@modelcontextprotocol/sdk 1.23.0 → 1.24.0

package/dist/cjs/client/auth-extensions.d.ts

@@ -0,0 +1,178 @@
+/**
+ * OAuth provider extensions for specialized authentication flows.
+ *
+ * This module provides ready-to-use OAuthClientProvider implementations
+ * for common machine-to-machine authentication scenarios.
+ */
+import { OAuthClientInformation, OAuthClientMetadata, OAuthTokens } from '../shared/auth.js';
+import { AddClientAuthentication, OAuthClientProvider } from './auth.js';
+/**
+ * Helper to produce a private_key_jwt client authentication function.
+ *
+ * Usage:
+ *   const addClientAuth = createPrivateKeyJwtAuth({ issuer, subject, privateKey, alg, audience? });
+ *   // pass addClientAuth as provider.addClientAuthentication implementation
+ */
+export declare function createPrivateKeyJwtAuth(options: {
+    issuer: string;
+    subject: string;
+    privateKey: string | Uint8Array | Record<string, unknown>;
+    alg: string;
+    audience?: string | URL;
+    lifetimeSeconds?: number;
+    claims?: Record<string, unknown>;
+}): AddClientAuthentication;
+/**
+ * Options for creating a ClientCredentialsProvider.
+ */
+export interface ClientCredentialsProviderOptions {
+    /**
+     * The client_id for this OAuth client.
+     */
+    clientId: string;
+    /**
+     * The client_secret for client_secret_basic authentication.
+     */
+    clientSecret: string;
+    /**
+     * Optional client name for metadata.
+     */
+    clientName?: string;
+}
+/**
+ * OAuth provider for client_credentials grant with client_secret_basic authentication.
+ *
+ * This provider is designed for machine-to-machine authentication where
+ * the client authenticates using a client_id and client_secret.
+ *
+ * @example
+ * const provider = new ClientCredentialsProvider({
+ *   clientId: 'my-client',
+ *   clientSecret: 'my-secret'
+ * });
+ *
+ * const transport = new StreamableHTTPClientTransport(serverUrl, {
+ *   authProvider: provider
+ * });
+ */
+export declare class ClientCredentialsProvider implements OAuthClientProvider {
+    private _tokens?;
+    private _clientInfo;
+    private _clientMetadata;
+    constructor(options: ClientCredentialsProviderOptions);
+    get redirectUrl(): undefined;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): OAuthClientInformation;
+    saveClientInformation(info: OAuthClientInformation): void;
+    tokens(): OAuthTokens | undefined;
+    saveTokens(tokens: OAuthTokens): void;
+    redirectToAuthorization(): void;
+    saveCodeVerifier(): void;
+    codeVerifier(): string;
+    prepareTokenRequest(scope?: string): URLSearchParams;
+}
+/**
+ * Options for creating a PrivateKeyJwtProvider.
+ */
+export interface PrivateKeyJwtProviderOptions {
+    /**
+     * The client_id for this OAuth client.
+     */
+    clientId: string;
+    /**
+     * The private key for signing JWT assertions.
+     * Can be a PEM string, Uint8Array, or JWK object.
+     */
+    privateKey: string | Uint8Array | Record<string, unknown>;
+    /**
+     * The algorithm to use for signing (e.g., 'RS256', 'ES256').
+     */
+    algorithm: string;
+    /**
+     * Optional client name for metadata.
+     */
+    clientName?: string;
+    /**
+     * Optional JWT lifetime in seconds (default: 300).
+     */
+    jwtLifetimeSeconds?: number;
+}
+/**
+ * OAuth provider for client_credentials grant with private_key_jwt authentication.
+ *
+ * This provider is designed for machine-to-machine authentication where
+ * the client authenticates using a signed JWT assertion (RFC 7523 Section 2.2).
+ *
+ * @example
+ * const provider = new PrivateKeyJwtProvider({
+ *   clientId: 'my-client',
+ *   privateKey: pemEncodedPrivateKey,
+ *   algorithm: 'RS256'
+ * });
+ *
+ * const transport = new StreamableHTTPClientTransport(serverUrl, {
+ *   authProvider: provider
+ * });
+ */
+export declare class PrivateKeyJwtProvider implements OAuthClientProvider {
+    private _tokens?;
+    private _clientInfo;
+    private _clientMetadata;
+    addClientAuthentication: AddClientAuthentication;
+    constructor(options: PrivateKeyJwtProviderOptions);
+    get redirectUrl(): undefined;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): OAuthClientInformation;
+    saveClientInformation(info: OAuthClientInformation): void;
+    tokens(): OAuthTokens | undefined;
+    saveTokens(tokens: OAuthTokens): void;
+    redirectToAuthorization(): void;
+    saveCodeVerifier(): void;
+    codeVerifier(): string;
+    prepareTokenRequest(scope?: string): URLSearchParams;
+}
+/**
+ * Options for creating a StaticPrivateKeyJwtProvider.
+ */
+export interface StaticPrivateKeyJwtProviderOptions {
+    /**
+     * The client_id for this OAuth client.
+     */
+    clientId: string;
+    /**
+     * A pre-built JWT client assertion to use for authentication.
