
|
43
|
+
jwks?: any;
|
|
44
|
+
software_id?: string | undefined;
|
|
45
|
+
software_version?: string | undefined;
|
|
46
|
+
client_secret?: string | undefined;
|
|
47
|
+
client_id_issued_at?: number | undefined;
|
|
48
|
+
client_secret_expires_at?: number | undefined;
|
|
49
|
+
}>;
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* 🚨 DEMO ONLY - NOT FOR PRODUCTION
|
|
53
|
+
*
|
|
54
|
+
* This example demonstrates MCP OAuth flow but lacks some of the features required for production use,
|
|
55
|
+
* for example:
|
|
56
|
+
* - Persistent token storage
|
|
57
|
+
* - Rate limiting
|
|
58
|
+
*/
|
|
59
|
+
export declare class DemoInMemoryAuthProvider implements OAuthServerProvider {
|
|
60
|
+
clientsStore: DemoInMemoryClientsStore;
|
|
61
|
+
private codes;
|
|
62
|
+
private tokens;
|
|
63
|
+
authorize(client: OAuthClientInformationFull, params: AuthorizationParams, res: Response): Promise<void>;
|
|
64
|
+
challengeForAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string): Promise<string>;
|
|
65
|
+
exchangeAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string, _codeVerifier?: string): Promise<OAuthTokens>;
|
|
66
|
+
exchangeRefreshToken(_client: OAuthClientInformationFull, _refreshToken: string, _scopes?: string[]): Promise<OAuthTokens>;
|
|
67
|
+
verifyAccessToken(token: string): Promise<AuthInfo>;
|
|
68
|
+
}
|
|
69
|
+
export declare const setupAuthServer: (authServerUrl: URL) => OAuthMetadata;
|
|
70
|
+
//# sourceMappingURL=demoInMemoryOAuthProvider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"demoInMemoryOAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/examples/server/demoInMemoryOAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,0BAA0B,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAgB,EAAW,QAAQ,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAIpD,qBAAa,wBAAyB,YAAW,2BAA2B;IAC1E,OAAO,CAAC,OAAO,CAAiD;IAE1D,SAAS,CAAC,QAAQ,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;IAI1B,cAAc,CAAC,cAAc,EAAE,0BAA0B;;;;;;;;;;;;;;;;;;;;;CAIhE;AAED;;;;;;;GAOG;AACH,qBAAa,wBAAyB,YAAW,mBAAmB;IAClE,YAAY,2BAAkC;IAC9C,OAAO,CAAC,KAAK,CAE4B;IACzC,OAAO,CAAC,MAAM,CAA+B;IAEvC,SAAS,CACb,MAAM,EAAE,0BAA0B,EAClC,MAAM,EAAE,mBAAmB,EAC3B,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IAoBV,6BAA6B,CACjC,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,MAAM,CAAC;IAWZ,yBAAyB,CAC7B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EAGzB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,WAAW,CAAC;IA+BjB,oBAAoB,CACxB,OAAO,EAAE,0BAA0B,EACnC,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,WAAW,CAAC;IAIjB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAa1D;AAGD,eAAO,MAAM,eAAe,kBAAmB,GAAG,KAAG,aA+DpD,CAAA"}
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.setupAuthServer = exports.DemoInMemoryAuthProvider = exports.DemoInMemoryClientsStore = void 0;
|
|
7
|
+
const node_crypto_1 = require("node:crypto");
|
|
8
|
+
const express_1 = __importDefault(require("express"));
|
|
9
|
+
const router_js_1 = require("src/server/auth/router.js");
|
|
10
|
+
class DemoInMemoryClientsStore {
|
|
11
|
+
constructor() {
|
|
12
|
+
this.clients = new Map();
|
|
13
|
+
}
|
|
14
|
+
async getClient(clientId) {
|
|
15
|
+
return this.clients.get(clientId);
|
|
16
|
+
}
|
|
17
|
+
async registerClient(clientMetadata) {
|
|
18
|
+
this.clients.set(clientMetadata.client_id, clientMetadata);
|
|
19
|
+
return clientMetadata;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
exports.DemoInMemoryClientsStore = DemoInMemoryClientsStore;
|
|
23
|
+
/**
|
|
24
|
+
* 🚨 DEMO ONLY - NOT FOR PRODUCTION
|
|
25
|
+
*
|
|
26
|
+
* This example demonstrates MCP OAuth flow but lacks some of the features required for production use,
|
|
27
|
+
* for example:
|
|
28
|
+
* - Persistent token storage
|
|
29
|
+
* - Rate limiting
|
|
30
|
+
*/
|
|
31
|
+
class DemoInMemoryAuthProvider {
|
|
32
|
+
constructor() {
|
|
33
|
+
this.clientsStore = new DemoInMemoryClientsStore();
|
|
34
|
+
this.codes = new Map();
|
|
35
|
+
this.tokens = new Map();
|
|
36
|
+
}
|
|
37
|
+
async authorize(client, params, res) {
|
|
38
|
+
const code = (0, node_crypto_1.randomUUID)();
|
|
39
|
+
const searchParams = new URLSearchParams({
|
|
40
|
+
code,
|
|
41
|
+
});
|
|
42
|
+
if (params.state !== undefined) {
|
|
43
|
+
searchParams.set('state', params.state);
|
|
44
|
+
}
|
|
45
|
+
this.codes.set(code, {
|
|
46
|
+
client,
|
|
47
|
+
params
|
|
48
|
+
});
|
|
49
|
+
const targetUrl = new URL(client.redirect_uris[0]);
|
|
50
|
+
targetUrl.search = searchParams.toString();
|
|
51
|
+
res.redirect(targetUrl.toString());
|
|
52
|
+
}
|
|
53
|
+
async challengeForAuthorizationCode(client, authorizationCode) {
|
|
54
|
+
// Store the challenge with the code data
|
|
55
|
+
const codeData = this.codes.get(authorizationCode);
|
|
56
|
+
if (!codeData) {
|
|
57
|
+
throw new Error('Invalid authorization code');
|
|
58
|
+
}
|
|
59
|
+
return codeData.params.codeChallenge;
|
|
60
|
+
}
|
|
61
|
+
async exchangeAuthorizationCode(client, authorizationCode,
|
|
62
|
+
// Note: code verifier is checked in token.ts by default
|
|
63
|
+
// it's unused here for that reason.
