@silkweave/auth 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +17 -18
- package/.turbo/turbo-check.log +12 -13
- package/.turbo/turbo-lint.log +1 -1
- package/.turbo/turbo-prepack.log +8 -8
- package/README.md +2 -2
- package/build/index.d.ts +41 -42
- package/build/index.js +253 -218
- package/build/index.js.map +1 -1
- package/package.json +2 -2
- package/src/errors.ts +0 -4
- package/src/provider/index.ts +0 -1
- package/src/provider/proxy.ts +309 -253
- package/src/provider/types.ts +7 -1
- package/src/types.ts +2 -8
package/.turbo/turbo-build.log
CHANGED
|
@@ -1,18 +1,17 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
>
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
DTS Build
|
|
17
|
-
DTS
|
|
18
|
-
DTS build/index.d.ts 5.81 KB
|
|
1
|
+
|
|
2
|
+
> @silkweave/auth@1.3.1 build /Users/atomic/projects/ai/silkweave/packages/auth
|
|
3
|
+
> tsup
|
|
4
|
+
|
|
5
|
+
CLI Building entry: src/index.ts
|
|
6
|
+
CLI Using tsconfig: tsconfig.json
|
|
7
|
+
CLI tsup v8.5.1
|
|
8
|
+
CLI Using tsup config: /Users/atomic/projects/ai/silkweave/packages/auth/tsup.config.ts
|
|
9
|
+
CLI Target: node18
|
|
10
|
+
CLI Cleaning output folder
|
|
11
|
+
ESM Build start
|
|
12
|
+
ESM build/index.js 26.05 KB
|
|
13
|
+
ESM build/index.js.map 48.44 KB
|
|
14
|
+
ESM ⚡️ Build success in 10ms
|
|
15
|
+
DTS Build start
|
|
16
|
+
DTS ⚡️ Build success in 485ms
|
|
17
|
+
DTS build/index.d.ts 5.73 KB
|
package/.turbo/turbo-check.log
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
>
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
>
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
>
|
|
12
|
-
|
|
13
|
-
|
|
1
|
+
|
|
2
|
+
> @silkweave/auth@1.3.1 check /Users/atomic/projects/ai/silkweave/packages/auth
|
|
3
|
+
> pnpm lint && pnpm typecheck
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
> @silkweave/auth@1.3.1 lint /Users/atomic/projects/ai/silkweave/packages/auth
|
|
7
|
+
> eslint
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
> @silkweave/auth@1.3.1 typecheck /Users/atomic/projects/ai/silkweave/packages/auth
|
|
11
|
+
> tsc --noEmit
|
|
12
|
+
|
package/.turbo/turbo-lint.log
CHANGED
package/.turbo/turbo-prepack.log
CHANGED
|
@@ -1,26 +1,26 @@
|
|
|
1
1
|
|
|
2
2
|
|
|
3
|
-
> @silkweave/auth@1.3.0 prepack /Users/atomic/projects/ai/
|
|
3
|
+
> @silkweave/auth@1.3.0 prepack /Users/atomic/projects/ai/silkweave/packages/auth
|
|
4
4
|
> pnpm clean && pnpm build
|
|
5
5
|
|
|
6
6
|
|
|
7
|
-
> @silkweave/auth@1.3.0 clean /Users/atomic/projects/ai/
|
|
7
|
+
> @silkweave/auth@1.3.0 clean /Users/atomic/projects/ai/silkweave/packages/auth
|
|
8
8
|
> rimraf build
|
|
9
9
|
|
|
10
10
|
|
|
11
|
-
> @silkweave/auth@1.3.0 build /Users/atomic/projects/ai/
|
|
11
|
+
> @silkweave/auth@1.3.0 build /Users/atomic/projects/ai/silkweave/packages/auth
|
|
12
12
|
> tsup
|
|
13
13
|
|
|
14
14
|
[34mCLI[39m Building entry: src/index.ts
|
|
15
15
|
[34mCLI[39m Using tsconfig: tsconfig.json
|
|
16
16
|
[34mCLI[39m tsup v8.5.1
|
|
17
|
-
[34mCLI[39m Using tsup config: /Users/atomic/projects/ai/
|
|
17
|
+
[34mCLI[39m Using tsup config: /Users/atomic/projects/ai/silkweave/packages/auth/tsup.config.ts
|
|
18
18
|
[34mCLI[39m Target: node18
|
|
19
19
|
[34mCLI[39m Cleaning output folder
|
|
20
20
|
[34mESM[39m Build start
|
|
21
|
-
[32mESM[39m [1mbuild/index.js [22m[32m25.