+     *
+     * This token should already contain the appropriate claims
+     * (iss, sub, aud, exp, etc.) and be signed by the client's key.
+     */
+    jwtBearerAssertion: string;
+    /**
+     * Optional client name for metadata.
+     */
+    clientName?: string;
+}
+/**
+ * OAuth provider for client_credentials grant with a static private_key_jwt assertion.
+ *
+ * This provider mirrors {@link PrivateKeyJwtProvider} but instead of constructing and
+ * signing a JWT on each request, it accepts a pre-built JWT assertion string and
+ * uses it directly for authentication.
+ */
+export declare class StaticPrivateKeyJwtProvider implements OAuthClientProvider {
+    private _tokens?;
+    private _clientInfo;
+    private _clientMetadata;
+    addClientAuthentication: AddClientAuthentication;
+    constructor(options: StaticPrivateKeyJwtProviderOptions);
+    get redirectUrl(): undefined;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): OAuthClientInformation;
+    saveClientInformation(info: OAuthClientInformation): void;
+    tokens(): OAuthTokens | undefined;
+    saveTokens(tokens: OAuthTokens): void;
+    redirectToAuthorization(): void;
+    saveCodeVerifier(): void;
+    codeVerifier(): string;
+    prepareTokenRequest(scope?: string): URLSearchParams;
+}
+//# sourceMappingURL=auth-extensions.d.ts.map

package/dist/cjs/client/auth-extensions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-extensions.d.ts","sourceRoot":"","sources":["../../../src/client/auth-extensions.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7F,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEzE;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,GAAG,uBAAuB,CAgE1B;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC7C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,yBAA0B,YAAW,mBAAmB;IACjE,OAAO,CAAC,OAAO,CAAC,CAAc;IAC9B,OAAO,CAAC,WAAW,CAAyB;IAC5C,OAAO,CAAC,eAAe,CAAsB;gBAEjC,OAAO,EAAE,gCAAgC;IAarD,IAAI,WAAW,IAAI,SAAS,CAE3B;IAED,IAAI,cAAc,IAAI,mBAAmB,CAExC;IAED,iBAAiB,IAAI,sBAAsB;IAI3C,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,IAAI;IAIzD,MAAM,IAAI,WAAW,GAAG,SAAS;IAIjC,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIrC,uBAAuB,IAAI,IAAI;IAI/B,gBAAgB,IAAI,IAAI;IAIxB,YAAY,IAAI,MAAM;IAItB,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe;CAKvD;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IACzC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE1D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,qBAAsB,YAAW,mBAAmB;IAC7D,OAAO,CAAC,OAAO,CAAC,CAAc;IAC9B,OAAO,CAAC,WAAW,CAAyB;IAC5C,OAAO,CAAC,eAAe,CAAsB;IAC7C,uBAAuB,EAAE,uBAAuB,CAAC;gBAErC,OAAO,EAAE,4BAA4B;IAmBjD,IAAI,WAAW,IAAI,SAAS,CAE3B;IAED,IAAI,cAAc,IAAI,mBAAmB,CAExC;IAED,iBAAiB,IAAI,sBAAsB;IAI3C,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,IAAI;IAIzD,MAAM,IAAI,WAAW,GAAG,SAAS;IAIjC,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIrC,uBAAuB,IAAI,IAAI;IAI/B,gBAAgB,IAAI,IAAI;IAIxB,YAAY,IAAI,MAAM;IAItB,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe;CAKvD;AAED;;GAEG;AACH,MAAM,WAAW,kCAAkC;IAC/C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;GAMG;AACH,qBAAa,2BAA4B,YAAW,mBAAmB;IACnE,OAAO,CAAC,OAAO,CAAC,CAAc;IAC9B,OAAO,CAAC,WAAW,CAAyB;IAC5C,OAAO,CAAC,eAAe,CAAsB;IAC7C,uBAAuB,EAAE,uBAAuB,CAAC;gBAErC,OAAO,EAAE,kCAAkC;IAkBvD,IAAI,WAAW,IAAI,SAAS,CAE3B;IAED,IAAI,cAAc,IAAI,mBAAmB,CAExC;IAED,iBAAiB,IAAI,sBAAsB;IAI3C,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,IAAI;IAIzD,MAAM,IAAI,WAAW,GAAG,SAAS;IAIjC,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIrC,uBAAuB,IAAI,IAAI;IAI/B,gBAAgB,IAAI,IAAI;IAIxB,YAAY,IAAI,MAAM;IAItB,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe;CAKvD"}

package/dist/cjs/client/auth-extensions.js

@@ -0,0 +1,300 @@
+"use strict";
+/**
+ * OAuth provider extensions for specialized authentication flows.
+ *
+ * This module provides ready-to-use OAuthClientProvider implementations
+ * for common machine-to-machine authentication scenarios.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StaticPrivateKeyJwtProvider = exports.PrivateKeyJwtProvider = exports.ClientCredentialsProvider = void 0;
+exports.createPrivateKeyJwtAuth = createPrivateKeyJwtAuth;
+/**
+ * Helper to produce a private_key_jwt client authentication function.