|
|
64
|
+
_codeVerifier) {
|
|
65
|
+
const codeData = this.codes.get(authorizationCode);
|
|
66
|
+
if (!codeData) {
|
|
67
|
+
throw new Error('Invalid authorization code');
|
|
68
|
+
}
|
|
69
|
+
if (codeData.client.client_id !== client.client_id) {
|
|
70
|
+
throw new Error(`Authorization code was not issued to this client, ${codeData.client.client_id} != ${client.client_id}`);
|
|
71
|
+
}
|
|
72
|
+
this.codes.delete(authorizationCode);
|
|
73
|
+
const token = (0, node_crypto_1.randomUUID)();
|
|
74
|
+
const tokenData = {
|
|
75
|
+
token,
|
|
76
|
+
clientId: client.client_id,
|
|
77
|
+
scopes: codeData.params.scopes || [],
|
|
78
|
+
expiresAt: Date.now() + 3600000, // 1 hour
|
|
79
|
+
type: 'access'
|
|
80
|
+
};
|
|
81
|
+
this.tokens.set(token, tokenData);
|
|
82
|
+
return {
|
|
83
|
+
access_token: token,
|
|
84
|
+
token_type: 'bearer',
|
|
85
|
+
expires_in: 3600,
|
|
86
|
+
scope: (codeData.params.scopes || []).join(' '),
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
async exchangeRefreshToken(_client, _refreshToken, _scopes) {
|
|
90
|
+
throw new Error('Not implemented for example demo');
|
|
91
|
+
}
|
|
92
|
+
async verifyAccessToken(token) {
|
|
93
|
+
const tokenData = this.tokens.get(token);
|
|
94
|
+
if (!tokenData || !tokenData.expiresAt || tokenData.expiresAt < Date.now()) {
|
|
95
|
+
throw new Error('Invalid or expired token');
|
|
96
|
+
}
|
|
97
|
+
return {
|
|
98
|
+
token,
|
|
99
|
+
clientId: tokenData.clientId,
|
|
100
|
+
scopes: tokenData.scopes,
|
|
101
|
+
expiresAt: Math.floor(tokenData.expiresAt / 1000),
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
exports.DemoInMemoryAuthProvider = DemoInMemoryAuthProvider;
|
|
106
|
+
const setupAuthServer = (authServerUrl) => {
|
|
107
|
+
// Create separate auth server app
|
|
108
|
+
// NOTE: This is a separate app on a separate port to illustrate
|
|
109
|
+
// how to separate an OAuth Authorization Server from a Resource
|
|
110
|
+
// server in the SDK. The SDK is not intended to be provide a standalone
|
|
111
|
+
// authorization server.
|
|
112
|
+
const provider = new DemoInMemoryAuthProvider();
|
|
113
|
+
const authApp = (0, express_1.default)();
|
|
114
|
+
authApp.use(express_1.default.json());
|
|
115
|
+
// For introspection requests
|
|
116
|
+
authApp.use(express_1.default.urlencoded());
|
|
117
|
+
// Add OAuth routes to the auth server
|
|
118
|
+
// NOTE: this will also add a protected resource metadata route,
|
|
119
|
+
// but it won't be used, so leave it.
|
|
120
|
+
authApp.use((0, router_js_1.mcpAuthRouter)({
|
|
121
|
+
provider,
|
|
122
|
+
issuerUrl: authServerUrl,
|
|
123
|
+
scopesSupported: ['mcp:tools'],
|
|
124
|
+
}));
|
|
125
|
+
authApp.post('/introspect', async (req, res) => {
|
|
126
|
+
try {
|
|
127
|
+
const { token } = req.body;
|
|
128
|
+
if (!token) {
|
|
129
|
+
res.status(400).json({ error: 'Token is required' });
|
|
130
|
+
return;
|
|
131
|
+
}
|
|
132
|
+
const tokenInfo = await provider.verifyAccessToken(token);
|
|
133
|
+
res.json({
|
|
134
|
+
active: true,
|
|
135
|
+
client_id: tokenInfo.clientId,
|
|
136
|
+
scope: tokenInfo.scopes.join(' '),
|
|
137
|
+
exp: tokenInfo.expiresAt
|
|
138
|
+
});
|
|
139
|
+
return;
|
|
140
|
+
}
|
|
141
|
+
catch (error) {
|
|
142
|
+
res.status(401).json({
|
|
143
|
+
active: false,
|
|
144
|
+
error: 'Unauthorized',
|
|
145
|
+
error_description: `Invalid token: ${error}`
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
});
|
|
149
|
+
const auth_port = authServerUrl.port;
|
|
150
|
+
// Start the auth server
|
|
151
|
+
authApp.listen(auth_port, () => {
|
|
152
|
+
console.log(`OAuth Authorization Server listening on port ${auth_port}`);
|
|
153
|
+
});
|
|
154
|
+
// Note: we could fetch this from the server, but then we end up
|
|
155
|
+
// with some top level async which gets annoying.
