@platf/bridge 0.0.20 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/lib/discoveryRoutes.d.ts +0 -2
  2. package/dist/lib/discoveryRoutes.js +3 -9
  3. package/dist/lib/discoveryRoutes.js.map +1 -1
  4. package/dist/lib/express.js +0 -3
  5. package/dist/lib/express.js.map +1 -1
  6. package/package.json +1 -1
  7. package/src/lib/discoveryRoutes.ts +3 -9
  8. package/src/lib/express.ts +0 -3
  9. package/dist/lib/oauthProxy.d.ts +0 -14
  10. package/dist/lib/oauthProxy.js +0 -83
  11. package/dist/lib/oauthProxy.js.map +0 -1
  12. package/src/lib/oauthProxy.ts +0 -92
package/dist/lib/discoveryRoutes.d.ts CHANGED
@@ -6,8 +6,6 @@
6
6
  * - GET /.well-known/oauth-authorization-server[/*] (RFC 8414 — proxied from issuer)
7
7
  * - POST /register (Pseudo-DCR — RFC 7591)
8
8
  *
9
- * OAuth proxy routes (/authorize, /token, /jwks) are in oauthProxy.ts.
10
- *
11
9
  * These endpoints are unauthenticated — they must be accessible to
12
10
  * any client performing OAuth discovery before obtaining a token.
13
11
  */
package/dist/lib/discoveryRoutes.js CHANGED
@@ -6,8 +6,6 @@
6
6
  * - GET /.well-known/oauth-authorization-server[/*] (RFC 8414 — proxied from issuer)
7
7
  * - POST /register (Pseudo-DCR — RFC 7591)
8
8
  *
9
- * OAuth proxy routes (/authorize, /token, /jwks) are in oauthProxy.ts.
10
- *
11
9
  * These endpoints are unauthenticated — they must be accessible to
12
10
  * any client performing OAuth discovery before obtaining a token.
13
11
  */
@@ -80,15 +78,11 @@ export function createDiscoveryRouter(auth, logger) {
80
78
  return res.status(502).json({ error: 'upstream_error' });
81
79
  }
82
80
  const metadata = (await upstream.json());
83
- // Patch all OAuth endpoints to point to our proxy
81
+ // Only patch registration_endpoint to point to our pseudo-DCR
82
+ // Keep original issuer/authorization_endpoint/token_endpoint so tokens validate correctly
84
83
  const scheme = req.protocol;
85
84
  const host = req.get('host');
86
- const bridgeOrigin = `${scheme}://${host}`;
87
- metadata.issuer = bridgeOrigin;
88
- metadata.authorization_endpoint = `${bridgeOrigin}/authorize`;
89
- metadata.token_endpoint = `${bridgeOrigin}/token`;
90
- metadata.registration_endpoint = `${bridgeOrigin}/register`;
91
- metadata.jwks_uri = `${bridgeOrigin}/jwks`;
85
+ metadata.registration_endpoint = `${scheme}://${host}/register`;
92
86
  res.json(metadata);
93
87
  }
94
88
  catch (err) {
package/dist/lib/discoveryRoutes.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"discoveryRoutes.js","sourceRoot":"","sources":["../../src/lib/discoveryRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,qBAAqB,CAAC,IAAgB,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAClF,wDAAwD;QACxD,+CAA+C;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,GAAG,MAAM,MAAM,IAAI,EAAE,CAAA;QAC1C,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,YAAY,MAAM;YAC/B,4DAA4D;YAC5D,qBAAqB,EAAE,CAAC,YAAY,CAAC;YACrC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACpF,oEAAoE;QACpE,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,GAAG,MAAM,MAAM,IAAI,EAAE,CAAA;QAC1C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,YAAY,GAAG,YAAY,EAAE;YAC1C,4DAA4D;YAC5D,qBAAqB,EAAE,CAAC,YAAY,CAAC;YACrC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,GAAG,CAAC,0CAA0C,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3F,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,yCAAyC,CAAA;YAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAA;YAEnE,kDAAkD;YAClD,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAC5B,MAAM,YAAY,GAAG,GAAG,MAAM,MAAM,IAAI,EAAE,CAAA;YAC1C,QAAQ,CAAC,MAAM,GAAG,YAAY,CAAA;YAC9B,QAAQ,CAAC,sBAAsB,GAAG,GAAG,YAAY,YAAY,CAAA;YAC7D,QAAQ,CAAC,cAAc,GAAG,GAAG,YAAY,QAAQ,CAAA;YACjD,QAAQ,CAAC,qBAAqB,GAAG,GAAG,YAAY,WAAW,CAAA;YAC3D,QAAQ,CAAC,QAAQ,GAAG,GAAG,YAAY,OAAO,CAAA;YAE1C,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YAC3E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,WAAW,EAAE,cAAc;YAC3B,8CAA8C;YAC9C,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;SAC3E,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
1
+ {"version":3,"file":"discoveryRoutes.js","sourceRoot":"","sources":["../../src/lib/discoveryRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,qBAAqB,CAAC,IAAgB,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAClF,wDAAwD;QACxD,+CAA+C;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,GAAG,MAAM,MAAM,IAAI,EAAE,CAAA;QAC1C,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,YAAY,MAAM;YAC/B,4DAA4D;YAC5D,qBAAqB,EAAE,CAAC,YAAY,CAAC;YACrC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACpF,oEAAoE;QACpE,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,GAAG,MAAM,MAAM,IAAI,EAAE,CAAA;QAC1C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,YAAY,GAAG,YAAY,EAAE;YAC1C,4DAA4D;YAC5D,qBAAqB,EAAE,CAAC,YAAY,CAAC;YACrC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,GAAG,CAAC,0CAA0C,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3F,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,yCAAyC,CAAA;YAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAA;YAEnE,8DAA8D;YAC9D,0FAA0F;YAC1F,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAC5B,QAAQ,CAAC,qBAAqB,GAAG,GAAG,MAAM,MAAM,IAAI,WAAW,CAAA;YAE/D,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YAC3E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,WAAW,EAAE,cAAc;YAC3B,8CAA8C;YAC9C,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;SAC3E,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
