@modelcontextprotocol/sdk 1.5.0 → 1.6.1

package/dist/cjs/client/auth.d.ts

@@ -0,0 +1,116 @@
+import type { OAuthClientMetadata, OAuthClientInformation, OAuthTokens, OAuthMetadata, OAuthClientInformationFull } from "../shared/auth.js";
+/**
+ * Implements an end-to-end OAuth client to be used with one MCP server.
+ *
+ * This client relies upon a concept of an authorized "session," the exact
+ * meaning of which is application-defined. Tokens, authorization codes, and
+ * code verifiers should not cross different sessions.
+ */
+export interface OAuthClientProvider {
+    /**
+     * The URL to redirect the user agent to after authorization.
+     */
+    get redirectUrl(): string | URL;
+    /**
+     * Metadata about this OAuth client.
+     */
+    get clientMetadata(): OAuthClientMetadata;
+    /**
+     * Loads information about this OAuth client, as registered already with the
+     * server, or returns `undefined` if the client is not registered with the
+     * server.
+     */
+    clientInformation(): OAuthClientInformation | undefined | Promise<OAuthClientInformation | undefined>;
+    /**
+     * If implemented, this permits the OAuth client to dynamically register with
+     * the server. Client information saved this way should later be read via
+     * `clientInformation()`.
+     *
+     * This method is not required to be implemented if client information is
+     * statically known (e.g., pre-registered).
+     */
+    saveClientInformation?(clientInformation: OAuthClientInformationFull): void | Promise<void>;
+    /**
+     * Loads any existing OAuth tokens for the current session, or returns
+     * `undefined` if there are no saved tokens.
+     */
+    tokens(): OAuthTokens | undefined | Promise<OAuthTokens | undefined>;
+    /**
+     * Stores new OAuth tokens for the current session, after a successful
+     * authorization.
+     */
+    saveTokens(tokens: OAuthTokens): void | Promise<void>;
+    /**
+     * Invoked to redirect the user agent to the given URL to begin the authorization flow.
+     */
+    redirectToAuthorization(authorizationUrl: URL): void | Promise<void>;
+    /**
+     * Saves a PKCE code verifier for the current session, before redirecting to
+     * the authorization flow.
+     */
+    saveCodeVerifier(codeVerifier: string): void | Promise<void>;
+    /**
+     * Loads the PKCE code verifier for the current session, necessary to validate
+     * the authorization result.
+     */
+    codeVerifier(): string | Promise<string>;
+}
+export type AuthResult = "AUTHORIZED" | "REDIRECT";
+export declare class UnauthorizedError extends Error {
+    constructor(message?: string);
+}
+/**
+ * Orchestrates the full auth flow with a server.
+ *
+ * This can be used as a single entry point for all authorization functionality,
+ * instead of linking together the other lower-level functions in this module.
+ */
+export declare function auth(provider: OAuthClientProvider, { serverUrl, authorizationCode }: {
+    serverUrl: string | URL;
+    authorizationCode?: string;
+}): Promise<AuthResult>;
+/**
+ * Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata.
+ *
+ * If the server returns a 404 for the well-known endpoint, this function will
+ * return `undefined`. Any other errors will be thrown as exceptions.
+ */
+export declare function discoverOAuthMetadata(serverUrl: string | URL, opts?: {
+    protocolVersion?: string;
+}): Promise<OAuthMetadata | undefined>;
+/**
+ * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
+ */
+export declare function startAuthorization(serverUrl: string | URL, { metadata, clientInformation, redirectUrl, }: {
+    metadata?: OAuthMetadata;
+    clientInformation: OAuthClientInformation;
+    redirectUrl: string | URL;
+}): Promise<{
+    authorizationUrl: URL;
+    codeVerifier: string;
+}>;
+/**
+ * Exchanges an authorization code for an access token with the given server.
+ */
+export declare function exchangeAuthorization(serverUrl: string | URL, { metadata, clientInformation, authorizationCode, codeVerifier, }: {
+    metadata?: OAuthMetadata;
+    clientInformation: OAuthClientInformation;
+    authorizationCode: string;
+    codeVerifier: string;
+}): Promise<OAuthTokens>;
+/**
+ * Exchange a refresh token for an updated access token.
+ */
+export declare function refreshAuthorization(serverUrl: string | URL, { metadata, clientInformation, refreshToken, }: {
+    metadata?: OAuthMetadata;
+    clientInformation: OAuthClientInformation;
+    refreshToken: string;
+}): Promise<OAuthTokens>;
+/**
+ * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.
+ */
+export declare function registerClient(serverUrl: string | URL, { metadata, clientMetadata, }: {
+    metadata?: OAuthMetadata;
+    clientMetadata: OAuthClientMetadata;
+}): Promise<OAuthClientInformationFull>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/cjs/client/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,WAAW,EAAE,aAAa,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAG7I;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,CAAC;IAEhC;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAAC;IAE1C;;;;OAIG;IACH,iBAAiB,IAAI,sBAAsB,GAAG,SAAS,GAAG,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;IAEtG;;;;;;;OAOG;IACH,qBAAqB,CAAC,CAAC,iBAAiB,EAAE,0BAA0B,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5F;;;OAGG;IACH,MAAM,IAAI,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAErE;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;OAEG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEnD,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;;;GAKG;AACH,wBAAsB,IAAI,CACxB,QAAQ,EAAE,mBAAmB,EAC7B,EAAE,SAAS,EAAE,iBAAiB,EAAE,EAAE;IAAE,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAkEhH;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAClC,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CA6BpC;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,WAAW,GACZ,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;CAC3B,GACA,OAAO,CAAC;IAAE,gBAAgB,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAyC1D;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,GACb,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,WAAW,CAAC,CA4CtB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,YAAY,GACb,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,WAAW,CAAC,CA2CtB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,EACE,QAAQ,EACR,cAAc,GACf,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,cAAc,EAAE,mBAAmB,CAAC;CACrC,GACA,OAAO,CAAC,0BAA0B,CAAC,CA0BrC"}