+ *
+ * Usage:
+ *   const addClientAuth = createPrivateKeyJwtAuth({ issuer, subject, privateKey, alg, audience? });
+ *   // pass addClientAuth as provider.addClientAuthentication implementation
+ */
+function createPrivateKeyJwtAuth(options) {
+    return async (_headers, params, url, metadata) => {
+        var _a, _b, _c;
+        // Lazy import to avoid heavy dependency unless used
+        if (typeof globalThis.crypto === 'undefined') {
+            throw new TypeError('crypto is not available, please ensure you add have Web Crypto API support for older Node.js versions (see https://github.com/modelcontextprotocol/typescript-sdk#nodejs-web-crypto-globalthiscrypto-compatibility)');
+        }
+        const jose = await Promise.resolve().then(() => __importStar(require('jose')));
+        const audience = String((_b = (_a = options.audience) !== null && _a !== void 0 ? _a : metadata === null || metadata === void 0 ? void 0 : metadata.issuer) !== null && _b !== void 0 ? _b : url);
+        const lifetimeSeconds = (_c = options.lifetimeSeconds) !== null && _c !== void 0 ? _c : 300;
+        const now = Math.floor(Date.now() / 1000);
+        const jti = `${Date.now()}-${Math.random().toString(36).slice(2)}`;
+        const baseClaims = {
+            iss: options.issuer,
+            sub: options.subject,
+            aud: audience,
+            exp: now + lifetimeSeconds,
+            iat: now,
+            jti
+        };
+        const claims = options.claims ? { ...baseClaims, ...options.claims } : baseClaims;
+        // Import key for the requested algorithm
+        const alg = options.alg;
+        let key;
+        if (typeof options.privateKey === 'string') {
+            if (alg.startsWith('RS') || alg.startsWith('ES') || alg.startsWith('PS')) {
+                key = await jose.importPKCS8(options.privateKey, alg);
+            }
+            else if (alg.startsWith('HS')) {
+                key = new TextEncoder().encode(options.privateKey);
+            }
+            else {
+                throw new Error(`Unsupported algorithm ${alg}`);
+            }
+        }
+        else if (options.privateKey instanceof Uint8Array) {
+            if (alg.startsWith('HS')) {
+                key = options.privateKey;
+            }
+            else {
+                // Assume PKCS#8 DER in Uint8Array for asymmetric algorithms
+                key = await jose.importPKCS8(new TextDecoder().decode(options.privateKey), alg);
+            }
+        }
+        else {
+            // Treat as JWK
+            key = await jose.importJWK(options.privateKey, alg);
+        }
+        // Sign JWT
+        const assertion = await new jose.SignJWT(claims)
+            .setProtectedHeader({ alg, typ: 'JWT' })
+            .setIssuer(options.issuer)
+            .setSubject(options.subject)
+            .setAudience(audience)
+            .setIssuedAt(now)
+            .setExpirationTime(now + lifetimeSeconds)
+            .setJti(jti)
+            .sign(key);
+        params.set('client_assertion', assertion);
+        params.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
+    };
+}
+/**
+ * OAuth provider for client_credentials grant with client_secret_basic authentication.
+ *
+ * This provider is designed for machine-to-machine authentication where
+ * the client authenticates using a client_id and client_secret.
+ *
+ * @example
+ * const provider = new ClientCredentialsProvider({
+ *   clientId: 'my-client',
+ *   clientSecret: 'my-secret'
+ * });
+ *
+ * const transport = new StreamableHTTPClientTransport(serverUrl, {
+ *   authProvider: provider
+ * });
+ */
+class ClientCredentialsProvider {
+    constructor(options) {
+        var _a;
+        this._clientInfo = {
+            client_id: options.clientId,
+            client_secret: options.clientSecret
+        };
+        this._clientMetadata = {
+            client_name: (_a = options.clientName) !== null && _a !== void 0 ? _a : 'client-credentials-client',
+            redirect_uris: [],
+            grant_types: ['client_credentials'],
+            token_endpoint_auth_method: 'client_secret_basic'
+        };
+    }
+    get redirectUrl() {
+        return undefined;
+    }
+    get clientMetadata() {
+        return this._clientMetadata;
+    }
+    clientInformation() {
+        return this._clientInfo;
+    }
+    saveClientInformation(info) {
+        this._clientInfo = info;
+    }
+    tokens() {
+        return this._tokens;
+    }
+    saveTokens(tokens) {
+        this._tokens = tokens;
+    }
+    redirectToAuthorization() {
+        throw new Error('redirectToAuthorization is not used for client_credentials flow');
+    }
+    saveCodeVerifier() {
+        // Not used for client_credentials
+    }
+    codeVerifier() {
+        throw new Error('codeVerifier is not used for client_credentials flow');
+    }
+    prepareTokenRequest(scope) {
+        const params = new URLSearchParams({ grant_type: 'client_credentials' });
+        if (scope)
+            params.set('scope', scope);
+        return params;
+    }
+}
+exports.ClientCredentialsProvider = ClientCredentialsProvider;
+/**
+ * OAuth provider for client_credentials grant with private_key_jwt authentication.
+ *
+ * This provider is designed for machine-to-machine authentication where
+ * the client authenticates using a signed JWT assertion (RFC 7523 Section 2.2).