package/dist/lib/express.js CHANGED
@@ -8,7 +8,6 @@ import express from 'express';
8
8
  import cors from 'cors';
9
9
  import { serializeCorsOrigin } from './cors.js';
10
10
  import { createDiscoveryRouter } from './discoveryRoutes.js';
11
- import { createOAuthProxyRouter } from './oauthProxy.js';
12
11
  import { createAuthMiddleware } from './authMiddleware.js';
13
12
  /** Set custom response headers */
14
13
  export const setResponseHeaders = (res, headers) => Object.entries(headers).forEach(([key, value]) => res.setHeader(key, value));
@@ -52,8 +51,6 @@ export function createApp(options) {
52
51
  if (auth) {
53
52
  // Discovery routes (PRM, AS metadata, pseudo-DCR)
54
53
  app.use(createDiscoveryRouter(auth, logger));
55
- // OAuth proxy routes (authorize redirect, token proxy, JWKS proxy)
56
- app.use(createOAuthProxyRouter(auth, logger));
57
54
  // Auth middleware on MCP path
58
55
  app.use(mcpPath, createAuthMiddleware(auth, logger));
59
56
  logger.info(` - Auth: enabled (issuer=${auth.issuer})`);
package/dist/lib/express.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/lib/express.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,OAAwC,MAAM,SAAS,CAAA;AAC9D,OAAO,IAA0B,MAAM,MAAM,CAAA;AAE7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAY1D,kCAAkC;AAClC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAa,EAAE,OAA+B,EAAE,EAAE,CACnF,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,SAAS,CAAC,OAAyB;IACjD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE/E,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;IACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;IAC5B,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;IACvB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IAE/C,OAAO;IACP,IAAI,UAAU,EAAE,CAAC;QACf,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,MAAM,CAAC,IAAI,CAAC,sBAAsB,mBAAmB,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACvE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;IACnC,CAAC;IAED,mBAAmB;IACnB,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACxB,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YAChC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,yBAAyB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,EAAE,CAAC;QACT,kDAAkD;QAClD,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QAC5C,mEAAmE;QACnE,GAAG,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QAC7C,8BAA8B;QAC9B,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,oBAAoB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QACpD,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;IACnC,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC"}
1
+ {"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/lib/express.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,OAAwC,MAAM,SAAS,CAAA;AAC9D,OAAO,IAA0B,MAAM,MAAM,CAAA;AAE7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAY1D,kCAAkC;AAClC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAa,EAAE,OAA+B,EAAE,EAAE,CACnF,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,SAAS,CAAC,OAAyB;IACjD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE/E,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;IACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;IAC5B,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;IACvB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IAE/C,OAAO;IACP,IAAI,UAAU,EAAE,CAAC;QACf,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,MAAM,CAAC,IAAI,CAAC,sBAAsB,mBAAmB,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACvE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;IACnC,CAAC;IAED,mBAAmB;IACnB,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACxB,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YAChC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChB,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,yBAAyB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,EAAE,CAAC;QACT,kDAAkD;QAClD,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QAC5C,8BAA8B;QAC9B,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,oBAAoB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;QACpD,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;IACnC,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@platf/bridge",
3
- "version": "0.0.20",
3
+ "version": "0.0.21",
4
4
  "description": "Stdio-to-Streamable HTTP bridge for MCP servers — Platf AI Hub",
5
5
  "module": "src/index.ts",
6
6
  "main": "dist/index.js",
package/src/lib/discoveryRoutes.ts CHANGED
@@ -6,8 +6,6 @@
6
6
  * - GET /.well-known/oauth-authorization-server[/*] (RFC 8414 — proxied from issuer)
7
7
  * - POST /register (Pseudo-DCR — RFC 7591)
8
8
  *
9
- * OAuth proxy routes (/authorize, /token, /jwks) are in oauthProxy.ts.