package/dist/cjs/client/auth.js

@@ -0,0 +1,251 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnauthorizedError = void 0;
+exports.auth = auth;
+exports.discoverOAuthMetadata = discoverOAuthMetadata;
+exports.startAuthorization = startAuthorization;
+exports.exchangeAuthorization = exchangeAuthorization;
+exports.refreshAuthorization = refreshAuthorization;
+exports.registerClient = registerClient;
+const pkce_challenge_1 = __importDefault(require("pkce-challenge"));
+const types_js_1 = require("../types.js");
+const auth_js_1 = require("../shared/auth.js");
+class UnauthorizedError extends Error {
+    constructor(message) {
+        super(message !== null && message !== void 0 ? message : "Unauthorized");
+    }
+}
+exports.UnauthorizedError = UnauthorizedError;
+/**
+ * Orchestrates the full auth flow with a server.
+ *
+ * This can be used as a single entry point for all authorization functionality,
+ * instead of linking together the other lower-level functions in this module.
+ */
+async function auth(provider, { serverUrl, authorizationCode }) {
+    const metadata = await discoverOAuthMetadata(serverUrl);
+    // Handle client registration if needed
+    let clientInformation = await Promise.resolve(provider.clientInformation());
+    if (!clientInformation) {
+        if (authorizationCode !== undefined) {
+            throw new Error("Existing OAuth client information is required when exchanging an authorization code");
+        }
+        if (!provider.saveClientInformation) {
+            throw new Error("OAuth client information must be saveable for dynamic registration");
+        }
+        const fullInformation = await registerClient(serverUrl, {
+            metadata,
+            clientMetadata: provider.clientMetadata,
+        });
+        await provider.saveClientInformation(fullInformation);
+        clientInformation = fullInformation;
+    }
+    // Exchange authorization code for tokens
+    if (authorizationCode !== undefined) {
+        const codeVerifier = await provider.codeVerifier();
+        const tokens = await exchangeAuthorization(serverUrl, {
+            metadata,
+            clientInformation,
+            authorizationCode,
+            codeVerifier,
+        });
+        await provider.saveTokens(tokens);
+        return "AUTHORIZED";
+    }
+    const tokens = await provider.tokens();
+    // Handle token refresh or new authorization
+    if (tokens === null || tokens === void 0 ? void 0 : tokens.refresh_token) {
+        try {
+            // Attempt to refresh the token
+            const newTokens = await refreshAuthorization(serverUrl, {
+                metadata,
+                clientInformation,
+                refreshToken: tokens.refresh_token,
+            });
+            await provider.saveTokens(newTokens);
+            return "AUTHORIZED";
+        }
+        catch (error) {
+            console.error("Could not refresh OAuth tokens:", error);
+        }
+    }
+    // Start new authorization flow
+    const { authorizationUrl, codeVerifier } = await startAuthorization(serverUrl, {
+        metadata,
+        clientInformation,
+        redirectUrl: provider.redirectUrl
+    });
+    await provider.saveCodeVerifier(codeVerifier);
+    await provider.redirectToAuthorization(authorizationUrl);
+    return "REDIRECT";
+}
+/**
+ * Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata.
+ *
+ * If the server returns a 404 for the well-known endpoint, this function will
+ * return `undefined`. Any other errors will be thrown as exceptions.
+ */
+async function discoverOAuthMetadata(serverUrl, opts) {
+    var _a;
+    const url = new URL("/.well-known/oauth-authorization-server", serverUrl);
+    let response;
+    try {
+        response = await fetch(url, {
+            headers: {
+                "MCP-Protocol-Version": (_a = opts === null || opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a !== void 0 ? _a : types_js_1.LATEST_PROTOCOL_VERSION
+            }
+        });
+    }
+    catch (error) {
+        // CORS errors come back as TypeError
+        if (error instanceof TypeError) {
+            response = await fetch(url);
+        }
+        else {
+            throw error;
+        }
+    }
+    if (response.status === 404) {
+        return undefined;
+    }
+    if (!response.ok) {
+        throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`);
+    }
+    return auth_js_1.OAuthMetadataSchema.parse(await response.json());
+}
+/**
+ * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
+ */
+async function startAuthorization(serverUrl, { metadata, clientInformation, redirectUrl, }) {
+    const responseType = "code";
