@scalar/api-client 2.31.2 → 2.32.0

package/dist/v2/blocks/scalar-auth-selector-block/helpers/oauth.js

@@ -1,44 +1,49 @@
-import { isRelativePath as E } from "@scalar/helpers/url/is-relative-path";
-import { makeUrlAbsolute as b } from "@scalar/helpers/url/make-url-absolute";
-import { shouldUseProxy as S } from "@scalar/helpers/url/redirect-to-proxy";
-import { encode as z, fromUint8Array as C } from "js-base64";
-const A = (t) => {
-  const e = t?.url;
-  return e ? E(e) ? typeof window > "u" ? {} : { basePath: e } : { baseUrl: e } : {};
-}, F = () => {
+import { isRelativePath as z } from "@scalar/helpers/url/is-relative-path";
+import { makeUrlAbsolute as S } from "@scalar/helpers/url/make-url-absolute";
+import { shouldUseProxy as F } from "@scalar/helpers/url/redirect-to-proxy";
+import { encode as R, fromUint8Array as A } from "js-base64";
+import { getServerUrl as E } from "../../operation-block/helpers/get-server-url.js";
+const b = (t, e = {}) => {
+  const i = E(t, e);
+  return i ? z(i) ? typeof window > "u" ? {} : { basePath: i } : { baseUrl: i } : {};
+}, $ = () => {
   const t = new Uint8Array(32);
-  return crypto.getRandomValues(t), C(t, !0);
-}, R = async (t, e) => {
+  return crypto.getRandomValues(t), A(t, !0);
+}, L = async (t, e) => {
   if (e === "plain")
     return t;
   if (typeof crypto?.subtle?.digest != "function")
     return console.warn("SHA-256 is only supported when using https, using a plain text code challenge instead."), t;
-  const l = new TextEncoder().encode(t), f = await crypto.subtle.digest("SHA-256", l);
-  return C(new Uint8Array(f), !0);
-}, W = async (t, e, g, l, f) => {
-  const d = t[e];
+  const d = new TextEncoder().encode(t), m = await crypto.subtle.digest("SHA-256", d);
+  return A(new Uint8Array(m), !0);
+}, q = async (t, e, i, d, m, g = {}) => {
+  const h = t[e];
   try {
-    if (!d)
+    if (!h)
       return [new Error("Flow not found"), null];
-    const m = g.join(" ");
+    const p = i.join(" ");
     if (e === "clientCredentials" || e === "password")
-      return U(
+      return C(
         t,
         e,
-        m,
+        p,
         {
-          proxyUrl: f
+          proxyUrl: m
         },
-        l
+        d,
+        g
       );
-    const r = (Math.random() + 1).toString(36).substring(2, 10), a = b(t[e].authorizationUrl, A(l)), n = new URL(a);
+    const r = (Math.random() + 1).toString(36).substring(2, 10), a = S(
+      t[e].authorizationUrl,
+      b(d, g)
+    ), n = new URL(a);
     let c = null;
     if (e === "implicit")
       n.searchParams.set("response_type", "token");
     else if (e === "authorizationCode") {
       const s = t[e];
       if (n.searchParams.set("response_type", "code"), s["x-usePkce"] !== "no") {
-        const o = F(), u = await R(o, s["x-usePkce"]);
+        const o = $(), u = await L(o, s["x-usePkce"]);
         c = {
           codeVerifier: o,
           codeChallenge: u,
@@ -46,76 +51,77 @@ const A = (t) => {
         }, n.searchParams.set("code_challenge", u), n.searchParams.set("code_challenge_method", c.codeChallengeMethod);
       }
     }
-    const i = t[e];
-    if (i["x-scalar-secret-redirect-uri"].startsWith("/")) {
-      const s = l?.url || window.location.origin + window.location.pathname, o = new URL(i["x-scalar-secret-redirect-uri"], s).toString();
+    const l = t[e];
+    if (l["x-scalar-secret-redirect-uri"].startsWith("/")) {
+      const s = E(d, g) || window.location.origin + window.location.pathname, o = new URL(l["x-scalar-secret-redirect-uri"], s).toString();
       n.searchParams.set("redirect_uri", o);
     } else
-      n.searchParams.set("redirect_uri", i["x-scalar-secret-redirect-uri"]);
-    d["x-scalar-security-query"] && Object.keys(d["x-scalar-security-query"]).forEach((s) => {
-      const o = d["x-scalar-security-query"]?.[s];
+      n.searchParams.set("redirect_uri", l["x-scalar-secret-redirect-uri"]);
+    h["x-scalar-security-query"] && Object.keys(h["x-scalar-security-query"]).forEach((s) => {
+      const o = h["x-scalar-security-query"]?.[s];
       o && n.searchParams.set(s, o);
-    }), n.searchParams.set("client_id", d["x-scalar-secret-client-id"]), n.searchParams.set("state", r), m && n.searchParams.set("scope", m);
-    const h = window.open(n, "openAuth2Window", "left=100,top=100,width=800,height=600");
-    return h ? new Promise((s) => {
+    }), n.searchParams.set("client_id", h["x-scalar-secret-client-id"]), n.searchParams.set("state", r), p && n.searchParams.set("scope", p);
+    const w = window.open(n, "openAuth2Window", "left=100,top=100,width=800,height=600");
+    return w ? new Promise((s) => {
       const o = setInterval(() => {
-        let u = null, p = null, x = null, _ = null;
+        let u = null, x = null, _ = null, P = null;