10
- *
11
9
  * These endpoints are unauthenticated — they must be accessible to
12
10
  * any client performing OAuth discovery before obtaining a token.
13
11
  */
@@ -89,15 +87,11 @@ export function createDiscoveryRouter(auth: AuthConfig, logger: Logger): Router
89
87
 
90
88
  const metadata = (await upstream.json()) as Record<string, unknown>
91
89
 
92
- // Patch all OAuth endpoints to point to our proxy
90
+ // Only patch registration_endpoint to point to our pseudo-DCR
91
+ // Keep original issuer/authorization_endpoint/token_endpoint so tokens validate correctly
93
92
  const scheme = req.protocol
94
93
  const host = req.get('host')
95
- const bridgeOrigin = `${scheme}://${host}`
96
- metadata.issuer = bridgeOrigin
97
- metadata.authorization_endpoint = `${bridgeOrigin}/authorize`
98
- metadata.token_endpoint = `${bridgeOrigin}/token`
99
- metadata.registration_endpoint = `${bridgeOrigin}/register`
100
- metadata.jwks_uri = `${bridgeOrigin}/jwks`
94
+ metadata.registration_endpoint = `${scheme}://${host}/register`
101
95
 
102
96
  res.json(metadata)
103
97
  } catch (err: any) {
package/src/lib/express.ts CHANGED
@@ -10,7 +10,6 @@ import cors, { type CorsOptions } from 'cors'
10
10
  import type { AuthConfig, Logger } from '../types.js'
11
11
  import { serializeCorsOrigin } from './cors.js'
12
12
  import { createDiscoveryRouter } from './discoveryRoutes.js'
13
- import { createOAuthProxyRouter } from './oauthProxy.js'
14
13
  import { createAuthMiddleware } from './authMiddleware.js'
15
14
 
16
15
  export interface CreateAppOptions {
@@ -70,8 +69,6 @@ export function createApp(options: CreateAppOptions): Express {
70
69
  if (auth) {
71
70
  // Discovery routes (PRM, AS metadata, pseudo-DCR)
72
71
  app.use(createDiscoveryRouter(auth, logger))
73
- // OAuth proxy routes (authorize redirect, token proxy, JWKS proxy)
74
- app.use(createOAuthProxyRouter(auth, logger))
75
72
  // Auth middleware on MCP path
76
73
  app.use(mcpPath, createAuthMiddleware(auth, logger))
77
74
  logger.info(` - Auth: enabled (issuer=${auth.issuer})`)
package/dist/lib/oauthProxy.d.ts DELETED
@@ -1,14 +0,0 @@
1
- /**
2
- * OAuth 2.0 proxy routes for the bridge.
3
- *
4
- * These routes proxy OAuth endpoints to the upstream authorization server:
5
- * - GET /authorize → Redirect to upstream (preserves query params)
6
- * - POST /token → Proxy to upstream
7
- * - GET /jwks → Proxy JWKS for token verification
8
- *
9
- * This separation allows the bridge to advertise itself as the authorization
10
- * server while delegating actual auth operations to the upstream issuer.
11
- */
12
- import { Router } from 'express';
13
- import type { AuthConfig, Logger } from '../types.js';
14
- export declare function createOAuthProxyRouter(auth: AuthConfig, logger: Logger): Router;
package/dist/lib/oauthProxy.js DELETED
@@ -1,83 +0,0 @@
1
- /**
2
- * OAuth 2.0 proxy routes for the bridge.