+    const codeChallengeMethod = "S256";
+    let authorizationUrl;
+    if (metadata) {
+        authorizationUrl = new URL(metadata.authorization_endpoint);
+        if (!metadata.response_types_supported.includes(responseType)) {
+            throw new Error(`Incompatible auth server: does not support response type ${responseType}`);
+        }
+        if (!metadata.code_challenge_methods_supported ||
+            !metadata.code_challenge_methods_supported.includes(codeChallengeMethod)) {
+            throw new Error(`Incompatible auth server: does not support code challenge method ${codeChallengeMethod}`);
+        }
+    }
+    else {
+        authorizationUrl = new URL("/authorize", serverUrl);
+    }
+    // Generate PKCE challenge
+    const challenge = await (0, pkce_challenge_1.default)();
+    const codeVerifier = challenge.code_verifier;
+    const codeChallenge = challenge.code_challenge;
+    authorizationUrl.searchParams.set("response_type", responseType);
+    authorizationUrl.searchParams.set("client_id", clientInformation.client_id);
+    authorizationUrl.searchParams.set("code_challenge", codeChallenge);
+    authorizationUrl.searchParams.set("code_challenge_method", codeChallengeMethod);
+    authorizationUrl.searchParams.set("redirect_uri", String(redirectUrl));
+    return { authorizationUrl, codeVerifier };
+}
+/**
+ * Exchanges an authorization code for an access token with the given server.
+ */
+async function exchangeAuthorization(serverUrl, { metadata, clientInformation, authorizationCode, codeVerifier, }) {
+    const grantType = "authorization_code";
+    let tokenUrl;
+    if (metadata) {
+        tokenUrl = new URL(metadata.token_endpoint);
+        if (metadata.grant_types_supported &&
+            !metadata.grant_types_supported.includes(grantType)) {
+            throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);
+        }
+    }
+    else {
+        tokenUrl = new URL("/token", serverUrl);
+    }
+    // Exchange code for tokens
+    const params = new URLSearchParams({
+        grant_type: grantType,
+        client_id: clientInformation.client_id,
+        code: authorizationCode,
+        code_verifier: codeVerifier,
+    });
+    if (clientInformation.client_secret) {
+        params.set("client_secret", clientInformation.client_secret);
+    }
+    const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: params,
+    });
+    if (!response.ok) {
+        throw new Error(`Token exchange failed: HTTP ${response.status}`);
+    }
+    return auth_js_1.OAuthTokensSchema.parse(await response.json());
+}
+/**
+ * Exchange a refresh token for an updated access token.
+ */
+async function refreshAuthorization(serverUrl, { metadata, clientInformation, refreshToken, }) {
+    const grantType = "refresh_token";
+    let tokenUrl;
+    if (metadata) {
+        tokenUrl = new URL(metadata.token_endpoint);
+        if (metadata.grant_types_supported &&
+            !metadata.grant_types_supported.includes(grantType)) {
+            throw new Error(`Incompatible auth server: does not support grant type ${grantType}`);
+        }
+    }
+    else {
+        tokenUrl = new URL("/token", serverUrl);
+    }
+    // Exchange refresh token
+    const params = new URLSearchParams({
+        grant_type: grantType,
+        client_id: clientInformation.client_id,
+        refresh_token: refreshToken,
+    });
+    if (clientInformation.client_secret) {
+        params.set("client_secret", clientInformation.client_secret);
+    }
+    const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: params,
+    });
+    if (!response.ok) {
+        throw new Error(`Token refresh failed: HTTP ${response.status}`);
+    }
+    return auth_js_1.OAuthTokensSchema.parse(await response.json());
+}
+/**
+ * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.
+ */
+async function registerClient(serverUrl, { metadata, clientMetadata, }) {
+    let registrationUrl;
+    if (metadata) {
+        if (!metadata.registration_endpoint) {
+            throw new Error("Incompatible auth server: does not support dynamic client registration");
+        }
+        registrationUrl = new URL(metadata.registration_endpoint);
+    }
+    else {
+        registrationUrl = new URL("/register", serverUrl);
+    }
+    const response = await fetch(registrationUrl, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(clientMetadata),
+    });
+    if (!response.ok) {
+        throw new Error(`Dynamic client registration failed: HTTP ${response.status}`);
+    }
+    return auth_js_1.OAuthClientInformationFullSchema.parse(await response.json());
+}
+//# sourceMappingURL=auth.js.map