         try {
-          const w = new URL(h.location.href).searchParams, k = d["x-tokenName"] || "access_token";
-          u = w.get(k), p = w.get("code"), x = w.get("error"), _ = w.get("error_description");
-          const P = new URLSearchParams(h.location.href.split("#")[1]);
-          u ||= P.get(k), p ||= P.get("code"), x ||= P.get("error"), _ ||= P.get("error_description");
+          const f = new URL(w.location.href).searchParams, U = h["x-tokenName"] || "access_token";
+          u = f.get(U), x = f.get("code"), _ = f.get("error"), P = f.get("error_description");
+          const y = new URLSearchParams(w.location.href.split("#")[1]);
+          u ||= y.get(U), x ||= y.get("code"), _ ||= y.get("error"), P ||= y.get("error_description");
         } catch {
         }
-        if (h.closed || u || p || x)
-          if (clearInterval(o), h.close(), x)
-            s([new Error(`OAuth error: ${x}${_ ? ` (${_})` : ""}`), null]);
+        if (w.closed || u || x || _)
+          if (clearInterval(o), w.close(), _)
+            s([new Error(`OAuth error: ${_}${P ? ` (${P})` : ""}`), null]);
           else if (u) {
-            const w = h.location.href.match(/state=([^&]*)/)?.[1];
-            s(w === r ? [null, u] : [new Error("State mismatch"), null]);
-          } else p && e === "authorizationCode" ? new URL(h.location.href).searchParams.get("state") === r ? U(
+            const f = w.location.href.match(/state=([^&]*)/)?.[1];
+            s(f === r ? [null, u] : [new Error("State mismatch"), null]);
+          } else x && e === "authorizationCode" ? new URL(w.location.href).searchParams.get("state") === r ? C(
             t,
             e,
-            m,
+            p,
             {
-              code: p,
+              code: x,
               pkce: c,
-              proxyUrl: f
+              proxyUrl: m
             },
-            l
+            d,
+            g
           ).then(s) : s([new Error("State mismatch"), null]) : (clearInterval(o), s([new Error("Window was closed without granting authorization"), null]));
       }, 200);
     }) : [new Error("Failed to open auth window"), null];
   } catch {
     return [new Error("Failed to authorize oauth2 flow"), null];
   }
-}, U = async (t, e, g, {
-  code: l,
-  pkce: f,
-  proxyUrl: d
-} = {}, m) => {
+}, C = async (t, e, i, {
+  code: d,
+  pkce: m,
+  proxyUrl: g
+} = {}, h, p = {}) => {
   const r = t[e];
   if (!r)
     return [new Error("OAuth2 flow was not defined"), null];
   const a = new URLSearchParams();
-  g && (e === "clientCredentials" || e === "password") && a.set("scope", g);
+  i && (e === "clientCredentials" || e === "password") && a.set("scope", i);
   const n = r["x-scalar-credentials-location"] === "body";
-  if (n && (a.set("client_id", r["x-scalar-secret-client-id"]), a.set("client_secret", r["x-scalar-secret-client-secret"])), "x-scalar-secret-redirect-uri" in r && r["x-scalar-secret-redirect-uri"] && a.set("redirect_uri", r["x-scalar-secret-redirect-uri"]), l)
-    a.set("code", l), a.set("grant_type", "authorization_code"), f && a.set("code_verifier", f.codeVerifier);
+  if (n && (a.set("client_id", r["x-scalar-secret-client-id"]), a.set("client_secret", r["x-scalar-secret-client-secret"])), "x-scalar-secret-redirect-uri" in r && r["x-scalar-secret-redirect-uri"] && a.set("redirect_uri", r["x-scalar-secret-redirect-uri"]), d)
+    a.set("code", d), a.set("grant_type", "authorization_code"), m && a.set("code_verifier", m.codeVerifier);
   else if (e === "password") {
     const c = t[e];
     a.set("grant_type", "password"), a.set("username", c["x-scalar-secret-username"]), a.set("password", c["x-scalar-secret-password"]);
   } else
     a.set("grant_type", "client_credentials");
-  r["x-scalar-security-body"] && Object.entries(r["x-scalar-security-body"]).forEach(([c, i]) => {
-    i && a.set(c, i);
+  r["x-scalar-security-body"] && Object.entries(r["x-scalar-security-body"]).forEach(([c, l]) => {
+    l && a.set(c, l);
   });
   try {
     const c = {
       "Content-Type": "application/x-www-form-urlencoded"
     };
-    n || (c.Authorization = `Basic ${z(`${r["x-scalar-secret-client-id"]}:${r["x-scalar-secret-client-secret"]}`)}`);
-    const i = b(r.tokenUrl, A(m)), y = S(d, i) ? `${d}?${new URLSearchParams([["scalar_url", i]]).toString()}` : i, s = await (await fetch(y, {
+    n || (c.Authorization = `Basic ${R(`${r["x-scalar-secret-client-id"]}:${r["x-scalar-secret-client-secret"]}`)}`);
+    const l = S(r.tokenUrl, b(h, p)), k = F(g, l) ? `${g}?${new URLSearchParams([["scalar_url", l]]).toString()}` : l, s = await (await fetch(k, {
       method: "POST",
       headers: c,
       body: a
@@ -126,5 +132,5 @@ const A = (t) => {
   }
 };
 export {
-  W as authorizeOauth2
+  q as authorizeOauth2
 };