3
- *
4
- * These routes proxy OAuth endpoints to the upstream authorization server:
5
- * - GET /authorize → Redirect to upstream (preserves query params)
6
- * - POST /token → Proxy to upstream
7
- * - GET /jwks → Proxy JWKS for token verification
8
- *
9
- * This separation allows the bridge to advertise itself as the authorization
10
- * server while delegating actual auth operations to the upstream issuer.
11
- */
12
- import { Router } from 'express';
13
- export function createOAuthProxyRouter(auth, logger) {
14
- const router = Router();
15
- /**
16
- * OAuth Authorization Endpoint — Redirect to upstream
17
- *
18
- * Since the bridge advertises itself as the authorization_server,
19
- * clients will attempt to call /authorize here. We redirect
20
- * to the upstream auth server, preserving all query parameters.
21
- */
22
- router.get('/authorize', (req, res) => {
23
- const upstreamUrl = new URL(`${auth.issuer}/authorize`);
24
- // Copy all query params to upstream
25
- for (const [key, value] of Object.entries(req.query)) {
26
- if (typeof value === 'string') {
27
- upstreamUrl.searchParams.set(key, value);
28
- }
29
- }
30
- logger.info(`[oauth-proxy] Redirecting /authorize to upstream`);
31
- res.redirect(upstreamUrl.toString());
32
- });
33
- /**
34
- * OAuth Token Endpoint — Proxy to upstream
35
- *
36
- * Proxies token exchange requests to the upstream auth server.
37
- */
38
- router.post('/token', async (req, res) => {
39
- try {
40
- const upstreamUrl = `${auth.issuer}/token`;
41
- logger.info(`[oauth-proxy] Proxying /token to ${upstreamUrl}`);
42
- const requestBody = req.get('Content-Type')?.includes('application/json')
43
- ? JSON.stringify(req.body)
44
- : new URLSearchParams(req.body).toString();
45
- logger.info(`[oauth-proxy] Request body: ${requestBody}`);
46
- const upstreamRes = await fetch(upstreamUrl, {
47
- method: 'POST',
48
- headers: {
49
- 'Content-Type': req.get('Content-Type') || 'application/x-www-form-urlencoded',
50
- },
51
- body: requestBody,
52
- });
53
- const data = await upstreamRes.text();
54
- logger.info(`[oauth-proxy] Upstream response: ${upstreamRes.status} ${data.substring(0, 200)}`);
55
- res.status(upstreamRes.status);
56
- res.set('Content-Type', upstreamRes.headers.get('Content-Type') || 'application/json');
57
- res.send(data);
58
- }
59
- catch (err) {
60
- logger.error('[oauth-proxy] Error proxying /token:', err.message ?? err);
61
- res.status(502).json({ error: 'upstream_error' });
62
- }
63
- });
64
- /**
65
- * JWKS Endpoint — Proxy to upstream
66
- *
67
- * Proxies JSON Web Key Set requests for token verification.
68
- */
69
- router.get('/jwks', async (_req, res) => {
70
- try {
71
- const upstreamUrl = `${auth.issuer}/jwks`;
72
- const upstreamRes = await fetch(upstreamUrl);
73
- const data = await upstreamRes.json();
74
- res.json(data);
75
- }
76
- catch (err) {
77
- logger.error('[oauth-proxy] Error proxying /jwks:', err.message ?? err);
78
- res.status(502).json({ error: 'upstream_error' });
79
- }
80
- });
81
- return router;
82
- }
83
- //# sourceMappingURL=oauthProxy.js.map
package/dist/lib/oauthProxy.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauthProxy.js","sourceRoot":"","sources":["../../src/lib/oauthProxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,sBAAsB,CAAC,IAAgB,EAAE,MAAc;IACrE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB;;;;;;OAMG;IACH,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACvD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,YAAY,CAAC,CAAA;QACvD,oCAAoC;QACpC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAC1C,CAAC;QACH,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAA;QAC/D,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF;;;;OAIG;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC1D,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,QAAQ,CAAA;YAC1C,MAAM,CAAC,IAAI,CAAC,oCAAoC,WAAW,EAAE,CAAC,CAAA;YAE9D,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,kBAAkB,CAAC;gBACvE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC1B,CAAC,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,IAA8B,CAAC,CAAC,QAAQ,EAAE,CAAA;YAEtE,MAAM,CAAC,IAAI,CAAC,+BAA+B,WAAW,EAAE,CAAC,CAAA;YAEzD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;gBAC3C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,mCAAmC;iBAC/E;gBACD,IAAI,EAAE,WAAW;aAClB,CAAC,CAAA;YAEF,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAA;YACrC,MAAM,CAAC,IAAI,CAAC,oCAAoC,WAAW,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YAE/F,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;YAC9B,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,kBAAkB,CAAC,CAAA;YACtF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,IAAa,EAAE,GAAa,EAAE,EAAE;QACzD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,OAAO,CAAA;YACzC,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YAC5C,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAA;YACrC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YACvE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
package/src/lib/oauthProxy.ts DELETED
@@ -1,92 +0,0 @@
1
- /**
2
- * OAuth 2.0 proxy routes for the bridge.