package/dist/cjs/client/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":";;;;;;AAoFA,oBAoEC;AAQD,sDAgCC;AAKD,gDAoDC;AAKD,sDAyDC;AAKD,oDAsDC;AAKD,wCAmCC;AA1ZD,oEAA2C;AAC3C,0CAAsD;AAEtD,+CAA6G;AAqE7G,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,cAAc,CAAC,CAAC;IACnC,CAAC;CACF;AAJD,8CAIC;AAED;;;;;GAKG;AACI,KAAK,UAAU,IAAI,CACxB,QAA6B,EAC7B,EAAE,SAAS,EAAE,iBAAiB,EAA2D;IACzF,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAExD,uCAAuC;IACvC,IAAI,iBAAiB,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC5E,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE;YACtD,QAAQ;YACR,cAAc,EAAE,QAAQ,CAAC,cAAc;SACxC,CAAC,CAAC;QAEH,MAAM,QAAQ,CAAC,qBAAqB,CAAC,eAAe,CAAC,CAAC;QACtD,iBAAiB,GAAG,eAAe,CAAC;IACtC,CAAC;IAED,yCAAyC;IACzC,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,SAAS,EAAE;YACpD,QAAQ;YACR,iBAAiB;YACjB,iBAAiB;YACjB,YAAY;SACb,CAAC,CAAC;QAEH,MAAM,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC;IAEvC,4CAA4C;IAC5C,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,aAAa,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,+BAA+B;YAC/B,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,SAAS,EAAE;gBACtD,QAAQ;gBACR,iBAAiB;gBACjB,YAAY,EAAE,MAAM,CAAC,aAAa;aACnC,CAAC,CAAC;YAEH,MAAM,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACrC,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE;QAC7E,QAAQ;QACR,iBAAiB;QACjB,WAAW,EAAE,QAAQ,CAAC,WAAW;KAClC,CAAC,CAAC;IAEH,MAAM,QAAQ,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC9C,MAAM,QAAQ,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC;IACzD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAuB,EACvB,IAAmC;;IAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,yCAAyC,EAAE,SAAS,CAAC,CAAC;IAC1E,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC1B,OAAO,EAAE;gBACP,sBAAsB,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,mCAAI,kCAAuB;aACzE;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,qCAAqC;QACrC,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,QAAQ,QAAQ,CAAC,MAAM,2CAA2C,CACnE,CAAC;IACJ,CAAC;IAED,OAAO,6BAAmB,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,kBAAkB,CACtC,SAAuB,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,WAAW,GAKZ;IAED,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,mBAAmB,GAAG,MAAM,CAAC;IAEnC,IAAI,gBAAqB,CAAC;IAC1B,IAAI,QAAQ,EAAE,CAAC;QACb,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CACb,4DAA4D,YAAY,EAAE,CAC3E,CAAC;QACJ,CAAC;QAED,IACE,CAAC,QAAQ,CAAC,gCAAgC;YAC1C,CAAC,QAAQ,CAAC,gCAAgC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EACxE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,oEAAoE,mBAAmB,EAAE,CAC1F,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,MAAM,IAAA,wBAAa,GAAE,CAAC;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,aAAa,CAAC;IAC7C,MAAM,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC;IAE/C,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IACjE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC5E,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IACnE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAC/B,uBAAuB,EACvB,mBAAmB,CACpB,CAAC;IACF,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;IAEvE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAuB,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,GAMb;IAED,MAAM,SAAS,GAAG,oBAAoB,CAAC;IAEvC,IAAI,QAAa,CAAC;IAClB,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAE5C,IACE,QAAQ,CAAC,qBAAqB;YAC9B,CAAC,QAAQ,CAAC,qBAAqB,CAAC,QAAQ,CAAC,SAAS,CAAC,EACnD,CAAC;YACD,MAAM,IAAI,KAAK,CACb,yDAAyD,SAAS,EAAE,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;QACtC,IAAI,EAAE,iBAAiB;QACvB,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,IAAI,iBAAiB,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,2BAAiB,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,oBAAoB,CACxC,SAAuB,EACvB,EACE,QAAQ,EACR,iBAAiB,EACjB,YAAY,GAKb;IAED,MAAM,SAAS,GAAG,eAAe,CAAC;IAElC,IAAI,QAAa,CAAC;IAClB,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAE5C,IACE,QAAQ,CAAC,qBAAqB;YAC9B,CAAC,QAAQ,CAAC,qBAAqB,CAAC,QAAQ,CAAC,SAAS,CAAC,EACnD,CAAC;YACD,MAAM,IAAI,KAAK,CACb,yDAAyD,SAAS,EAAE,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;QACtC,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,IAAI,iBAAiB,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,2BAAiB,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc,CAClC,SAAuB,EACvB,EACE,QAAQ,EACR,cAAc,GAIf;IAED,IAAI,eAAoB,CAAC;IAEzB,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QAED,eAAe,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,eAAe,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;QAC5C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;KACrC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,OAAO,0CAAgC,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AACvE,CAAC"}

