@silkweave/auth 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +6 -6
- package/.turbo/turbo-check.log +3 -7
- package/.turbo/turbo-lint.log +1 -1
- package/.turbo/turbo-prepack.log +7 -7
- package/README.md +0 -2
- package/build/index.d.ts +44 -43
- package/build/index.js +253 -220
- package/build/index.js.map +1 -1
- package/package.json +4 -3
- package/src/errors.ts +0 -4
- package/src/provider/index.ts +0 -1
- package/src/provider/proxy.ts +309 -253
- package/src/provider/types.ts +7 -1
- package/src/types.ts +4 -9
- package/src/validate.ts +5 -3
package/.turbo/turbo-build.log
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
|
|
2
2
|
|
|
3
|
-
> @silkweave/auth@1.3.
|
|
3
|
+
> @silkweave/auth@1.3.2 build /Users/atomic/projects/ai/silkweave/packages/auth
|
|
4
4
|
> tsup
|
|
5
5
|
|
|
6
6
|
[34mCLI[39m Building entry: src/index.ts
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
[34mCLI[39m Target: node18
|
|
11
11
|
[34mCLI[39m Cleaning output folder
|
|
12
12
|
[34mESM[39m Build start
|
|
13
|
-
[32mESM[39m [1mbuild/index.js [22m[
|
|
14
|
-
[32mESM[39m [1mbuild/index.js.map [22m[
|
|
15
|
-
[32mESM[39m ⚡️ Build success in
|
|
13
|
+
[32mESM[39m [1mbuild/index.js [22m[32m26.07 KB[39m
|
|
14
|
+
[32mESM[39m [1mbuild/index.js.map [22m[32m48.54 KB[39m
|
|
15
|
+
[32mESM[39m ⚡️ Build success in 12ms
|
|
16
16
|
DTS Build start
|
|
17
|
-
DTS ⚡️ Build success in
|
|
18
|
-
DTS build/index.d.ts 5.
|
|
17
|
+
DTS ⚡️ Build success in 527ms
|
|
18
|
+
DTS build/index.d.ts 5.84 KB
|
package/.turbo/turbo-check.log
CHANGED
|
@@ -1,16 +1,12 @@
|
|
|
1
1
|
|
|
2
|
-
> @silkweave/auth@1.3.
|
|
2
|
+
> @silkweave/auth@1.3.2 check /Users/atomic/projects/ai/silkweave/packages/auth
|
|
3
3
|
> pnpm lint && pnpm typecheck
|
|
4
4
|
|
|
5
5
|
|
|
6
|
-
> @silkweave/auth@1.3.
|
|
6
|
+
> @silkweave/auth@1.3.2 lint /Users/atomic/projects/ai/silkweave/packages/auth
|
|
7
7
|
> eslint
|
|
8
8
|
|
|
9
9
|
|
|
10
|
-
> @silkweave/auth@1.3.
|
|
10
|
+
> @silkweave/auth@1.3.2 typecheck /Users/atomic/projects/ai/silkweave/packages/auth
|
|
11
11
|
> tsc --noEmit
|
|
12
12
|
|
|
13
|
-
ELIFECYCLE Command failed.
|
|
14
|
-
WARN Local package.json exists, but node_modules missing, did you mean to install?
|
|
15
|
-
ELIFECYCLE Command failed.
|
|
16
|
-
WARN Local package.json exists, but node_modules missing, did you mean to install?
|
package/.turbo/turbo-lint.log
CHANGED
package/.turbo/turbo-prepack.log
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
|
|
2
2
|
|
|
3
|
-
> @silkweave/auth@1.
|
|
3
|
+
> @silkweave/auth@1.4.0 prepack /Users/atomic/projects/ai/silkweave/packages/auth
|
|
4
4
|
> pnpm clean && pnpm build
|
|
5
5
|
|
|
6
6
|
|
|
7
|
-
> @silkweave/auth@1.
|
|
7
|
+
> @silkweave/auth@1.4.0 clean /Users/atomic/projects/ai/silkweave/packages/auth
|
|
8
8
|
> rimraf build
|
|
9
9
|
|
|
10
10
|
|
|
11
|
-
> @silkweave/auth@1.
|
|
11
|
+
> @silkweave/auth@1.4.0 build /Users/atomic/projects/ai/silkweave/packages/auth
|
|
12
12
|
> tsup
|
|
13
13
|
|
|
14
14
|
[34mCLI[39m Building entry: src/index.ts
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
[34mCLI[39m Target: node18
|
|
19
19
|
[34mCLI[39m Cleaning output folder
|
|
20
20
|
[34mESM[39m Build start
|
|
21
|
-
[32mESM[39m [1mbuild/index.js [22m[
|
|
22
|
-
[32mESM[39m [1mbuild/index.js.map [22m[
|
|
21
|
+
[32mESM[39m [1mbuild/index.js [22m[32m26.07 KB[39m
|
|
22
|
+
[32mESM[39m [1mbuild/index.js.map [22m[32m48.54 KB[39m
|
|
23
23
|
[32mESM[39m ⚡️ Build success in 9ms
|
|
24
24
|
DTS Build start
|
|
25
|
-
DTS ⚡️ Build success in
|
|
26
|
-
DTS build/index.d.ts 5.
|
|
25
|
+
DTS ⚡️ Build success in 530ms
|
|
26
|
+
DTS build/index.d.ts 5.84 KB
|
package/README.md
CHANGED
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
OAuth 2.1 authentication for [Silkweave](https://github.com/silkweave/silkweave) MCP servers. Acts as an OAuth proxy between MCP clients and upstream identity providers (Google, etc.), handling PKCE, refresh tokens, dynamic client registration (CIMD), and protected resource metadata (RFC 9728).