3
- *
4
- * These routes proxy OAuth endpoints to the upstream authorization server:
5
- * - GET /authorize → Redirect to upstream (preserves query params)
6
- * - POST /token → Proxy to upstream
7
- * - GET /jwks → Proxy JWKS for token verification
8
- *
9
- * This separation allows the bridge to advertise itself as the authorization
10
- * server while delegating actual auth operations to the upstream issuer.
11
- */
12
-
13
- import { Router, type Request, type Response } from 'express'
14
- import type { AuthConfig, Logger } from '../types.js'
15
-
16
- export function createOAuthProxyRouter(auth: AuthConfig, logger: Logger): Router {
17
- const router = Router()
18
-
19
- /**
20
- * OAuth Authorization Endpoint — Redirect to upstream
21
- *
22
- * Since the bridge advertises itself as the authorization_server,
23
- * clients will attempt to call /authorize here. We redirect
24
- * to the upstream auth server, preserving all query parameters.
25
- */
26
- router.get('/authorize', (req: Request, res: Response) => {
27
- const upstreamUrl = new URL(`${auth.issuer}/authorize`)
28
- // Copy all query params to upstream
29
- for (const [key, value] of Object.entries(req.query)) {
30
- if (typeof value === 'string') {
31
- upstreamUrl.searchParams.set(key, value)
32
- }
33
- }
34
- logger.info(`[oauth-proxy] Redirecting /authorize to upstream`)
35
- res.redirect(upstreamUrl.toString())
36
- })
37
-
38
- /**
39
- * OAuth Token Endpoint — Proxy to upstream
40
- *
41
- * Proxies token exchange requests to the upstream auth server.
42
- */
43
- router.post('/token', async (req: Request, res: Response) => {
44
- try {
45
- const upstreamUrl = `${auth.issuer}/token`
46
- logger.info(`[oauth-proxy] Proxying /token to ${upstreamUrl}`)
47
-
48
- const requestBody = req.get('Content-Type')?.includes('application/json')
49
- ? JSON.stringify(req.body)
50
- : new URLSearchParams(req.body as Record<string, string>).toString()
51
-
52
- logger.info(`[oauth-proxy] Request body: ${requestBody}`)
53
-
54
- const upstreamRes = await fetch(upstreamUrl, {
55
- method: 'POST',
56
- headers: {
57
- 'Content-Type': req.get('Content-Type') || 'application/x-www-form-urlencoded',
58
- },
59
- body: requestBody,
60
- })
61
-
62
- const data = await upstreamRes.text()
63
- logger.info(`[oauth-proxy] Upstream response: ${upstreamRes.status} ${data.substring(0, 200)}`)
64
-
65
- res.status(upstreamRes.status)
66
- res.set('Content-Type', upstreamRes.headers.get('Content-Type') || 'application/json')
67
- res.send(data)
68
- } catch (err: any) {
69
- logger.error('[oauth-proxy] Error proxying /token:', err.message ?? err)
70
- res.status(502).json({ error: 'upstream_error' })
71
- }
72
- })
73
-
74
- /**
75
- * JWKS Endpoint — Proxy to upstream
76
- *
77
- * Proxies JSON Web Key Set requests for token verification.
78
- */
79
- router.get('/jwks', async (_req: Request, res: Response) => {
80
- try {
81
- const upstreamUrl = `${auth.issuer}/jwks`
82
- const upstreamRes = await fetch(upstreamUrl)
83
- const data = await upstreamRes.json()
84
- res.json(data)
85
- } catch (err: any) {
86
- logger.error('[oauth-proxy] Error proxying /jwks:', err.message ?? err)
87
- res.status(502).json({ error: 'upstream_error' })
88
- }
89
- })
90
-
91
- return router
92
- }