|
|
156
|
+
const oauthMetadata = (0, router_js_1.createOAuthMetadata)({
|
|
157
|
+
provider,
|
|
158
|
+
issuerUrl: authServerUrl,
|
|
159
|
+
scopesSupported: ['mcp:tools'],
|
|
160
|
+
});
|
|
161
|
+
oauthMetadata.introspection_endpoint = new URL("/introspect", authServerUrl).href;
|
|
162
|
+
return oauthMetadata;
|
|
163
|
+
};
|
|
164
|
+
exports.setupAuthServer = setupAuthServer;
|
|
165
|
+
//# sourceMappingURL=demoInMemoryOAuthProvider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"demoInMemoryOAuthProvider.js","sourceRoot":"","sources":["../../../../src/examples/server/demoInMemoryOAuthProvider.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAIzC,sDAAqD;AAErD,yDAA+E;AAG/E,MAAa,wBAAwB;IAArC;QACU,YAAO,GAAG,IAAI,GAAG,EAAsC,CAAC;IAUlE,CAAC;IARC,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,cAA0C;QAC7D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC3D,OAAO,cAAc,CAAC;IACxB,CAAC;CACF;AAXD,4DAWC;AAED;;;;;;;GAOG;AACH,MAAa,wBAAwB;IAArC;QACE,iBAAY,GAAG,IAAI,wBAAwB,EAAE,CAAC;QACtC,UAAK,GAAG,IAAI,GAAG,EAEiB,CAAC;QACjC,WAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAkG/C,CAAC;IAhGC,KAAK,CAAC,SAAS,CACb,MAAkC,EAClC,MAA2B,EAC3B,GAAa;QAEb,MAAM,IAAI,GAAG,IAAA,wBAAU,GAAE,CAAC;QAE1B,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC;YACvC,IAAI;SACL,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;YACnB,MAAM;YACN,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,MAAkC,EAClC,iBAAyB;QAGzB,yCAAyC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,MAAkC,EAClC,iBAAyB;IACzB,wDAAwD;IACxD,oCAAoC;IACpC,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,qDAAqD,QAAQ,CAAC,MAAM,CAAC,SAAS,OAAO,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3H,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,IAAA,wBAAU,GAAE,CAAC;QAE3B,MAAM,SAAS,GAAG;YAChB,KAAK;YACL,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;YACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,SAAS;YAC1C,IAAI,EAAE,QAAQ;SACf,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAElC,OAAO;YACL,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI;YAChB,KAAK,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAmC,EACnC,aAAqB,EACrB,OAAkB;QAElB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,KAAK;YACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC;SAClD,CAAC;IACJ,CAAC;CACF;AAvGD,4DAuGC;AAGM,MAAM,eAAe,GAAG,CAAC,aAAkB,EAAiB,EAAE;IACnE,kCAAkC;IAClC,gEAAgE;IAChE,gEAAgE;IAChE,wEAAwE;IACxE,wBAAwB;IACxB,MAAM,QAAQ,GAAG,IAAI,wBAAwB,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,IAAA,iBAAO,GAAE,CAAC;IAC1B,OAAO,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5B,6BAA6B;IAC7B,OAAO,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAElC,sCAAsC;IACtC,gEAAgE;IAChE,qCAAqC;IACrC,OAAO,CAAC,GAAG,CAAC,IAAA,yBAAa,EAAC;QACxB,QAAQ;QACR,SAAS,EAAE,aAAa;QACxB,eAAe,EAAE,CAAC,WAAW,CAAC;KAC/B,CAAC,CAAC,CAAC;IAEJ,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC1D,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE,SAAS,CAAC,QAAQ;gBAC7B,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;gBACjC,GAAG,EAAE,SAAS,CAAC,SAAS;aACzB,CAAC,CAAC;YACH,OAAM;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,kBAAkB,KAAK,EAAE;aAC7C,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC;IACrC,wBAAwB;IACxB,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,gDAAgD,SAAS,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,gEAAgE;IAChE,iDAAiD;IACjD,MAAM,aAAa,GAAkB,IAAA,+BAAmB,EAAC;QACvD,QAAQ;QACR,SAAS,EAAE,aAAa;QACxB,eAAe,EAAE,CAAC,WAAW,CAAC;KAC/B,CAAC,CAAA;IAEF,aAAa,CAAC,sBAAsB,GAAG,IAAI,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,IAAI,CAAC;IAElF,OAAO,aAAa,CAAC;AACvB,CAAC,CAAA;AA/DY,QAAA,eAAe,mBA+D3B"}
|
|
@@ -8,8 +8,13 @@ const node_crypto_1 = require("node:crypto");
|
|
|
8
8
|
const zod_1 = require("zod");
|
|
9
9
|
const mcp_js_1 = require("../../server/mcp.js");
|
|
10
10
|
const streamableHttp_js_1 = require("../../server/streamableHttp.js");
|
|
11
|
+
const router_js_1 = require("../../server/auth/router.js");
|
|
12
|
+
const bearerAuth_js_1 = require("../../server/auth/middleware/bearerAuth.js");
|
|
11
13
|
const types_js_1 = require("../../types.js");
|
|
12
14
|
const inMemoryEventStore_js_1 = require("../shared/inMemoryEventStore.js");
|
|
15
|
+
const demoInMemoryOAuthProvider_js_1 = require("./demoInMemoryOAuthProvider.js");
|
|
16
|
+
// Check for OAuth flag
|
|
17
|
+
const useOAuth = process.argv.includes('--oauth');
|
|
13
18
|
// Create an MCP server with implementation details
|
|
14
19
|
const getServer = () => {
|
|
15
20
|
const server = new mcp_js_1.McpServer({
|
|
@@ -123,12 +128,66 @@ const getServer = () => {
|
|
|
123
128
|
});
|
|
124
129
|
return server;
|
|
125