package/dist/cjs/client/sse.d.ts

@@ -1,11 +1,45 @@
 import { type ErrorEvent, type EventSourceInit } from "eventsource";
 import { Transport } from "../shared/transport.js";
 import { JSONRPCMessage } from "../types.js";
+import { OAuthClientProvider } from "./auth.js";
 export declare class SseError extends Error {
     readonly code: number | undefined;
     readonly event: ErrorEvent;
     constructor(code: number | undefined, message: string | undefined, event: ErrorEvent);
 }
+/**
+ * Configuration options for the `SSEClientTransport`.
+ */
+export type SSEClientTransportOptions = {
+    /**
+     * An OAuth client provider to use for authentication.
+     *
+     * When an `authProvider` is specified and the SSE connection is started:
+     * 1. The connection is attempted with any existing access token from the `authProvider`.
+     * 2. If the access token has expired, the `authProvider` is used to refresh the token.
+     * 3. If token refresh fails or no access token exists, and auth is required, `OAuthClientProvider.redirectToAuthorization` is called, and an `UnauthorizedError` will be thrown from `connect`/`start`.
+     *
+     * After the user has finished authorizing via their user agent, and is redirected back to the MCP client application, call `SSEClientTransport.finishAuth` with the authorization code before retrying the connection.
+     *
+     * If an `authProvider` is not provided, and auth is required, an `UnauthorizedError` will be thrown.
+     *
+     * `UnauthorizedError` might also be thrown when sending any message over the SSE transport, indicating that the session has expired, and needs to be re-authed and reconnected.
+     */
+    authProvider?: OAuthClientProvider;
+    /**
+     * Customizes the initial SSE request to the server (the request that begins the stream).
+     *
+     * NOTE: Setting this property will prevent an `Authorization` header from
+     * being automatically attached to the SSE request, if an `authProvider` is
+     * also given. This can be worked around by setting the `Authorization` header
+     * manually.
+     */
+    eventSourceInit?: EventSourceInit;
+    /**
+     * Customizes recurring POST requests to the server.
+     */
+    requestInit?: RequestInit;
+};
 /**
  * Client transport for SSE: this will connect to a server using Server-Sent Events for receiving
  * messages and make separate POST requests for sending messages.
@@ -17,14 +51,19 @@ export declare class SSEClientTransport implements Transport {
     private _url;
     private _eventSourceInit?;
     private _requestInit?;
+    private _authProvider?;
     onclose?: () => void;
     onerror?: (error: Error) => void;
     onmessage?: (message: JSONRPCMessage) => void;
-    constructor(url: URL, opts?: {
-        eventSourceInit?: EventSourceInit;
-        requestInit?: RequestInit;
-    });
+    constructor(url: URL, opts?: SSEClientTransportOptions);
+    private _authThenStart;
+    private _commonHeaders;
+    private _startOrAuth;
     start(): Promise<void>;
+    /**
+     * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.
+     */
+    finishAuth(authorizationCode: string): Promise<void>;
     close(): Promise<void>;
     send(message: JSONRPCMessage): Promise<void>;
 }

