@platf/bridge 0.0.11 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -22,12 +22,31 @@ export function createDiscoveryRouter(auth, logger) {
|
|
|
22
22
|
*
|
|
23
23
|
* Handles both root and path-suffixed variants (e.g. /.well-known/oauth-protected-resource/mcp)
|
|
24
24
|
* as required by the MCP SDK for path-based resource discovery.
|
|
25
|
+
*
|
|
26
|
+
* The `resource` field MUST match the URL the client is accessing (RFC 9728 §2).
|
|
27
|
+
* For path-suffixed requests like /.well-known/oauth-protected-resource/mcp,
|
|
28
|
+
* the resource is the path after the well-known prefix.
|
|
25
29
|
*/
|
|
26
|
-
router.get('/.well-known/oauth-protected-resource
|
|
30
|
+
router.get('/.well-known/oauth-protected-resource', (req, res) => {
|
|
31
|
+
// Exact match — client is looking for the root resource
|
|
32
|
+
// Return /mcp as that's our protected endpoint
|
|
33
|
+
const scheme = req.protocol;
|
|
34
|
+
const host = req.get('host');
|
|
35
|
+
const resourceMetadata = {
|
|
36
|
+
resource: `${scheme}://${host}/mcp`,
|
|
37
|
+
authorization_servers: [auth.issuer],
|
|
38
|
+
scopes_supported: ['openid', 'profile', 'email'],
|
|
39
|
+
bearer_methods_supported: ['header'],
|
|
40
|
+
};
|
|
41
|
+
res.json(resourceMetadata);
|
|
42
|
+
});
|
|
43
|
+
router.get('/.well-known/oauth-protected-resource/*', (req, res) => {
|
|
44
|
+
// Path-suffixed request — the suffix IS the protected resource path
|
|
27
45
|
const scheme = req.protocol;
|
|
28
46
|
const host = req.get('host');
|
|
47
|
+
const resourcePath = '/' + req.params[0];
|
|
29
48
|
const resourceMetadata = {
|
|
30
|
-
resource: `${scheme}://${host}
|
|
49
|
+
resource: `${scheme}://${host}${resourcePath}`,
|
|
31
50
|
authorization_servers: [auth.issuer],
|
|
32
51
|
scopes_supported: ['openid', 'profile', 'email'],
|
|
33
52
|
bearer_methods_supported: ['header'],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"discoveryRoutes.js","sourceRoot":"","sources":["../../src/lib/discoveryRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,qBAAqB,CAAC,IAAgB,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB
|
|
1
|
+
{"version":3,"file":"discoveryRoutes.js","sourceRoot":"","sources":["../../src/lib/discoveryRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,qBAAqB,CAAC,IAAgB,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAClF,wDAAwD;QACxD,+CAA+C;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,MAAM,MAAM,IAAI,MAAM;YACnC,qBAAqB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACpC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACpF,oEAAoE;QACpE,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,MAAM,MAAM,IAAI,GAAG,YAAY,EAAE;YAC9C,qBAAqB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACpC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,GAAG,CAAC,0CAA0C,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3F,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,yCAAyC,CAAA;YAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAA;YAEnE,yDAAyD;YACzD,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAC5B,QAAQ,CAAC,qBAAqB,GAAG,GAAG,MAAM,MAAM,IAAI,iBAAiB,CAAA;YAErE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YAC3E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAC7D,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,WAAW,EAAE,cAAc;YAC3B,8CAA8C;YAC9C,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;SAC3E,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/package.json
CHANGED
|
@@ -26,12 +26,32 @@ export function createDiscoveryRouter(auth: AuthConfig, logger: Logger): Router
|
|
|
26
26
|
*
|
|
27
27
|
* Handles both root and path-suffixed variants (e.g. /.well-known/oauth-protected-resource/mcp)
|
|
28
28
|
* as required by the MCP SDK for path-based resource discovery.
|
|
29
|
+
*
|
|
30
|
+
* The `resource` field MUST match the URL the client is accessing (RFC 9728 §2).
|
|
31
|
+
* For path-suffixed requests like /.well-known/oauth-protected-resource/mcp,
|
|
32
|
+
* the resource is the path after the well-known prefix.
|
|
29
33
|
*/
|
|
30
|
-
router.get('/.well-known/oauth-protected-resource
|
|
34
|
+
router.get('/.well-known/oauth-protected-resource', (req: Request, res: Response) => {
|
|
35
|
+
// Exact match — client is looking for the root resource
|
|
36
|
+
// Return /mcp as that's our protected endpoint
|
|
37
|
+
const scheme = req.protocol
|
|
38
|
+
const host = req.get('host')
|
|
39
|
+
const resourceMetadata = {
|
|
40
|
+
resource: `${scheme}://${host}/mcp`,
|
|
41
|
+
authorization_servers: [auth.issuer],
|
|
42
|
+
scopes_supported: ['openid', 'profile', 'email'],
|
|
43
|
+
bearer_methods_supported: ['header'],
|
|
44
|
+
}
|
|
45
|
+
res.json(resourceMetadata)
|
|
46
|
+
})
|
|
47
|
+
|
|
48
|
+
router.get('/.well-known/oauth-protected-resource/*', (req: Request, res: Response) => {
|
|
49
|
+
// Path-suffixed request — the suffix IS the protected resource path
|
|
31
50
|
const scheme = req.protocol
|
|
32
51
|
const host = req.get('host')
|
|
52
|
+
const resourcePath = '/' + req.params[0]
|
|
33
53
|
const resourceMetadata = {
|
|
34
|
-
resource: `${scheme}://${host}
|
|
54
|
+
resource: `${scheme}://${host}${resourcePath}`,
|
|
35
55
|
authorization_servers: [auth.issuer],
|
|
36
56
|
scopes_supported: ['openid', 'profile', 'email'],
|
|
37
57
|
bearer_methods_supported: ['header'],
|