+ *
+ * @example
+ * const provider = new PrivateKeyJwtProvider({
+ *   clientId: 'my-client',
+ *   privateKey: pemEncodedPrivateKey,
+ *   algorithm: 'RS256'
+ * });
+ *
+ * const transport = new StreamableHTTPClientTransport(serverUrl, {
+ *   authProvider: provider
+ * });
+ */
+class PrivateKeyJwtProvider {
+    constructor(options) {
+        var _a;
+        this._clientInfo = {
+            client_id: options.clientId
+        };
+        this._clientMetadata = {
+            client_name: (_a = options.clientName) !== null && _a !== void 0 ? _a : 'private-key-jwt-client',
+            redirect_uris: [],
+            grant_types: ['client_credentials'],
+            token_endpoint_auth_method: 'private_key_jwt'
+        };
+        this.addClientAuthentication = createPrivateKeyJwtAuth({
+            issuer: options.clientId,
+            subject: options.clientId,
+            privateKey: options.privateKey,
+            alg: options.algorithm,
+            lifetimeSeconds: options.jwtLifetimeSeconds
+        });
+    }
+    get redirectUrl() {
+        return undefined;
+    }
+    get clientMetadata() {
+        return this._clientMetadata;
+    }
+    clientInformation() {
+        return this._clientInfo;
+    }
+    saveClientInformation(info) {
+        this._clientInfo = info;
+    }
+    tokens() {
+        return this._tokens;
+    }
+    saveTokens(tokens) {
+        this._tokens = tokens;
+    }
+    redirectToAuthorization() {
+        throw new Error('redirectToAuthorization is not used for client_credentials flow');
+    }
+    saveCodeVerifier() {
+        // Not used for client_credentials
+    }
+    codeVerifier() {
+        throw new Error('codeVerifier is not used for client_credentials flow');
+    }
+    prepareTokenRequest(scope) {
+        const params = new URLSearchParams({ grant_type: 'client_credentials' });
+        if (scope)
+            params.set('scope', scope);
+        return params;
+    }
+}
+exports.PrivateKeyJwtProvider = PrivateKeyJwtProvider;
+/**
+ * OAuth provider for client_credentials grant with a static private_key_jwt assertion.
+ *
+ * This provider mirrors {@link PrivateKeyJwtProvider} but instead of constructing and
+ * signing a JWT on each request, it accepts a pre-built JWT assertion string and
+ * uses it directly for authentication.
+ */
+class StaticPrivateKeyJwtProvider {
+    constructor(options) {
+        var _a;
+        this._clientInfo = {
+            client_id: options.clientId
+        };
+        this._clientMetadata = {
+            client_name: (_a = options.clientName) !== null && _a !== void 0 ? _a : 'static-private-key-jwt-client',
+            redirect_uris: [],
+            grant_types: ['client_credentials'],
+            token_endpoint_auth_method: 'private_key_jwt'
+        };
+        const assertion = options.jwtBearerAssertion;
+        this.addClientAuthentication = async (_headers, params) => {
+            params.set('client_assertion', assertion);
+            params.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
+        };
+    }
+    get redirectUrl() {
+        return undefined;
+    }
+    get clientMetadata() {
+        return this._clientMetadata;
+    }
+    clientInformation() {
+        return this._clientInfo;
+    }
+    saveClientInformation(info) {
+        this._clientInfo = info;
+    }
+    tokens() {
+        return this._tokens;
+    }
+    saveTokens(tokens) {
+        this._tokens = tokens;
+    }
+    redirectToAuthorization() {
+        throw new Error('redirectToAuthorization is not used for client_credentials flow');
+    }
+    saveCodeVerifier() {
+        // Not used for client_credentials
+    }
+    codeVerifier() {
+        throw new Error('codeVerifier is not used for client_credentials flow');
+    }
+    prepareTokenRequest(scope) {
+        const params = new URLSearchParams({ grant_type: 'client_credentials' });
+        if (scope)
+            params.set('scope', scope);
+        return params;
+    }
+}
+exports.StaticPrivateKeyJwtProvider = StaticPrivateKeyJwtProvider;
+//# sourceMappingURL=auth-extensions.js.map

package/dist/cjs/client/auth-extensions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-extensions.js","sourceRoot":"","sources":["../../../src/client/auth-extensions.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,0DAwEC;AA/ED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAQvC;IACG,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE;;QAC7C,oDAAoD;QACpD,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC3C,MAAM,IAAI,SAAS,CACf,qNAAqN,CACxN,CAAC;QACN,CAAC;QAED,MAAM,IAAI,GAAG,wDAAa,MAAM,GAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAA,MAAA,OAAO,CAAC,QAAQ,mCAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,GAAG,CAAC,CAAC;QACrE,MAAM,eAAe,GAAG,MAAA,OAAO,CAAC,eAAe,mCAAI,GAAG,CAAC;QAEvD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAEnE,MAAM,UAAU,GAAG;YACf,GAAG,EAAE,OAAO,CAAC,MAAM;YACnB,GAAG,EAAE,OAAO,CAAC,OAAO;YACpB,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,GAAG,GAAG,eAAe;YAC1B,GAAG,EAAE,GAAG;YACR,GAAG;SACN,CAAC;QACF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,UAAU,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;QAElF,yCAAyC;QACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,IAAI,GAAY,CAAC;QACjB,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvE,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1D,CAAC;iBAAM,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;YACpD,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,UAAU,YAAY,UAAU,EAAE,CAAC;YAClD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACJ,4DAA4D;gBAC5D,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;YACpF,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,eAAe;YACf,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAiB,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC;QAED,WAAW;QACX,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;aAC3C,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;aACvC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC;aACzB,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC;aAC3B,WAAW,CAAC,QAAQ,CAAC;aACrB,WAAW,CAAC,GAAG,CAAC;aAChB,iBAAiB,CAAC,GAAG,GAAG,eAAe,CAAC;aACxC,MAAM,CAAC,GAAG,CAAC;aACX,IAAI,CAAC,GAAwC,CAAC,CAAC;QAEpD,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,wDAAwD,CAAC,CAAC;IAClG,CAAC,CAAC;AACN,CAAC;AAsBD;;;;;;;;;;;;;;;GAeG;AACH,MAAa,yBAAyB;IAKlC,YAAY,OAAyC;;QACjD,IAAI,CAAC,WAAW,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;SACtC,CAAC;QACF,IAAI,CAAC,eAAe,GAAG;YACnB,WAAW,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,2BAA2B;YAC9D,aAAa,EAAE,EAAE;YACjB,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,0BAA0B,EAAE,qBAAqB;SACpD,CAAC;IACN,CAAC;IAED,IAAI,WAAW;QACX,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,cAAc;QACd,OAAO,IAAI,CAAC,eAAe,CAAC;IAChC,CAAC;IAED,iBAAiB;QACb,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,qBAAqB,CAAC,IAA4B;QAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED,MAAM;QACF,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,UAAU,CAAC,MAAmB;QAC1B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IAC1B,CAAC;IAED,uBAAuB;QACnB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACvF,CAAC;IAED,gBAAgB;QACZ,kCAAkC;IACtC,CAAC;IAED,YAAY;QACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,mBAAmB,CAAC,KAAc;QAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,UAAU,EAAE,oBAAoB,EAAE,CAAC,CAAC;QACzE,IAAI,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ;AA3DD,8DA2DC;AAiCD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,qBAAqB;IAM9B,YAAY,OAAqC;;QAC7C,IAAI,CAAC,WAAW,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,QAAQ;SAC9B,CAAC;QACF,IAAI,CAAC,eAAe,GAAG;YACnB,WAAW,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,wBAAwB;YAC3D,aAAa,EAAE,EAAE;YACjB,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,0BAA0B,EAAE,iBAAiB;SAChD,CAAC;QACF,IAAI,CAAC,uBAAuB,GAAG,uBAAuB,CAAC;YACnD,MAAM,EAAE,OAAO,CAAC,QAAQ;YACxB,OAAO,EAAE,OAAO,CAAC,QAAQ;YACzB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,GAAG,EAAE,OAAO,CAAC,SAAS;YACtB,eAAe,EAAE,OAAO,CAAC,kBAAkB;SAC9C,CAAC,CAAC;IACP,CAAC;IAED,IAAI,WAAW;QACX,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,cAAc;QACd,OAAO,IAAI,CAAC,eAAe,CAAC;IAChC,CAAC;IAED,iBAAiB;QACb,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,qBAAqB,CAAC,IAA4B;QAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED,MAAM;QACF,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,UAAU,CAAC,MAAmB;QAC1B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IAC1B,CAAC;IAED,uBAAuB;QACnB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACvF,CAAC;IAED,gBAAgB;QACZ,kCAAkC;IACtC,CAAC;IAED,YAAY;QACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,mBAAmB,CAAC,KAAc;QAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,UAAU,EAAE,oBAAoB,EAAE,CAAC,CAAC;QACzE,IAAI,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ;AAlED,sDAkEC;AAyBD;;;;;;GAMG;AACH,MAAa,2BAA2B;IAMpC,YAAY,OAA2C;;QACnD,IAAI,CAAC,WAAW,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,QAAQ;SAC9B,CAAC;QACF,IAAI,CAAC,eAAe,GAAG;YACnB,WAAW,EAAE,MAAA,OAAO,CAAC,UAAU,mCAAI,+BAA+B;YAClE,aAAa,EAAE,EAAE;YACjB,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,0BAA0B,EAAE,iBAAiB;SAChD,CAAC;QAEF,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC;QAC7C,IAAI,CAAC,uBAAuB,GAAG,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;YACtD,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,wDAAwD,CAAC,CAAC;QAClG,CAAC,CAAC;IACN,CAAC;IAED,IAAI,WAAW;QACX,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,cAAc;QACd,OAAO,IAAI,CAAC,eAAe,CAAC;IAChC,CAAC;IAED,iBAAiB;QACb,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,qBAAqB,CAAC,IAA4B;QAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED,MAAM;QACF,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,UAAU,CAAC,MAAmB;QAC1B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IAC1B,CAAC;IAED,uBAAuB;QACnB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACvF,CAAC;IAED,gBAAgB;QACZ,kCAAkC;IACtC,CAAC;IAED,YAAY;QACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,mBAAmB,CAAC,KAAc;QAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,UAAU,EAAE,oBAAoB,EAAE,CAAC,CAAC;QACzE,IAAI,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ;AAjED,kEAiEC"}

package/dist/cjs/client/auth.d.ts

@@ -1,6 +1,10 @@
 import { OAuthClientMetadata, OAuthClientInformationMixed, OAuthTokens, OAuthMetadata, OAuthClientInformationFull, OAuthProtectedResourceMetadata, AuthorizationServerMetadata } from '../shared/auth.js';
 import { OAuthError } from '../server/auth/errors.js';
 import { FetchLike } from '../shared/transport.js';
+/**
+ * Function type for adding client authentication to token requests.