package/dist/cjs/client/sse.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,KAAK,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AAEnE,qBAAa,QAAS,SAAQ,KAAK;aAEf,IAAI,EAAE,MAAM,GAAG,SAAS;aAExB,KAAK,EAAE,UAAU;gBAFjB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS,EACX,KAAK,EAAE,UAAU;CAIpC;AAED;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAClD,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAC,CAAc;IAEnC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAG5C,GAAG,EAAE,GAAG,EACR,IAAI,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,eAAe,CAAC;QAAC,WAAW,CAAC,EAAE,WAAW,CAAA;KAAE;IAOzE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4DhB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAMtB,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CA6BnD"}
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,KAAK,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAwB,MAAM,aAAa,CAAC;AACnE,OAAO,EAAoB,mBAAmB,EAAqB,MAAM,WAAW,CAAC;AAErF,qBAAa,QAAS,SAAQ,KAAK;aAEf,IAAI,EAAE,MAAM,GAAG,SAAS;aAExB,KAAK,EAAE,UAAU;gBAFjB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxC,OAAO,EAAE,MAAM,GAAG,SAAS,EACX,KAAK,EAAE,UAAU;CAIpC;AAED;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAEnC;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC;AAEF;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,SAAS;IAClD,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAE5C,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;gBAG5C,GAAG,EAAE,GAAG,EACR,IAAI,CAAC,EAAE,yBAAyB;YAQpB,cAAc;YAoBd,cAAc;IAY5B,OAAO,CAAC,YAAY;IAmEd,KAAK;IAUX;;OAEG;IACG,UAAU,CAAC,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAMtB,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAuCnD"}

package/dist/cjs/client/sse.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SSEClientTransport = exports.SseError = void 0;
 const eventsource_1 = require("eventsource");
 const types_js_1 = require("../types.js");
+const auth_js_1 = require("./auth.js");
 class SseError extends Error {
     constructor(code, message, event) {
         super(`SSE error: ${message}`);
@@ -20,16 +21,55 @@ class SSEClientTransport {
         this._url = url;
         this._eventSourceInit = opts === null || opts === void 0 ? void 0 : opts.eventSourceInit;
         this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
+        this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
     }
-    start() {
-        if (this._eventSource) {
-            throw new Error("SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+    async _authThenStart() {
+        var _a;
+        if (!this._authProvider) {
+            throw new auth_js_1.UnauthorizedError("No auth provider");
+        }
+        let result;
+        try {
+            result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url });
+        }
+        catch (error) {
+            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            throw error;
         }
+        if (result !== "AUTHORIZED") {
+            throw new auth_js_1.UnauthorizedError();
+        }
+        return await this._startOrAuth();
+    }
+    async _commonHeaders() {
+        const headers = {};
+        if (this._authProvider) {
+            const tokens = await this._authProvider.tokens();
+            if (tokens) {
+                headers["Authorization"] = `Bearer ${tokens.access_token}`;
+            }
+        }
+        return headers;
+    }
+    _startOrAuth() {
         return new Promise((resolve, reject) => {
-            this._eventSource = new eventsource_1.EventSource(this._url.href, this._eventSourceInit);
+            var _a;
+            this._eventSource = new eventsource_1.EventSource(this._url.href, (_a = this._eventSourceInit) !== null && _a !== void 0 ? _a : {
+                fetch: (url, init) => this._commonHeaders().then((headers) => fetch(url, {
+                    ...init,
+                    headers: {
+                        ...headers,
+                        Accept: "text/event-stream"
+                    }
+                })),
+            });
             this._abortController = new AbortController();
             this._eventSource.onerror = (event) => {
                 var _a;
+                if (event.code === 401 && this._authProvider) {
+                    this._authThenStart().then(resolve, reject);
+                    return;
+                }
                 const error = new SseError(event.code, event.message, event);
                 reject(error);
                 (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
@@ -69,6 +109,24 @@ class SSEClientTransport {
             };
         });
     }
+    async start() {
+        if (this._eventSource) {
+            throw new Error("SSEClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+        }
+        return await this._startOrAuth();
+    }
+    /**
+     * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.
+     */
+    async finishAuth(authorizationCode) {
+        if (!this._authProvider) {
+            throw new auth_js_1.UnauthorizedError("No auth provider");
+        }
+        const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url, authorizationCode });
+        if (result !== "AUTHORIZED") {
+            throw new auth_js_1.UnauthorizedError("Failed to authorize");
+        }
+    }
     async close() {
         var _a, _b, _c;
         (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.abort();
@@ -81,7 +139,8 @@ class SSEClientTransport {
             throw new Error("Not connected");
         }
         try {
-            const headers = new Headers((_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers);
+            const commonHeaders = await this._commonHeaders();
+            const headers = new Headers({ ...commonHeaders, ...(_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers });
             headers.set("content-type", "application/json");
             const init = {
                 ...this._requestInit,
@@ -92,6 +151,14 @@ class SSEClientTransport {
             };
             const response = await fetch(this._endpoint, init);
             if (!response.ok) {
+                if (response.status === 401 && this._authProvider) {
+                    const result = await (0, auth_js_1.auth)(this._authProvider, { serverUrl: this._url });
+                    if (result !== "AUTHORIZED") {
+                        throw new auth_js_1.UnauthorizedError();
+                    }
+                    // Purposely _not_ awaited, so we don't call onerror twice
+                    return this.send(message);
+                }
                 const text = await response.text().catch(() => null);
                 throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);
             }