package/dist/v2/features/operation/Operation.vue.js

@@ -81,7 +81,7 @@ const P = {
       )
     )), x = t(
       () => b(a(e.options)?.hiddenClients)
-    ), g = "2.31.2";
+    ), g = "2.32.0";
     return (n, o) => e.path && e.method && e.exampleName && r.value ? (m(), C(c(V), {
       key: 0,
       activeEnvironment: e.workspaceStore.workspace["x-scalar-active-environment"],

package/dist/views/Request/ResponseSection/ResponseEmpty.vue2.js

@@ -33,7 +33,7 @@ const W = { class: "flex-center relative flex flex-1 flex-col gap-6 p-2 capitali
       }));
     }, f = (u) => {
       u?.createNew && g.name === "request" && p();
-    }, v = "2.31.2";
+    }, v = "2.32.0";
     return q(() => a.hotKeys.on(f)), R(() => a.hotKeys.off(f)), (u, e) => (l(), n("div", W, [
       s("div", {
         class: y(["flex h-[calc(100%_-_50px)] flex-col items-center justify-center", {

package/dist/views/Request/libs/oauth2.d.ts

@@ -9,6 +9,13 @@ type PKCEState = {
     codeChallenge: string;
     codeChallengeMethod: string;
 };
+/**
+ * Interpolates server URL template variables (e.g. `https://{env}.example.com`)
+ * using the user-set `value` when available, falling back to the OpenAPI `default`.
+ * This is needed so OAuth flows that use the server URL as a base resolve correctly
+ * when the spec defines server variables.
+ */
+export declare const getInterpolatedServerUrl: (activeServer?: Server) => string | undefined;
 /**
  * Creates a code challenge from the code verifier
  */