130
|
};
|
|
131
|
+
const MCP_PORT = 3000;
|
|
132
|
+
const AUTH_PORT = 3001;
|
|
126
133
|
const app = (0, express_1.default)();
|
|
127
134
|
app.use(express_1.default.json());
|
|
135
|
+
// Set up OAuth if enabled
|
|
136
|
+
let authMiddleware = null;
|
|
137
|
+
if (useOAuth) {
|
|
138
|
+
// Create auth middleware for MCP endpoints
|
|
139
|
+
const mcpServerUrl = new URL(`http://localhost:${MCP_PORT}`);
|
|
140
|
+
const authServerUrl = new URL(`http://localhost:${AUTH_PORT}`);
|
|
141
|
+
const oauthMetadata = (0, demoInMemoryOAuthProvider_js_1.setupAuthServer)(authServerUrl);
|
|
142
|
+
const tokenVerifier = {
|
|
143
|
+
verifyAccessToken: async (token) => {
|
|
144
|
+
const endpoint = oauthMetadata.introspection_endpoint;
|
|
145
|
+
if (!endpoint) {
|
|
146
|
+
throw new Error('No token verification endpoint available in metadata');
|
|
147
|
+
}
|
|
148
|
+
const response = await fetch(endpoint, {
|
|
149
|
+
method: 'POST',
|
|
150
|
+
headers: {
|
|
151
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
152
|
+
},
|
|
153
|
+
body: new URLSearchParams({
|
|
154
|
+
token: token
|
|
155
|
+
}).toString()
|
|
156
|
+
});
|
|
157
|
+
if (!response.ok) {
|
|
158
|
+
throw new Error(`Invalid or expired token: ${await response.text()}`);
|
|
159
|
+
}
|
|
160
|
+
const data = await response.json();
|
|
161
|
+
// Convert the response to AuthInfo format
|
|
162
|
+
return {
|
|
163
|
+
token,
|
|
164
|
+
clientId: data.client_id,
|
|
165
|
+
scopes: data.scope ? data.scope.split(' ') : [],
|
|
166
|
+
expiresAt: data.exp,
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
};
|
|
170
|
+
// Add metadata routes to the main MCP server
|
|
171
|
+
app.use((0, router_js_1.mcpAuthMetadataRouter)({
|
|
172
|
+
oauthMetadata,
|
|
173
|
+
resourceServerUrl: mcpServerUrl,
|
|
174
|
+
scopesSupported: ['mcp:tools'],
|
|
175
|
+
resourceName: 'MCP Demo Server',
|
|
176
|
+
}));
|
|
177
|
+
authMiddleware = (0, bearerAuth_js_1.requireBearerAuth)({
|
|
178
|
+
verifier: tokenVerifier,
|
|
179
|
+
requiredScopes: ['mcp:tools'],
|
|
180
|
+
resourceMetadataUrl: (0, router_js_1.getOAuthProtectedResourceMetadataUrl)(mcpServerUrl),
|
|
181
|
+
});
|
|
182
|
+
}
|
|
128
183
|
// Map to store transports by session ID
|
|
129
184
|
const transports = {};
|
|
130
|
-
|
|
185
|
+
// MCP POST endpoint with optional auth
|
|
186
|
+
const mcpPostHandler = async (req, res) => {
|
|
131
187
|
console.log('Received MCP request:', req.body);
|
|
188
|
+
if (useOAuth && req.auth) {
|
|
189
|
+
console.log('Authenticated user:', req.auth);
|
|
190
|
+
}
|
|
132
191
|
try {
|
|
133
192
|
// Check for existing session ID
|
|
134
193
|
const sessionId = req.headers['mcp-session-id'];
|
|
@@ -194,14 +253,24 @@ app.post('/mcp', async (req, res) => {
|
|
|
194
253
|
});
|
|
195
254
|
}
|
|
196
255
|
}
|
|
197
|
-
}
|
|
256
|
+
};
|
|
257
|
+
// Set up routes with conditional auth middleware
|
|
258
|
+
if (useOAuth && authMiddleware) {
|
|
259
|
+
app.post('/mcp', authMiddleware, mcpPostHandler);
|
|
260
|
+
}
|
|
261
|
+
else {
|
|
262
|
+
app.post('/mcp', mcpPostHandler);
|
|
263
|
+
}
|
|
198
264
|
// Handle GET requests for SSE streams (using built-in support from StreamableHTTP)
|
|
199
|
-
|
|
265
|
+
const mcpGetHandler = async (req, res) => {
|
|
200
266
|
const sessionId = req.headers['mcp-session-id'];
|
|
201
267
|
if (!sessionId || !transports[sessionId]) {
|
|
202
268
|
res.status(400).send('Invalid or missing session ID');
|
|
203
269
|
return;
|
|
204
270
|
}
|
|
271
|
+
if (useOAuth && req.auth) {
|
|
272
|
+
console.log('Authenticated SSE connection from user:', req.auth);
|
|
273
|
+
}
|
|
205
274
|
// Check for Last-Event-ID header for resumability
|
|
206
275
|
const lastEventId = req.headers['last-event-id'];
|
|
207
276
|
if (lastEventId) {
|
|
@@ -212,9 +281,16 @@ app.get('/mcp', async (req, res) => {
|
|
|
212
281
|
}
|
|
213
282
|
const transport = transports[sessionId];
|
|
214
283
|
await transport.handleRequest(req, res);
|
|
215
|
-
}
|
|
284
|
+
};
|
|
285
|
+
// Set up GET route with conditional auth middleware
|
|
286
|
+
if (useOAuth && authMiddleware) {
|
|
287
|
+
app.get('/mcp', authMiddleware, mcpGetHandler);
|
|
288
|
+
}
|
|
289
|
+
else {
|
|
290
|
+
app.get('/mcp', mcpGetHandler);
|
|
291
|
+
}
|
|
216
292
|
// Handle DELETE requests for session termination (according to MCP spec)
|
|
217
|
-
|
|
293
|
+
const mcpDeleteHandler = async (req, res) => {
|
|
218
294
|
const sessionId = req.headers['mcp-session-id'];
|
|
219
295
|
if (!sessionId || !transports[sessionId]) {
|
|
220
296
|
res.status(400).send('Invalid or missing session ID');
|
|