+ */
+export type AddClientAuthentication = (headers: Headers, params: URLSearchParams, url: string | URL, metadata?: AuthorizationServerMetadata) => void | Promise<void>;
 /**
  * Implements an end-to-end OAuth client to be used with one MCP server.
  *
@@ -11,8 +15,10 @@ import { FetchLike } from '../shared/transport.js';
 export interface OAuthClientProvider {
     /**
      * The URL to redirect the user agent to after authorization.
+     * Return undefined for non-interactive flows that don't require user interaction
+     * (e.g., client_credentials, jwt-bearer).
      */
-    get redirectUrl(): string | URL;
+    get redirectUrl(): string | URL | undefined;
     /**
      * External URL the server should use to fetch client metadata document
      */
@@ -82,7 +88,7 @@ export interface OAuthClientProvider {
      * @param url - The token endpoint URL being called
      * @param metadata - Optional OAuth metadata for the server, which may include supported authentication methods
      */
-    addClientAuthentication?(headers: Headers, params: URLSearchParams, url: string | URL, metadata?: AuthorizationServerMetadata): void | Promise<void>;
+    addClientAuthentication?: AddClientAuthentication;
     /**
      * If defined, overrides the selection and validation of the
      * RFC 8707 Resource Indicator. If left undefined, default
@@ -97,6 +103,43 @@ export interface OAuthClientProvider {
      * This avoids requiring the user to intervene manually.
      */
     invalidateCredentials?(scope: 'all' | 'client' | 'tokens' | 'verifier'): void | Promise<void>;
+    /**
+     * Prepares grant-specific parameters for a token request.
+     *
+     * This optional method allows providers to customize the token request based on
+     * the grant type they support. When implemented, it returns the grant type and
+     * any grant-specific parameters needed for the token exchange.
+     *
+     * If not implemented, the default behavior depends on the flow:
+     * - For authorization code flow: uses code, code_verifier, and redirect_uri
+     * - For client_credentials: detected via grant_types in clientMetadata
+     *
+     * @param scope - Optional scope to request
+     * @returns Grant type and parameters, or undefined to use default behavior
+     *
+     * @example
+     * // For client_credentials grant:
+     * prepareTokenRequest(scope) {
+     *   return {
+     *     grantType: 'client_credentials',
+     *     params: scope ? { scope } : {}
+     *   };
+     * }
+     *
+     * @example
+     * // For authorization_code grant (default behavior):
+     * async prepareTokenRequest() {
+     *   return {
+     *     grantType: 'authorization_code',
+     *     params: {
+     *       code: this.authorizationCode,
+     *       code_verifier: await this.codeVerifier(),
+     *       redirect_uri: String(this.redirectUrl)
+     *     }
+     *   };
+     * }
+     */
+    prepareTokenRequest?(scope?: string): URLSearchParams | Promise<URLSearchParams | undefined> | undefined;
 }
 export type AuthResult = 'AUTHORIZED' | 'REDIRECT';
 export declare class UnauthorizedError extends Error {
@@ -226,6 +269,18 @@ export declare function startAuthorization(authorizationServerUrl: string | URL,
     authorizationUrl: URL;
     codeVerifier: string;
 }>;
+/**
+ * Prepares token request parameters for an authorization code exchange.
+ *
+ * This is the default implementation used by fetchToken when the provider
+ * doesn't implement prepareTokenRequest.
+ *
+ * @param authorizationCode - The authorization code received from the authorization endpoint
+ * @param codeVerifier - The PKCE code verifier
+ * @param redirectUri - The redirect URI used in the authorization request
+ * @returns URLSearchParams for the authorization_code grant
+ */
+export declare function prepareAuthorizationCodeRequest(authorizationCode: string, codeVerifier: string, redirectUri: string | URL): URLSearchParams;
 /**
  * Exchanges an authorization code for an access token with the given server.
  *
@@ -268,6 +323,39 @@ export declare function refreshAuthorization(authorizationServerUrl: string | UR
     addClientAuthentication?: OAuthClientProvider['addClientAuthentication'];
     fetchFn?: FetchLike;
 }): Promise<OAuthTokens>;
+/**
+ * Unified token fetching that works with any grant type via provider.prepareTokenRequest().
+ *
+ * This function provides a single entry point for obtaining tokens regardless of the
+ * OAuth grant type. The provider's prepareTokenRequest() method determines which grant
+ * to use and supplies the grant-specific parameters.