package/dist/cjs/client/sse.js.map

@@ -1 +1 @@
-{"version":3,"file":"sse.js","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":";;;AAAA,6CAAiF;AAEjF,0CAAmE;AAEnE,MAAa,QAAS,SAAQ,KAAK;IACjC,YACkB,IAAwB,EACxC,OAA2B,EACX,KAAiB;QAEjC,KAAK,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QAJf,SAAI,GAAJ,IAAI,CAAoB;QAExB,UAAK,GAAL,KAAK,CAAY;IAGnC,CAAC;CACF;AARD,4BAQC;AAED;;;GAGG;AACH,MAAa,kBAAkB;IAY7B,YACE,GAAQ,EACR,IAAuE;QAEvE,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,gBAAgB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,CAAC;QAC9C,IAAI,CAAC,YAAY,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,CAAC;IACxC,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,6GAA6G,CAC9G,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,YAAY,GAAG,IAAI,yBAAW,CACjC,IAAI,CAAC,IAAI,CAAC,IAAI,EACd,IAAI,CAAC,gBAAgB,CACtB,CAAC;YACF,IAAI,CAAC,gBAAgB,GAAG,IAAI,eAAe,EAAE,CAAC;YAE9C,IAAI,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;;gBACpC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC7D,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC;YAEF,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,GAAG,EAAE;gBAC9B,+EAA+E;YACjF,CAAC,CAAC;YAEF,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,KAAY,EAAE,EAAE;;gBAC9D,MAAM,YAAY,GAAG,KAAqB,CAAC;gBAE3C,IAAI,CAAC;oBACH,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;oBACvD,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;wBAC/C,MAAM,IAAI,KAAK,CACb,qDAAqD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAC7E,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,CAAC;oBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;oBAE/B,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;oBAClB,OAAO;gBACT,CAAC;gBAED,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,SAAS,GAAG,CAAC,KAAY,EAAE,EAAE;;gBAC7C,MAAM,YAAY,GAAG,KAAqB,CAAC;gBAC3C,IAAI,OAAuB,CAAC;gBAC5B,IAAI,CAAC;oBACH,OAAO,GAAG,+BAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBACtE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;oBAC/B,OAAO;gBACT,CAAC;gBAED,MAAA,IAAI,CAAC,SAAS,qDAAG,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;;QACT,MAAA,IAAI,CAAC,gBAAgB,0CAAE,KAAK,EAAE,CAAC;QAC/B,MAAA,IAAI,CAAC,YAAY,0CAAE,KAAK,EAAE,CAAC;QAC3B,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAuB;;QAChC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAA,IAAI,CAAC,YAAY,0CAAE,OAAO,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG;gBACX,GAAG,IAAI,CAAC,YAAY;gBACpB,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC7B,MAAM,EAAE,MAAA,IAAI,CAAC,gBAAgB,0CAAE,MAAM;aACtC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAEnD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrD,MAAM,IAAI,KAAK,CACb,mCAAmC,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;YAC/B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AApHD,gDAoHC"}
+{"version":3,"file":"sse.js","sourceRoot":"","sources":["../../../src/client/sse.ts"],"names":[],"mappings":";;;AAAA,6CAAiF;AAEjF,0CAAmE;AACnE,uCAAqF;AAErF,MAAa,QAAS,SAAQ,KAAK;IACjC,YACkB,IAAwB,EACxC,OAA2B,EACX,KAAiB;QAEjC,KAAK,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QAJf,SAAI,GAAJ,IAAI,CAAoB;QAExB,UAAK,GAAL,KAAK,CAAY;IAGnC,CAAC;CACF;AARD,4BAQC;AAsCD;;;GAGG;AACH,MAAa,kBAAkB;IAa7B,YACE,GAAQ,EACR,IAAgC;QAEhC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,IAAI,CAAC,gBAAgB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,CAAC;QAC9C,IAAI,CAAC,YAAY,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,CAAC;IAC1C,CAAC;IAEO,KAAK,CAAC,cAAc;;QAC1B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,2BAAiB,CAAC,kBAAkB,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,MAAkB,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAA,cAAI,EAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;YAC/B,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5B,MAAM,IAAI,2BAAiB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,OAAO,GAAgB,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YACjD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,MAAM,CAAC,YAAY,EAAE,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,YAAY;QAClB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;YACrC,IAAI,CAAC,YAAY,GAAG,IAAI,yBAAW,CACjC,IAAI,CAAC,IAAI,CAAC,IAAI,EACd,MAAA,IAAI,CAAC,gBAAgB,mCAAI;gBACvB,KAAK,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;oBACvE,GAAG,IAAI;oBACP,OAAO,EAAE;wBACP,GAAG,OAAO;wBACV,MAAM,EAAE,mBAAmB;qBAC5B;iBACF,CAAC,CAAC;aACJ,CACF,CAAC;YACF,IAAI,CAAC,gBAAgB,GAAG,IAAI,eAAe,EAAE,CAAC;YAE9C,IAAI,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;;gBACpC,IAAI,KAAK,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBAC7C,IAAI,CAAC,cAAc,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;oBAC5C,OAAO;gBACT,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC7D,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAK,CAAC,CAAC;YACxB,CAAC,CAAC;YAEF,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,GAAG,EAAE;gBAC9B,+EAA+E;YACjF,CAAC,CAAC;YAEF,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,KAAY,EAAE,EAAE;;gBAC9D,MAAM,YAAY,GAAG,KAAqB,CAAC;gBAE3C,IAAI,CAAC;oBACH,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;oBACvD,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;wBAC/C,MAAM,IAAI,KAAK,CACb,qDAAqD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAC7E,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,CAAC;oBACd,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;oBAE/B,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;oBAClB,OAAO;gBACT,CAAC;gBAED,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,SAAS,GAAG,CAAC,KAAY,EAAE,EAAE;;gBAC7C,MAAM,YAAY,GAAG,KAAqB,CAAC;gBAC3C,IAAI,OAAuB,CAAC;gBAC5B,IAAI,CAAC;oBACH,OAAO,GAAG,+BAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBACtE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;oBAC/B,OAAO;gBACT,CAAC;gBAED,MAAA,IAAI,CAAC,SAAS,qDAAG,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,6GAA6G,CAC9G,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,iBAAyB;QACxC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,2BAAiB,CAAC,kBAAkB,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,cAAI,EAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC3F,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5B,MAAM,IAAI,2BAAiB,CAAC,qBAAqB,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;;QACT,MAAA,IAAI,CAAC,gBAAgB,0CAAE,KAAK,EAAE,CAAC;QAC/B,MAAA,IAAI,CAAC,YAAY,0CAAE,KAAK,EAAE,CAAC;QAC3B,MAAA,IAAI,CAAC,OAAO,oDAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAuB;;QAChC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,GAAG,aAAa,EAAE,GAAG,MAAA,IAAI,CAAC,YAAY,0CAAE,OAAO,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG;gBACX,GAAG,IAAI,CAAC,YAAY;gBACpB,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC7B,MAAM,EAAE,MAAA,IAAI,CAAC,gBAAgB,0CAAE,MAAM;aACtC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBAClD,MAAM,MAAM,GAAG,MAAM,IAAA,cAAI,EAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBACxE,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;wBAC5B,MAAM,IAAI,2BAAiB,EAAE,CAAC;oBAChC,CAAC;oBAED,0DAA0D;oBAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5B,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrD,MAAM,IAAI,KAAK,CACb,mCAAmC,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAA,IAAI,CAAC,OAAO,qDAAG,KAAc,CAAC,CAAC;YAC/B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA/LD,gDA+LC"}