@@ -231,11 +307,16 @@ app.delete('/mcp', async (req, res) => {
|
|
|
231
307
|
res.status(500).send('Error processing session termination');
|
|
232
308
|
}
|
|
233
309
|
}
|
|
234
|
-
}
|
|
235
|
-
//
|
|
236
|
-
|
|
237
|
-
app.
|
|
238
|
-
|
|
310
|
+
};
|
|
311
|
+
// Set up DELETE route with conditional auth middleware
|
|
312
|
+
if (useOAuth && authMiddleware) {
|
|
313
|
+
app.delete('/mcp', authMiddleware, mcpDeleteHandler);
|
|
314
|
+
}
|
|
315
|
+
else {
|
|
316
|
+
app.delete('/mcp', mcpDeleteHandler);
|
|
317
|
+
}
|
|
318
|
+
app.listen(MCP_PORT, () => {
|
|
319
|
+
console.log(`MCP Streamable HTTP Server listening on port ${MCP_PORT}`);
|
|
239
320
|
});
|
|
240
321
|
// Handle server shutdown
|
|
241
322
|
process.on('SIGINT', async () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simpleStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleStreamableHttp.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,6CAAyC;AACzC,6BAAwB;AACxB,gDAAgD;AAChD,sEAA+E;AAC/E,6CAA0G;AAC1G,2EAAqE;
|
|
1
|
+
{"version":3,"file":"simpleStreamableHttp.js","sourceRoot":"","sources":["../../../../src/examples/server/simpleStreamableHttp.ts"],"names":[],"mappings":";;;;;AAAA,sDAAqD;AACrD,6CAAyC;AACzC,6BAAwB;AACxB,gDAAgD;AAChD,sEAA+E;AAC/E,2DAA0G;AAC1G,8EAA+E;AAC/E,6CAA0G;AAC1G,2EAAqE;AACrE,iFAAiE;AAGjE,uBAAuB;AACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAElD,mDAAmD;AACnD,MAAM,SAAS,GAAG,GAAG,EAAE;IACrB,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,OAAO;KACjB,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAEtC,iDAAiD;IACjD,MAAM,CAAC,IAAI,CACT,OAAO,EACP,wBAAwB,EACxB;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;KAC3C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA2B,EAAE;QAC1C,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,UAAU,IAAI,GAAG;iBACxB;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,sFAAsF;IACtF,MAAM,CAAC,IAAI,CACT,aAAa,EACb,gEAAgE,EAChE;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;KAC3C,EACD;QACE,KAAK,EAAE,wBAAwB;QAC/B,YAAY,EAAE,IAAI;QAClB,aAAa,EAAE,KAAK;KACrB,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAA2B,EAAE;QAChE,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAE9E,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,4BAA4B,IAAI,EAAE,EAAE;SACrE,CAAC,CAAC;QAEH,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,sCAAsC;QAEzD,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,6BAA6B,IAAI,EAAE,EAAE;SACrE,CAAC,CAAC;QAEH,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,6CAA6C;QAEhE,MAAM,gBAAgB,CAAC;YACrB,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,IAAI,EAAE,EAAE;SACtE,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,iBAAiB,IAAI,GAAG;iBAC/B;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,2BAA2B;IAC3B,MAAM,CAAC,MAAM,CACX,mBAAmB,EACnB,mCAAmC,EACnC;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;KACzD,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAA4B,EAAE;QAC3C,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,gBAAgB,IAAI,wBAAwB;qBACnD;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,wDAAwD;IACxD,MAAM,CAAC,IAAI,CACT,2BAA2B,EAC3B,gEAAgE,EAChE;QACE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAC5F,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;KACtF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAA2B,EAAE;QAC3E,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,OAAO,KAAK,KAAK,CAAC,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC;YACtC,OAAO,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,gBAAgB,CAAC;oBACrB,MAAM,EAAE,uBAAuB;oBAC/B,MAAM,EAAE;wBACN,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,0BAA0B,OAAO,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;qBACzE;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACtD,CAAC;YACD,kCAAkC;YAClC,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,gDAAgD,QAAQ,IAAI;iBACnE;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,0CAA0C;IAC1C,MAAM,CAAC,QAAQ,CACb,mBAAmB,EACnB,uCAAuC,EACvC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAC1B,KAAK,IAAiC,EAAE;QACtC,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,GAAG,EAAE,uCAAuC;oBAC5C,IAAI,EAAE,eAAe;iBACtB;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,QAAQ,GAAG,IAAI,CAAC;AACtB,MAAM,SAAS,GAAG,IAAI,CAAC;AAEvB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAExB,0BAA0B;AAC1B,IAAI,cAAc,GAAG,IAAI,CAAC;AAC1B,IAAI,QAAQ,EAAE,CAAC;IACb,2CAA2C;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,oBAAoB,SAAS,EAAE,CAAC,CAAC;IAE/D,MAAM,aAAa,GAAkB,IAAA,8CAAe,EAAC,aAAa,CAAC,CAAC;IAEpE,MAAM,aAAa,GAAG;QACpB,iBAAiB,EAAE,KAAK,EAAE,KAAa,EAAE,EAAE;YACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,sBAAsB,CAAC;YAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