+ *
+ * @param provider - OAuth client provider that implements prepareTokenRequest()
+ * @param authorizationServerUrl - The authorization server's base URL
+ * @param options - Configuration for the token request
+ * @returns Promise resolving to OAuth tokens
+ * @throws {Error} When provider doesn't implement prepareTokenRequest or token fetch fails
+ *
+ * @example
+ * // Provider for client_credentials:
+ * class MyProvider implements OAuthClientProvider {
+ *   prepareTokenRequest(scope) {
+ *     const params = new URLSearchParams({ grant_type: 'client_credentials' });
+ *     if (scope) params.set('scope', scope);
+ *     return params;
+ *   }
+ *   // ... other methods
+ * }
+ *
+ * const tokens = await fetchToken(provider, authServerUrl, { metadata });
+ */
+export declare function fetchToken(provider: OAuthClientProvider, authorizationServerUrl: string | URL, { metadata, resource, authorizationCode, fetchFn }?: {
+    metadata?: AuthorizationServerMetadata;
+    resource?: URL;
+    /** Authorization code for the default authorization_code grant flow */
+    authorizationCode?: string;
+    fetchFn?: FetchLike;
+}): Promise<OAuthTokens>;
 /**
  * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.
  */

package/dist/cjs/client/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EACH,mBAAmB,EAEnB,2BAA2B,EAC3B,WAAW,EACX,aAAa,EACb,0BAA0B,EAC1B,8BAA8B,EAE9B,2BAA2B,EAE9B,MAAM,mBAAmB,CAAC;AAQ3B,OAAO,EAKH,UAAU,EAGb,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAChC;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,CAAC;IAEhC;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAAC;IAE1C;;OAEG;IACH,KAAK,CAAC,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;;;OAIG;IACH,iBAAiB,IAAI,2BAA2B,GAAG,SAAS,GAAG,OAAO,CAAC,2BAA2B,GAAG,SAAS,CAAC,CAAC;IAEhH;;;;;;;OAOG;IACH,qBAAqB,CAAC,CAAC,iBAAiB,EAAE,2BAA2B,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7F;;;OAGG;IACH,MAAM,IAAI,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAErE;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;OAEG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEzC;;;;;;;;;;;;;;;;;OAiBG;IACH,uBAAuB,CAAC,CACpB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,eAAe,EACvB,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,QAAQ,CAAC,EAAE,2BAA2B,GACvC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExB;;;;;;OAMG;IACH,mBAAmB,CAAC,CAAC,SAAS,EAAE,MAAM,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;IAE3F;;;;OAIG;IACH,qBAAqB,CAAC,CAAC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjG;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEnD,qBAAa,iBAAkB,SAAQ,KAAK;gBAC5B,OAAO,CAAC,EAAE,MAAM;CAG/B;AAED,KAAK,gBAAgB,GAAG,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;AAS9E;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,iBAAiB,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAiCnI;AAoED;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CActF;AAED;;;;;GAKG;AACH,wBAAsB,IAAI,CACtB,QAAQ,EAAE,mBAAmB,EAC7B,OAAO,EAAE;IACL,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,GAAG,CAAC;IAC1B,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,UAAU,CAAC,CAgBrB;AAoJD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAQlD;AAED,wBAAsB,iBAAiB,CACnC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,QAAQ,EAAE,mBAAmB,EAC7B,gBAAgB,CAAC,EAAE,8BAA8B,GAClD,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAmB1B;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,QAAQ,GAAG;IAAE,mBAAmB,CAAC,EAAE,GAAG,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA8BzH;AA0BD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,QAAQ,GAAG,GAAG,GAAG,SAAS,CAsBzE;AAED;;;;;GAKG;AACH,wBAAsB,sCAAsC,CACxD,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,EACvE,OAAO,GAAE,SAAiB,GAC3B,OAAO,CAAC,8BAA8B,CAAC,CAczC;AAwFD;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACvC,MAAM,EAAE,MAAM,GAAG,GAAG,EACpB,EACI,sBAAsB,EACtB,eAAe,EAClB,GAAE;IACC,sBAAsB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC;CACvB,EACN,OAAO,GAAE,SAAiB,GAC3B,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CA0BpC;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,sBAAsB,EAAE,MAAM,GAAG,GAAG,GAAG;IAAE,GAAG,EAAE,GAAG,CAAC;IAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAAA;CAAE,EAAE,CAgD/G;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,mCAAmC,CACrD,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,OAAe,EACf,eAAyC,EAC5C,GAAE;IACC,OAAO,CAAC,EAAE,SAAS,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;CACvB,GACP,OAAO,CAAC,2BAA2B,GAAG,SAAS,CAAC,CAwClD;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACpC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,KAAK,EACL,QAAQ,EACX,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,GAAG,CAAC;CAClB,GACF,OAAO,CAAC;IAAE,gBAAgB,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAkD1D;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,qBAAqB,CACvC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,uBAAuB,EACvB,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,uBAAuB,CAAC,EAAE,mBAAmB,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,WAAW,CAAC,CA8CtB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,oBAAoB,CACtC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,YAAY,EACZ,QAAQ,EACR,uBAAuB,EACvB,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,uBAAuB,CAAC,EAAE,mBAAmB,