package/dist/views/Request/libs/oauth2.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../../src/views/Request/libs/oauth2.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAA;AAGzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD,qDAAqD;AACrD,KAAK,eAAe,GAAG,OAAO,CAAC,UAAU,EAAE;IAAE,IAAI,EAAE,UAAU,CAAA;CAAE,CAAC,CAAA;AAEhE,KAAK,SAAS,GAAG;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AA8BD;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,UAAU,MAAM,EAAE,UAAU,SAAS,GAAG,OAAO,KAAG,OAAO,CAAC,MAAM,CAkB3G,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC1B,MAAM,UAAU;AAChB,wEAAwE;AACxE,cAAc,MAAM;AACpB,kCAAkC;AAClC,WAAW,MAAM,KAChB,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CA0K/B,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,GAC3B,MAAM,eAAe,EACrB,QAAQ,MAAM,EACd,2BAIG;IACD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,SAAS,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC9B,YAAK,EACN,cAAc,MAAM,GAAG,SAAS,KAC/B,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CA2F/B,CAAA"}
+{"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../../src/views/Request/libs/oauth2.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAA;AAGzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD,qDAAqD;AACrD,KAAK,eAAe,GAAG,OAAO,CAAC,UAAU,EAAE;IAAE,IAAI,EAAE,UAAU,CAAA;CAAE,CAAC,CAAA;AAEhE,KAAK,SAAS,GAAG;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,GAAI,eAAe,MAAM,KAAG,MAAM,GAAG,SAczE,CAAA;AA8BD;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,UAAU,MAAM,EAAE,UAAU,SAAS,GAAG,OAAO,KAAG,OAAO,CAAC,MAAM,CAkB3G,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC1B,MAAM,UAAU;AAChB,wEAAwE;AACxE,cAAc,MAAM;AACpB,kCAAkC;AAClC,WAAW,MAAM,KAChB,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CA0K/B,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,GAC3B,MAAM,eAAe,EACrB,QAAQ,MAAM,EACd,2BAIG;IACD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,SAAS,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC9B,YAAK,EACN,cAAc,MAAM,GAAG,SAAS,KAC/B,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CA2F/B,CAAA"}