;YAC1E,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,KAAK,EAAE,KAAK;iBACb,CAAC,CAAC,QAAQ,EAAE;aACd,CAAC,CAAC;YAGH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,0CAA0C;YAC1C,OAAO;gBACL,KAAK;gBACL,QAAQ,EAAE,IAAI,CAAC,SAAS;gBACxB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,SAAS,EAAE,IAAI,CAAC,GAAG;aACpB,CAAC;QACJ,CAAC;KACF,CAAA;IACD,6CAA6C;IAC7C,GAAG,CAAC,GAAG,CAAC,IAAA,iCAAqB,EAAC;QAC5B,aAAa;QACb,iBAAiB,EAAE,YAAY;QAC/B,eAAe,EAAE,CAAC,WAAW,CAAC;QAC9B,YAAY,EAAE,iBAAiB;KAChC,CAAC,CAAC,CAAC;IAEJ,cAAc,GAAG,IAAA,iCAAiB,EAAC;QACjC,QAAQ,EAAE,aAAa;QACvB,cAAc,EAAE,CAAC,WAAW,CAAC;QAC7B,mBAAmB,EAAE,IAAA,gDAAoC,EAAC,YAAY,CAAC;KACxE,CAAC,CAAC;AACL,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,GAA2D,EAAE,CAAC;AAE9E,uCAAuC;AACvC,MAAM,cAAc,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC3D,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,2BAA2B;YAC3B,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,6BAA6B;YAC7B,MAAM,UAAU,GAAG,IAAI,0CAAkB,EAAE,CAAC;YAC5C,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC5C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,UAAU,EAAE,sBAAsB;gBAClC,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;oBAClC,gEAAgE;oBAChE,wFAAwF;oBACxF,OAAO,CAAC,GAAG,CAAC,gCAAgC,SAAS,EAAE,CAAC,CAAC;oBACzD,UAAU,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;gBACpC,CAAC;aACF,CAAC,CAAC;YAEH,2DAA2D;YAC3D,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACvB,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;gBAChC,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,gCAAgC,CAAC,CAAC;oBACjF,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC;YAEF,sEAAsE;YACtE,wDAAwD;YACxD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEhC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,CAAC,kBAAkB;QAC5B,CAAC;aAAM,CAAC;YACN,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,2CAA2C;iBACrD;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oEAAoE;QACpE,4DAA4D;QAC5D,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,uBAAuB;iBACjC;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAEF,iDAAiD;AACjD,IAAI,QAAQ,IAAI,cAAc,EAAE,CAAC;IAC/B,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;AACnD,CAAC;KAAM,CAAC;IACN,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACnC,CAAC;AAED,mFAAmF;AACnF,MAAM,aAAa,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC1D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACnE,CAAC;IAED,kDAAkD;IAClD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAuB,CAAC;IACvE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,WAAW,EAAE,CAAC,CAAC;IACxE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,oDAAoD;AACpD,IAAI,QAAQ,IAAI,cAAc,EAAE,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;AACjD,CAAC;KAAM,CAAC;IACN,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AACjC,CAAC;AAED,yEAAyE;AACzE,MAAM,gBAAgB,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,oDAAoD,SAAS,EAAE,CAAC,CAAC;IAE7E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAEF,uDAAuD;AACvD,IAAI,QAAQ,IAAI,cAAc,EAAE,CAAC;IAC/B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;AACvD,CAAC;KAAM,CAAC;IACN,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;AACvC,CAAC;AAED,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,EAAE;IACxB,OAAO,CAAC,GAAG,CAAC,gDAAgD,QAAQ,EAAE,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEH,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAEvC,6DAA6D;IAC7D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;YAC1D,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;YACpC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { RequestHandler } from "express";
|
|
2
|
-
import { OAuthMetadata } from "../../../shared/auth.js";
|
|
3
|
-
export declare function metadataHandler(metadata: OAuthMetadata): RequestHandler;
|
|
2
|
+
import { OAuthMetadata, OAuthProtectedResourceMetadata } from "../../../shared/auth.js";
|
|
3
|
+
export declare function metadataHandler(metadata: OAuthMetadata | OAuthProtectedResourceMetadata): RequestHandler;
|
|
4
4
|
//# sourceMappingURL=metadata.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,8BAA8B,EAAE,MAAM,yBAAyB,CAAC;AAIxF,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,8BAA8B,GAAG,cAAc,CAaxG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":";;;;;AAKA,0CAaC;AAlBD,sDAAkD;AAElD,gDAAwB;AACxB,uEAAiE;AAEjE,SAAgB,eAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":";;;;;AAKA,0CAaC;AAlBD,sDAAkD;AAElD,gDAAwB;AACxB,uEAAiE;AAEjE,SAAgB,eAAe,CAAC,QAAwD;IACtF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAiBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CA6G1G"}
|
|
@@ -18,6 +18,7 @@ const TokenRequestSchema = zod_1.z.object({
|
|