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,WAAW,CAAC,CA+CtB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAChC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,cAAc,EACd,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,cAAc,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,0BAA0B,CAAC,CA0BrC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EACH,mBAAmB,EAEnB,2BAA2B,EAC3B,WAAW,EACX,aAAa,EACb,0BAA0B,EAC1B,8BAA8B,EAE9B,2BAA2B,EAE9B,MAAM,mBAAmB,CAAC;AAQ3B,OAAO,EAKH,UAAU,EAGb,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,CAClC,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,eAAe,EACvB,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,QAAQ,CAAC,EAAE,2BAA2B,KACrC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAChC;;;;OAIG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC;IAE5C;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAAC;IAE1C;;OAEG;IACH,KAAK,CAAC,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;;;OAIG;IACH,iBAAiB,IAAI,2BAA2B,GAAG,SAAS,GAAG,OAAO,CAAC,2BAA2B,GAAG,SAAS,CAAC,CAAC;IAEhH;;;;;;;OAOG;IACH,qBAAqB,CAAC,CAAC,iBAAiB,EAAE,2BAA2B,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7F;;;OAGG;IACH,MAAM,IAAI,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAErE;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;OAEG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEzC;;;;;;;;;;;;;;;;;OAiBG;IACH,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAElD;;;;;;OAMG;IACH,mBAAmB,CAAC,CAAC,SAAS,EAAE,MAAM,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;IAE3F;;;;OAIG;IACH,qBAAqB,CAAC,CAAC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACH,mBAAmB,CAAC,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC,GAAG,SAAS,CAAC;CAC5G;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEnD,qBAAa,iBAAkB,SAAQ,KAAK;gBAC5B,OAAO,CAAC,EAAE,MAAM;CAG/B;AAED,KAAK,gBAAgB,GAAG,qBAAqB,GAAG,oBAAoB,GAAG,MAAM,CAAC;AAS9E;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,iBAAiB,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAiCnI;AAoED;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CActF;AAED;;;;;GAKG;AACH,wBAAsB,IAAI,CACtB,QAAQ,EAAE,mBAAmB,EAC7B,OAAO,EAAE;IACL,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,GAAG,CAAC;IAC1B,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,UAAU,CAAC,CAgBrB;AAkJD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAQlD;AAED,wBAAsB,iBAAiB,CACnC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,QAAQ,EAAE,mBAAmB,EAC7B,gBAAgB,CAAC,EAAE,8BAA8B,GAClD,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAmB1B;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,QAAQ,GAAG;IAAE,mBAAmB,CAAC,EAAE,GAAG,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA8BzH;AA0BD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,QAAQ,GAAG,GAAG,GAAG,SAAS,CAsBzE;AAED;;;;;GAKG;AACH,wBAAsB,sCAAsC,CACxD,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,EACvE,OAAO,GAAE,SAAiB,GAC3B,OAAO,CAAC,8BAA8B,CAAC,CAgBzC;AAwFD;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACvC,MAAM,EAAE,MAAM,GAAG,GAAG,EACpB,EACI,sBAAsB,EACtB,eAAe,EAClB,GAAE;IACC,sBAAsB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC;CACvB,EACN,OAAO,GAAE,SAAiB,GAC3B,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CA4BpC;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,sBAAsB,EAAE,MAAM,GAAG,GAAG,GAAG;IAAE,GAAG,EAAE,GAAG,CAAC;IAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAAA;CAAE,EAAE,CAgD/G;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,mCAAmC,CACrD,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,OAAe,EACf,eAAyC,EAC5C,GAAE;IACC,OAAO,CAAC,EAAE,SAAS,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;CACvB,GACP,OAAO,CAAC,2BAA2B,GAAG,SAAS,CAAC,CAyClD;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACpC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,KAAK,EACL,QAAQ,EACX,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,GAAG,CAAC;CAClB,GACF,OAAO,CAAC;IAAE,gBAAgB,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAkD1D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,+BAA+B,CAC3C,iBAAiB,EAAE,MAAM,EACzB,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAAG,GAAG,GAC1B,eAAe,CAOjB;AAwDD;;;;;;;;;;;GAWG;AACH,wBAAsB,qBAAqB,CACvC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,uBAAuB,EACvB,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,uBAAuB,CAAC,EAAE,mBAAmB,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,WAAW,CAAC,CAWtB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,oBAAoB,CACtC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,iBAAiB,EACjB,YAAY,EACZ,QAAQ,EACR,uBAAuB,EACvB,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,uBAAuB,CAAC,EAAE,mBAAmB,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,WAAW,CAAC,CAiBtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,UAAU,CAC5B,QAAQ,EAAE,mBAAmB,EAC7B,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,OAAO,EACV,GAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,uEAAuE;IACvE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,SAAS,CAAC;CAClB,GACP,OAAO,CAAC,WAAW,CAAC,CA+BtB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAChC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACI,QAAQ,EACR,cAAc,EACd,OAAO,EACV,EAAE;IACC,QAAQ,CAAC,EAAE,2BAA2B,CAAC;IACvC,cAAc,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,SAAS,CAAC;CACvB,GACF,OAAO,CAAC,0BAA0B,CAAC,CA0BrC"}