package/dist/views/Request/libs/oauth2.js

@@ -1,115 +1,127 @@
-import { isRelativePath as U } from "@scalar/helpers/url/is-relative-path";
+import { replaceVariables as U } from "@scalar/helpers/regex/replace-variables";
+import { isRelativePath as b } from "@scalar/helpers/url/is-relative-path";
 import { makeUrlAbsolute as x } from "@scalar/helpers/url/make-url-absolute";
-import { shouldUseProxy as f } from "@scalar/helpers/url/redirect-to-proxy";
-import { encode as A, fromUint8Array as k } from "js-base64";
-const w = (e) => {
-  const a = e?.url;
-  return a ? U(a) ? typeof window > "u" ? {} : { basePath: a } : { baseUrl: a } : {};
-}, b = () => {
+import { shouldUseProxy as A } from "@scalar/helpers/url/redirect-to-proxy";
+import { encode as E, fromUint8Array as k } from "js-base64";
+const S = (e) => {
+  if (!e?.url) return;
+  const s = Object.entries(e.variables ?? {}).reduce(
+    (i, [a, c]) => {
+      const h = c.value || c.default;
+      return h && (i[a] = h), i;
+    },
+    {}
+  );
+  return U(e.url, s);
+}, w = (e) => {
+  const s = S(e);
+  return s ? b(s) ? typeof window > "u" ? {} : { basePath: s } : { baseUrl: s } : {};
+}, C = () => {
   const e = new Uint8Array(32);
   return crypto.getRandomValues(e), k(e, !0);
-}, E = async (e, a) => {
-  if (a === "plain")
+}, T = async (e, s) => {
+  if (s === "plain")
     return e;
   if (typeof crypto?.subtle?.digest != "function")
     return console.warn("SHA-256 is only supported when using https, using a plain text code challenge instead."), e;
-  const c = new TextEncoder().encode(e), o = await crypto.subtle.digest("SHA-256", c);
-  return k(new Uint8Array(o), !0);
-}, $ = async (e, a, u) => {
+  const a = new TextEncoder().encode(e), c = await crypto.subtle.digest("SHA-256", a);
+  return k(new Uint8Array(c), !0);
+}, L = async (e, s, i) => {
   try {
     if (!e)
       return [new Error("Flow not found"), null];
-    const c = e.selectedScopes.join(" ");
+    const a = e.selectedScopes.join(" ");
     if (e.type === "clientCredentials" || e.type === "password")
-      return S(
+      return f(
         e,
-        c,
+        a,
         {
-          proxyUrl: u
+          proxyUrl: i
         },
-        a
+        s
       );
-    const o = (Math.random() + 1).toString(36).substring(2, 10), _ = x(e.authorizationUrl, w(a)), t = new URL(_);
-    let y = null;
+    const c = (Math.random() + 1).toString(36).substring(2, 10), h = x(e.authorizationUrl, w(s)), t = new URL(h);
+    let g = null;
     if (e.type === "implicit")
       t.searchParams.set("response_type", "token");
     else if (e.type === "authorizationCode" && (t.searchParams.set("response_type", "code"), e["x-usePkce"] !== "no")) {
-      const r = b(), s = await E(r, e["x-usePkce"]);
-      y = {
+      const r = C(), n = await T(r, e["x-usePkce"]);
+      g = {
         codeVerifier: r,
-        codeChallenge: s,
+        codeChallenge: n,
         codeChallengeMethod: e["x-usePkce"] === "SHA-256" ? "S256" : "plain"
-      }, t.searchParams.set("code_challenge", s), t.searchParams.set("code_challenge_method", y.codeChallengeMethod);
+      }, t.searchParams.set("code_challenge", n), t.searchParams.set("code_challenge_method", g.codeChallengeMethod);
     }
     if (e["x-scalar-redirect-uri"].startsWith("/")) {
-      const r = a?.url || window.location.origin + window.location.pathname, s = x(e["x-scalar-redirect-uri"], { baseUrl: r });
-      t.searchParams.set("redirect_uri", s);
+      const r = S(s) || window.location.origin + window.location.pathname, n = x(e["x-scalar-redirect-uri"], { baseUrl: r });
+      t.searchParams.set("redirect_uri", n);
     } else
       t.searchParams.set("redirect_uri", e["x-scalar-redirect-uri"]);
     e["x-scalar-security-query"] && Object.keys(e["x-scalar-security-query"]).forEach((r) => {
-      const s = e["x-scalar-security-query"]?.[r];
-      s && t.searchParams.set(r, s);
-    }), t.searchParams.set("client_id", e["x-scalar-client-id"]), t.searchParams.set("state", o), c && t.searchParams.set("scope", c);
-    const n = window.open(t, "openAuth2Window", "left=100,top=100,width=800,height=600");
-    return n ? new Promise((r) => {
-      const s = setInterval(() => {
-        let h = null, d = null, l = null, m = null;
+      const n = e["x-scalar-security-query"]?.[r];
+      n && t.searchParams.set(r, n);
+    }), t.searchParams.set("client_id", e["x-scalar-client-id"]), t.searchParams.set("state", c), a && t.searchParams.set("scope", a);
+    const o = window.open(t, "openAuth2Window", "left=100,top=100,width=800,height=600");
+    return o ? new Promise((r) => {
+      const n = setInterval(() => {
+        let p = null, d = null, u = null, y = null;
         try {
-          const i = new URL(n.location.href).searchParams, P = e["x-tokenName"] || "access_token";
-          h = i.get(P), d = i.get("code"), l = i.get("error"), m = i.get("error_description");
-          const g = new URLSearchParams(n.location.href.split("#")[1]);