|
|
22
|
-
[32mESM[39m [1mbuild/index.js.map [22m[32m46.
|
|
23
|
-
[32mESM[39m ⚡️ Build success in
|
|
21
|
+
[32mESM[39m [1mbuild/index.js [22m[32m25.86 KB[39m
|
|
22
|
+
[32mESM[39m [1mbuild/index.js.map [22m[32m46.99 KB[39m
|
|
23
|
+
[32mESM[39m ⚡️ Build success in 9ms
|
|
24
24
|
DTS Build start
|
|
25
|
-
DTS ⚡️ Build success in
|
|
25
|
+
DTS ⚡️ Build success in 471ms
|
|
26
26
|
DTS build/index.d.ts 5.81 KB
|
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# @silkweave/auth
|
|
2
2
|
|
|
3
|
-
OAuth 2.1 authentication for [Silkweave](https://github.com/
|
|
3
|
+
OAuth 2.1 authentication for [Silkweave](https://github.com/silkweave/silkweave) MCP servers. Acts as an OAuth proxy between MCP clients and upstream identity providers (Google, etc.), handling PKCE, refresh tokens, dynamic client registration (CIMD), and protected resource metadata (RFC 9728).
|
|
4
4
|
|
|
5
5
|
Standalone package -- only depends on `jose` for JWT signing/verification.
|
|
6
6
|
|
|
@@ -240,6 +240,6 @@ The proxy also supports:
|
|
|
240
240
|
|
|
241
241
|
## See Also
|
|
242
242
|
|
|
243
|
-
- [Silkweave README](https://github.com/
|
|
243
|
+
- [Silkweave README](https://github.com/silkweave/silkweave) -- Full documentation
|
|
244
244
|
- [`@silkweave/core`](https://www.npmjs.com/package/@silkweave/core) -- Core library
|
|
245
245
|
- [`@silkweave/mcp`](https://www.npmjs.com/package/@silkweave/mcp) -- MCP stdio and HTTP adapters
|
package/build/index.d.ts
CHANGED
|
@@ -5,7 +5,6 @@ declare class AuthError extends Error {
|
|
|
5
5
|
}
|
|
6
6
|
declare function invalidToken(message?: string): AuthError;
|
|
7
7
|
declare function insufficientScope(message?: string): AuthError;
|
|
8
|
-
declare function missingToken(message?: string): AuthError;
|
|
9
8
|
|
|
10
9
|
declare function extractBearerToken(header: string | null | undefined): string | null;
|
|
11
10
|
declare function buildWWWAuthenticate(error?: string, description?: string, resourceMetadataUrl?: string): string;
|
|
@@ -18,6 +17,44 @@ interface ProtectedResourceMetadata {
|
|
|
18
17
|
}
|
|
19
18
|
declare function generateProtectedResourceMetadata(resourceUrl: string, authorizationServers: string[]): ProtectedResourceMetadata;
|
|
20
19
|
|
|
20
|
+
interface AuthInfo {
|
|
21
|
+
token: string;
|
|
22
|
+
clientId?: string;
|
|
23
|
+
scopes?: string[];
|
|
24
|
+
expiresAt?: number;
|
|
25
|
+
[key: string]: unknown;
|
|
26
|
+
}
|
|
27
|
+
interface OAuthRequest {
|
|
28
|
+
method: string;
|
|
29
|
+
url: URL;
|
|
30
|
+
headers: Record<string, string | undefined>;
|
|
31
|
+
body?: Record<string, string>;
|
|
32
|
+
}
|
|
33
|
+
interface OAuthResponse {
|
|
34
|
+
status: number;
|
|
35
|
+
headers: Record<string, string>;
|
|
36
|
+
body?: string | Record<string, unknown>;
|
|
37
|
+
}
|
|
38
|
+
interface OAuthProvider {
|
|
39
|
+
authorize(req: OAuthRequest): Promise<OAuthResponse>;
|
|
40
|
+
callback(req: OAuthRequest): Promise<OAuthResponse>;
|
|
41
|
+
token(req: OAuthRequest): Promise<OAuthResponse>;
|
|
42
|
+
register(req: OAuthRequest): Promise<OAuthResponse>;
|
|
43
|
+
metadata(): OAuthResponse;
|
|
44
|
+