|
18
18
|
const AuthorizationCodeGrantSchema = zod_1.z.object({
|
|
19
19
|
code: zod_1.z.string(),
|
|
20
20
|
code_verifier: zod_1.z.string(),
|
|
21
|
+
redirect_uri: zod_1.z.string().optional(),
|
|
21
22
|
});
|
|
22
23
|
const RefreshTokenGrantSchema = zod_1.z.object({
|
|
23
24
|
refresh_token: zod_1.z.string(),
|
|
@@ -63,7 +64,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
63
64
|
if (!parseResult.success) {
|
|
64
65
|
throw new errors_js_1.InvalidRequestError(parseResult.error.message);
|
|
65
66
|
}
|
|
66
|
-
const { code, code_verifier } = parseResult.data;
|
|
67
|
+
const { code, code_verifier, redirect_uri } = parseResult.data;
|
|
67
68
|
const skipLocalPkceValidation = provider.skipLocalPkceValidation;
|
|
68
69
|
// Perform local PKCE validation unless explicitly skipped
|
|
69
70
|
// (e.g. to validate code_verifier in upstream server)
|
|
@@ -74,7 +75,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
74
75
|
}
|
|
75
76
|
}
|
|
76
77
|
// Passes the code_verifier to the provider if PKCE validation didn't occur locally
|
|
77
|
-
const tokens = await provider.exchangeAuthorizationCode(client, code, skipLocalPkceValidation ? code_verifier : undefined);
|
|
78
|
+
const tokens = await provider.exchangeAuthorizationCode(client, code, skipLocalPkceValidation ? code_verifier : undefined, redirect_uri);
|
|
78
79
|
res.status(200).json(tokens);
|
|
79
80
|
break;
|
|
80
81
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;AAyCA,oCA6GC;AAtJD,6BAAwB;AACxB,sDAAkD;AAElD,gDAAwB;AACxB,mDAAiD;AACjD,+DAAiE;AACjE,2DAA4E;AAC5E,uEAAiE;AACjE,4CAOsB;AAWtB,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACvB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAEH,SAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAuB;IACxF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,IAAA,8BAAS,EAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,4BAA4B;YACrC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,qDAAqD,CAAC,CAAC,gBAAgB,EAAE;YAC3G,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,2BAA2B;gBAC3B,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;gBACjE,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACjD,CAAC;YAED,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBAC1B,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC3D,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAE/D,MAAM,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;oBAEjE,2DAA2D;oBAC3D,sDAAsD;oBACtD,IAAI,CAAC,uBAAuB,EAAE,CAAC;wBAC7B,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,6BAA6B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;wBACjF,IAAI,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;4BAC3D,MAAM,IAAI,6BAAiB,CAAC,4CAA4C,CAAC,CAAC;wBAC5E,CAAC;oBACH,CAAC;oBAED,mFAAmF;oBACnF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACrD,MAAM,EACN,IAAI,EACJ,uBAAuB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EACnD,YAAY,CACb,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACR,CAAC;gBAED,KAAK,eAAe,CAAC,CAAC,CAAC;oBACrB,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC3D,CAAC;oBAED,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAElD,MAAM,MAAM,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;oBAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACR,CAAC;gBAED,0BAA0B;gBAC1B,4BAA4B;gBAE5B;oBACE,MAAM,IAAI,qCAAyB,CACjC,+DAA+D,CAChE,CAAC;YACN,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,15 +1,19 @@
|
|
|
1
1
|
import { RequestHandler } from "express";
|
|
2
|
-
import {
|
|
2
|
+
import { OAuthTokenVerifier } from "../provider.js";
|
|
3
3
|
import { AuthInfo } from "../types.js";
|
|
4
4
|
export type BearerAuthMiddlewareOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A provider used to verify tokens.
|
|
7
7
|
*/
|
|
8
|
-
|
|
8
|
+
verifier: OAuthTokenVerifier;
|
|
9
9
|
/**
|
|
10
10
|
* Optional scopes that the token must have.
|
|
11
11
|
*/
|
|
12
12
|
requiredScopes?: string[];
|
|
13
|
+
/**
|
|
14
|
+
* Optional resource metadata URL to include in WWW-Authenticate header.
|
|
15
|
+
*/
|
|
16
|
+
resourceMetadataUrl?: string;
|
|
13
17
|
};
|
|
14
18
|
declare module "express-serve-static-core" {
|
|
15
19
|
interface Request {
|
|
@@ -23,6 +27,9 @@ declare module "express-serve-static-core" {
|
|
|
23
27
|
* Middleware that requires a valid Bearer token in the Authorization header.
|
|
24
28
|
*
|
|
25
29
|
* This will validate the token with the auth provider and add the resulting auth info to the request object.
|
|
30
|
+
*
|
|
31
|
+
* If resourceMetadataUrl is provided, it will be included in the WWW-Authenticate header
|
|
32
|
+
* for 401 responses as per the OAuth 2.0 Protected Resource Metadata spec.