-          h ||= g.get(P), d ||= g.get("code"), l ||= g.get("error"), m ||= g.get("error_description");
+          const l = new URL(o.location.href).searchParams, P = e["x-tokenName"] || "access_token";
+          p = l.get(P), d = l.get("code"), u = l.get("error"), y = l.get("error_description");
+          const _ = new URLSearchParams(o.location.href.split("#")[1]);
+          p ||= _.get(P), d ||= _.get("code"), u ||= _.get("error"), y ||= _.get("error_description");
         } catch {
         }
-        if (n.closed || h || d || l)
-          if (clearInterval(s), n.close(), l)
-            r([new Error(`OAuth error: ${l}${m ? ` (${m})` : ""}`), null]);
-          else if (h) {
-            const i = n.location.href.match(/state=([^&]*)/)?.[1];
-            r(i === o ? [null, h] : [new Error("State mismatch"), null]);
-          } else d ? new URL(n.location.href).searchParams.get("state") === o ? S(
+        if (o.closed || p || d || u)
+          if (clearInterval(n), o.close(), u)
+            r([new Error(`OAuth error: ${u}${y ? ` (${y})` : ""}`), null]);
+          else if (p) {
+            const l = o.location.href.match(/state=([^&]*)/)?.[1];
+            r(l === c ? [null, p] : [new Error("State mismatch"), null]);
+          } else d ? new URL(o.location.href).searchParams.get("state") === c ? f(
             e,
-            c,
+            a,
             {
               code: d,
-              pkce: y,
-              proxyUrl: u
+              pkce: g,
+              proxyUrl: i
             },
-            a
-          ).then(r) : r([new Error("State mismatch"), null]) : (clearInterval(s), r([new Error("Window was closed without granting authorization"), null]));
+            s
+          ).then(r) : r([new Error("State mismatch"), null]) : (clearInterval(n), r([new Error("Window was closed without granting authorization"), null]));
       }, 200);
     }) : [new Error("Failed to open auth window"), null];
   } catch {
     return [new Error("Failed to authorize oauth2 flow"), null];
   }
-}, S = async (e, a, {
-  code: u,
-  pkce: c,
-  proxyUrl: o
-} = {}, _) => {
+}, f = async (e, s, {
+  code: i,
+  pkce: a,
+  proxyUrl: c
+} = {}, h) => {
   if (!e)
     return [new Error("OAuth2 flow was not defined"), null];
   const t = new URLSearchParams();
-  t.set("client_id", e["x-scalar-client-id"]), a && (e.type === "clientCredentials" || e.type === "password") && t.set("scope", a), e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "body") && t.set("client_secret", e.clientSecret), "x-scalar-redirect-uri" in e && e["x-scalar-redirect-uri"] && t.set("redirect_uri", e["x-scalar-redirect-uri"]), u ? (t.set("code", u), t.set("grant_type", "authorization_code"), c && t.set("code_verifier", c.codeVerifier)) : e.type === "password" ? (t.set("grant_type", "password"), t.set("username", e.username), t.set("password", e.password)) : t.set("grant_type", "client_credentials"), e["x-scalar-security-body"] && Object.entries(e["x-scalar-security-body"]).forEach(([p, n]) => {
-    n && t.set(p, n);
+  t.set("client_id", e["x-scalar-client-id"]), s && (e.type === "clientCredentials" || e.type === "password") && t.set("scope", s), e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "body") && t.set("client_secret", e.clientSecret), "x-scalar-redirect-uri" in e && e["x-scalar-redirect-uri"] && t.set("redirect_uri", e["x-scalar-redirect-uri"]), i ? (t.set("code", i), t.set("grant_type", "authorization_code"), a && t.set("code_verifier", a.codeVerifier)) : e.type === "password" ? (t.set("grant_type", "password"), t.set("username", e.username), t.set("password", e.password)) : t.set("grant_type", "client_credentials"), e["x-scalar-security-body"] && Object.entries(e["x-scalar-security-body"]).forEach(([m, o]) => {
+    o && t.set(m, o);
   });
   try {
-    const p = {
+    const m = {
       "Content-Type": "application/x-www-form-urlencoded"
     };
-    e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "header") && (p.Authorization = `Basic ${A(`${e["x-scalar-client-id"]}:${e.clientSecret}`)}`);
-    const r = x(e.tokenUrl, w(_)), s = f(o, r) ? `${o}?${new URLSearchParams([["scalar_url", r]]).toString()}` : r, d = await (await fetch(s, {
+    e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "header") && (m.Authorization = `Basic ${E(`${e["x-scalar-client-id"]}:${e.clientSecret}`)}`);
+    const r = x(e.tokenUrl, w(h)), n = A(c, r) ? `${c}?${new URLSearchParams([["scalar_url", r]]).toString()}` : r, d = await (await fetch(n, {
       method: "POST",
-      headers: p,
+      headers: m,
       body: t
-    })).json(), l = e["x-tokenName"] || "access_token";
-    return [null, d[l]];
+    })).json(), u = e["x-tokenName"] || "access_token";
+    return [null, d[u]];
   } catch {
     return [new Error("Failed to get an access token. Please check your credentials."), null];
   }
 };
 export {
-  $ as authorizeOauth2,
-  S as authorizeServers,
-  E as generateCodeChallenge
+  L as authorizeOauth2,
+  f as authorizeServers,
+  T as generateCodeChallenge,
+  S as getInterpolatedServerUrl
 };