verifyToken(token: string): Promise<AuthInfo | undefined>;
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
type VerifyToken = (token: string) => Promise<AuthInfo | undefined>;
|
|
48
|
+
interface AuthConfig {
|
|
49
|
+
verifyToken: VerifyToken;
|
|
50
|
+
required?: boolean;
|
|
51
|
+
resourceUrl?: string;
|
|
52
|
+
authorizationServers?: string[];
|
|
53
|
+
requiredScopes?: string[];
|
|
54
|
+
provider?: OAuthProvider;
|
|
55
|
+
callbackPath?: string;
|
|
56
|
+
}
|
|
57
|
+
|
|
21
58
|
interface AuthCodeData {
|
|
22
59
|
clientId: string;
|
|
23
60
|
redirectUri: string;
|
|
@@ -71,46 +108,6 @@ interface OAuthStore {
|
|
|
71
108
|
deleteRefreshToken(token: string): Promise<void>;
|
|
72
109
|
}
|
|
73
110
|
|
|
74
|
-
declare function createMemoryStore(): OAuthStore;
|
|
75
|
-
|
|
76
|
-
interface OAuthRequest {
|
|
77
|
-
method: string;
|
|
78
|
-
url: URL;
|
|
79
|
-
headers: Record<string, string | undefined>;
|
|
80
|
-
body?: Record<string, string>;
|
|
81
|
-
}
|
|
82
|
-
interface OAuthResponse {
|
|
83
|
-
status: number;
|
|
84
|
-
headers: Record<string, string>;
|
|
85
|
-
body?: string | Record<string, unknown>;
|
|
86
|
-
}
|
|
87
|
-
interface OAuthProvider {
|
|
88
|
-
authorize(req: OAuthRequest): Promise<OAuthResponse>;
|
|
89
|
-
callback(req: OAuthRequest): Promise<OAuthResponse>;
|
|
90
|
-
token(req: OAuthRequest): Promise<OAuthResponse>;
|
|
91
|
-
register(req: OAuthRequest): Promise<OAuthResponse>;
|
|
92
|
-
metadata(): OAuthResponse;
|
|
93
|
-
verifyToken(token: string): Promise<AuthInfo | undefined>;
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
interface AuthInfo {
|
|
97
|
-
token: string;
|
|
98
|
-
clientId?: string;
|
|
99
|
-
scopes?: string[];
|
|
100
|
-
expiresAt?: number;
|
|
101
|
-
[key: string]: unknown;
|
|
102
|
-
}
|
|
103
|
-
type VerifyToken = (token: string) => Promise<AuthInfo | undefined>;
|
|
104
|
-
interface AuthConfig {
|
|
105
|
-
verifyToken: VerifyToken;
|
|
106
|
-
required?: boolean;
|
|
107
|
-
resourceUrl?: string;
|
|
108
|
-
authorizationServers?: string[];
|
|
109
|
-
requiredScopes?: string[];
|
|
110
|
-
provider?: OAuthProvider;
|
|
111
|
-
callbackPath?: string;
|
|
112
|
-
}
|
|
113
|
-
|
|
114
111
|
interface GoogleOAuthOptions {
|
|
115
112
|
clientId: string;
|
|
116
113
|
clientSecret: string;
|
|
@@ -144,6 +141,8 @@ declare function matchRedirectUri(uri: string, patterns: string[]): boolean;
|
|
|
144
141
|
|
|
145
142
|
declare function createJsonStore(path: string): OAuthStore;
|
|
146
143
|
|
|
144
|
+
declare function createMemoryStore(): OAuthStore;
|
|
145
|
+
|
|
147
146
|
interface RedisClient {
|
|
148
147
|
get(key: string): Promise<unknown>;
|
|
149
148
|
set(key: string, value: string, options?: {
|
|
@@ -170,4 +169,4 @@ interface ValidateResult {
|
|
|
170
169
|
}
|
|
171
170
|
declare function validateToken(authorizationHeader: string | null | undefined, config: AuthConfig): Promise<ValidateResult>;
|
|
172
171
|
|
|
173
|
-
export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri,
|
|
172
|
+
export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri, validateToken };
|