|
|
26
33
|
*/
|
|
27
|
-
export declare function requireBearerAuth({
|
|
34
|
+
export declare function requireBearerAuth({ verifier, requiredScopes, resourceMetadataUrl }: BearerAuthMiddlewareOptions): RequestHandler;
|
|
28
35
|
//# sourceMappingURL=bearerAuth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;IACxC;;OAEG;IACH,QAAQ,EAAE,kBAAkB,CAAC;IAE7B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,OAAO,QAAQ,2BAA2B,CAAC;IACzC,UAAU,OAAO;QACf;;WAEG;QACH,IAAI,CAAC,EAAE,QAAQ,CAAC;KACjB;CACF;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAmB,EAAE,mBAAmB,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAyDrI"}
|
|
@@ -6,8 +6,11 @@ const errors_js_1 = require("../errors.js");
|
|
|
6
6
|
* Middleware that requires a valid Bearer token in the Authorization header.
|
|
7
7
|
*
|
|
8
8
|
* This will validate the token with the auth provider and add the resulting auth info to the request object.
|
|
9
|
+
*
|
|
10
|
+
* If resourceMetadataUrl is provided, it will be included in the WWW-Authenticate header
|
|
11
|
+
* for 401 responses as per the OAuth 2.0 Protected Resource Metadata spec.
|
|
9
12
|
*/
|
|
10
|
-
function requireBearerAuth({
|
|
13
|
+
function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl }) {
|
|
11
14
|
return async (req, res, next) => {
|
|
12
15
|
try {
|
|
13
16
|
const authHeader = req.headers.authorization;
|
|
@@ -18,7 +21,7 @@ function requireBearerAuth({ provider, requiredScopes = [] }) {
|
|
|
18
21
|
if (type.toLowerCase() !== 'bearer' || !token) {
|
|
19
22
|
throw new errors_js_1.InvalidTokenError("Invalid Authorization header format, expected 'Bearer TOKEN'");
|
|
20
23
|
}
|
|
21
|
-
const authInfo = await
|
|
24
|
+
const authInfo = await verifier.verifyAccessToken(token);
|
|
22
25
|
// Check if token has the required scopes (if any)
|
|
23
26
|
if (requiredScopes.length > 0) {
|
|
24
27
|
const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope));
|
|
@@ -35,11 +38,17 @@ function requireBearerAuth({ provider, requiredScopes = [] }) {
|
|
|
35
38
|
}
|
|
36
39
|
catch (error) {
|
|
37
40
|
if (error instanceof errors_js_1.InvalidTokenError) {
|
|
38
|
-
|
|
41
|
+
const wwwAuthValue = resourceMetadataUrl
|
|
42
|
+
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
43
|
+
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
44
|
+
res.set("WWW-Authenticate", wwwAuthValue);
|
|
39
45
|
res.status(401).json(error.toResponseObject());
|
|
40
46
|
}
|
|
41
47
|
else if (error instanceof errors_js_1.InsufficientScopeError) {
|
|
42
|
-
|
|
48
|
+
const wwwAuthValue = resourceMetadataUrl
|
|
49
|
+
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
50
|
+
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
51
|
+
res.set("WWW-Authenticate", wwwAuthValue);
|
|
43
52
|
res.status(403).json(error.toResponseObject());
|
|
44
53
|
}
|
|
45
54
|
else if (error instanceof errors_js_1.ServerError) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;AAuCA,8CAyDC;AA/FD,4CAAkG;AA8BlG;;;;;;;GAOG;AACH,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;IACnH,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAC9D,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9C,MAAM,IAAI,6BAAiB,CAAC,8DAA8D,CAAC,CAAC;YAC9F,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAEzD,kDAAkD;YAClD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAChD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAChC,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,kCAAsB,CAAC,oBAAoB,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,gCAAgC;YAChC,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACnE,MAAM,IAAI,6BAAiB,CAAC,mBAAmB,CAAC,CAAC;YACnD,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,6BAAiB,EAAE,CAAC;gBACvC,MAAM,YAAY,GAAG,mBAAmB;oBACtC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAC9E,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,kCAAsB,EAAE,CAAC;gBACnD,MAAM,YAAY,GAAG,mBAAmB;oBACtC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAC9E,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,uBAAW,EAAE,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,KAAK,CAAC,CAAC;gBACtE,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -31,7 +31,7 @@ export interface OAuthServerProvider {
|
|
|
31
31
|
/**
|
|
32
32
|
* Exchanges an authorization code for an access token.
|
|
33
33
|
*/
|
|
34
|
-
exchangeAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string, codeVerifier?: string): Promise<OAuthTokens>;
|
|
34
|
+
exchangeAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string, codeVerifier?: string, redirectUri?: string): Promise<OAuthTokens>;
|
|
35
35
|
/**
|
|
36
36
|
* Exchanges a refresh token for an access token.
|
|
37
37
|
*/
|
|
@@ -55,4 +55,13 @@ export interface OAuthServerProvider {
|
|
|
55
55
|
*/
|
|
56
56
|
skipLocalPkceValidation?: boolean;
|
|
57
57
|
}
|
|
58
|
+
/**
|
|
59
|
+
* Slim implementation useful for token verification
|
|
60
|
+
*/
|
|
61
|
+
export interface OAuthTokenVerifier {
|
|
62
|
+
/**
|
|
63
|
+
* Verifies an access token and returns information about it.
|
|
64
|
+
*/
|
|
65
|
+
verifyAccessToken(token: string): Promise<AuthInfo>;
|
|
66
|
+
}
|
|
58
67
|
//# sourceMappingURL=provider.d.ts.map
|