package/package.json

@@ -18,9 +18,9 @@
     "rest",
     "testing"
   ],
-  "version": "2.31.2",
+  "version": "2.32.0",
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
   },
   "type": "module",
   "main": "dist/index.js",
@@ -327,26 +327,26 @@
     "whatwg-mimetype": "4.0.0",
     "yaml": "^2.8.0",
     "zod": "^4.3.5",
-    "@scalar/analytics-client": "1.0.1",
-    "@scalar/components": "0.19.14",
-    "@scalar/draggable": "0.3.0",
-    "@scalar/helpers": "0.2.17",
-    "@scalar/icons": "0.5.3",
-    "@scalar/import": "0.4.54",
-    "@scalar/oas-utils": "0.8.2",
-    "@scalar/json-magic": "0.11.6",
-    "@scalar/object-utils": "1.2.31",
-    "@scalar/openapi-types": "0.5.3",
-    "@scalar/openapi-parser": "0.24.16",
-    "@scalar/postman-to-openapi": "0.4.9",
-    "@scalar/sidebar": "0.7.45",
-    "@scalar/snippetz": "0.6.18",
-    "@scalar/types": "0.6.9",
-    "@scalar/themes": "0.14.3",
-    "@scalar/use-toasts": "0.9.1",
-    "@scalar/use-hooks": "0.3.7",
-    "@scalar/use-codemirror": "0.13.49",
-    "@scalar/workspace-store": "0.35.2"
+    "@scalar/components": "0.20.0",
+    "@scalar/draggable": "0.4.0",
+    "@scalar/helpers": "0.3.0",
+    "@scalar/analytics-client": "1.1.0",
+    "@scalar/icons": "0.6.0",
+    "@scalar/import": "0.5.0",
+    "@scalar/json-magic": "0.12.0",
+    "@scalar/object-utils": "1.3.0",
+    "@scalar/openapi-parser": "0.25.0",
+    "@scalar/oas-utils": "0.9.0",
+    "@scalar/openapi-types": "0.6.0",
+    "@scalar/postman-to-openapi": "0.5.0",
+    "@scalar/sidebar": "0.8.0",
+    "@scalar/snippetz": "0.7.0",
+    "@scalar/themes": "0.15.0",
+    "@scalar/types": "0.7.0",
+    "@scalar/use-hooks": "0.4.0",
+    "@scalar/use-codemirror": "0.14.0",
+    "@scalar/workspace-store": "0.36.0",
+    "@scalar/use-toasts": "0.10.0"
   },
   "devDependencies": {
     "@tailwindcss/vite": "^4.1.18",
@@ -361,9 +361,9 @@
     "vite": "^7.3.1",
     "vite-svg-loader": "5.1.0",
     "vitest": "4.0.16",
-    "@scalar/build-tooling": "0.4.1",
-    "@scalar/galaxy": "0.5.16",
-    "@scalar/pre-post-request-scripts": "0.2.8"
+    "@scalar/build-tooling": "0.5.0",
+    "@scalar/galaxy": "0.6.0",
+    "@scalar/pre-post-request-scripts": "0.3.0"
   },
   "scripts": {
     "build": "scalar-build-vite",