package/dist/cjs/server/auth/clients.d.ts

@@ -0,0 +1,19 @@
+import { OAuthClientInformationFull } from "../../shared/auth.js";
+/**
+ * Stores information about registered OAuth clients for this server.
+ */
+export interface OAuthRegisteredClientsStore {
+    /**
+     * Returns information about a registered client, based on its ID.
+     */
+    getClient(clientId: string): OAuthClientInformationFull | undefined | Promise<OAuthClientInformationFull | undefined>;
+    /**
+     * Registers a new client with the server. The client ID and secret will be automatically generated by the library. A modified version of the client information can be returned to reflect specific values enforced by the server.
+     *
+     * NOTE: Implementations should NOT delete expired client secrets in-place. Auth middleware provided by this library will automatically check the `client_secret_expires_at` field and reject requests with expired secrets. Any custom logic for authenticating clients should check the `client_secret_expires_at` field as well.
+     *
+     * If unimplemented, dynamic client registration is unsupported.
+     */
+    registerClient?(client: OAuthClientInformationFull): OAuthClientInformationFull | Promise<OAuthClientInformationFull>;
+}
+//# sourceMappingURL=clients.d.ts.map

package/dist/cjs/server/auth/clients.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"clients.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/clients.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,0BAA0B,GAAG,SAAS,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC,CAAC;IAEtH;;;;;;OAMG;IACH,cAAc,CAAC,CAAC,MAAM,EAAE,0BAA0B,GAAG,0BAA0B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;CACvH"}

package/dist/cjs/server/auth/clients.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=clients.js.map

package/dist/cjs/server/auth/clients.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clients.js","sourceRoot":"","sources":["../../../../src/server/auth/clients.ts"],"names":[],"mappings":""}