|
|
4
4
|
|
|
5
|
-
Standalone package -- only depends on `jose` for JWT signing/verification.
|
|
6
|
-
|
|
7
5
|
## Install
|
|
8
6
|
|
|
9
7
|
```bash
|
package/build/index.d.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import { SilkweaveContext } from '@silkweave/core';
|
|
2
|
+
|
|
1
3
|
declare class AuthError extends Error {
|
|
2
4
|
readonly code: string;
|
|
3
5
|
readonly statusCode: number;
|
|
@@ -5,7 +7,6 @@ declare class AuthError extends Error {
|
|
|
5
7
|
}
|
|
6
8
|
declare function invalidToken(message?: string): AuthError;
|
|
7
9
|
declare function insufficientScope(message?: string): AuthError;
|
|
8
|
-
declare function missingToken(message?: string): AuthError;
|
|
9
10
|
|
|
10
11
|
declare function extractBearerToken(header: string | null | undefined): string | null;
|
|
11
12
|
declare function buildWWWAuthenticate(error?: string, description?: string, resourceMetadataUrl?: string): string;
|
|
@@ -18,6 +19,44 @@ interface ProtectedResourceMetadata {
|
|
|
18
19
|
}
|
|
19
20
|
declare function generateProtectedResourceMetadata(resourceUrl: string, authorizationServers: string[]): ProtectedResourceMetadata;
|
|
20
21
|
|
|
22
|
+
interface AuthInfo {
|
|
23
|
+
token: string;
|
|
24
|
+
clientId?: string;
|
|
25
|
+
scopes?: string[];
|
|
26
|
+
expiresAt?: number;
|
|
27
|
+
[key: string]: unknown;
|
|
28
|
+
}
|
|
29
|
+
interface OAuthRequest {
|
|
30
|
+
method: string;
|
|
31
|
+
url: URL;
|
|
32
|
+
headers: Record<string, string | undefined>;
|
|
33
|
+
body?: Record<string, string>;
|
|
34
|
+
}
|
|
35
|
+
interface OAuthResponse {
|
|
36
|
+
status: number;
|
|
37
|
+
headers: Record<string, string>;
|
|
38
|
+
body?: string | Record<string, unknown>;
|
|
39
|
+
}
|
|
40
|
+
interface OAuthProvider {
|
|
41
|
+
authorize(req: OAuthRequest): Promise<OAuthResponse>;
|
|
42
|
+
callback(req: OAuthRequest): Promise<OAuthResponse>;
|
|
43
|
+
token(req: OAuthRequest): Promise<OAuthResponse>;
|
|
44
|
+
register(req: OAuthRequest): Promise<OAuthResponse>;
|
|
45
|
+
metadata(): OAuthResponse;
|
|
46
|
+
verifyToken(token: string): Promise<AuthInfo | undefined>;
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
type VerifyToken = (token: string, context: SilkweaveContext) => Promise<AuthInfo | undefined>;
|
|
50
|
+
interface AuthConfig {
|
|
51
|
+
verifyToken: VerifyToken;
|
|
52
|
+
required?: boolean;
|
|
53
|
+
resourceUrl?: string;
|
|
54
|
+
authorizationServers?: string[];
|
|
55
|
+
requiredScopes?: string[];
|
|
56
|
+
provider?: OAuthProvider;
|
|
57
|
+
callbackPath?: string;
|
|
58
|
+
}
|
|
59
|
+
|
|
21
60
|
interface AuthCodeData {
|
|
22
61
|
clientId: string;
|
|
23
62
|
redirectUri: string;
|
|
@@ -71,46 +110,6 @@ interface OAuthStore {
|
|
|
71
110
|
deleteRefreshToken(token: string): Promise<void>;
|
|
72
111
|
}
|
|
73
112
|
|
|
74
|
-
declare function createMemoryStore(): OAuthStore;
|
|
75
|
-
|
|
76
|
-
interface OAuthRequest {
|
|
77
|
-
method: string;
|
|
78
|
-
url: URL;
|
|
79
|
-
headers: Record<string, string | undefined>;
|
|
80
|
-
body?: Record<string, string>;
|
|
81
|
-
}
|
|
82
|
-
interface OAuthResponse {
|
|
83
|
-
status: number;
|
|
84
|
-
headers: Record<string, string>;
|
|
85
|
-
body?: string | Record<string, unknown>;
|
|
86
|
-
}
|
|
87
|
-
interface OAuthProvider {
|
|
88
|
-
authorize(req: OAuthRequest): Promise<OAuthResponse>;
|
|
89
|
-
callback(req: OAuthRequest): Promise<OAuthResponse>;
|
|
90
|
-
token(req: OAuthRequest): Promise<OAuthResponse>;
|
|
91
|
-
register(req: OAuthRequest): Promise<OAuthResponse>;
|
|
92
|
-
metadata(): OAuthResponse;
|
|
93
|
-
verifyToken(token: string): Promise<AuthInfo | undefined>;
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
interface AuthInfo {
|
|
97
|
-
token: string;
|
|
98
|
-
clientId?: string;
|
|
99
|
-
scopes?: string[];
|
|
100
|
-
expiresAt?: number;
|
|
101
|
-
[key: string]: unknown;
|
|
102
|
-
}
|
|
103
|
-
type VerifyToken = (token: string) => Promise<AuthInfo | undefined>;
|
|
104
|
-
interface AuthConfig {
|
|
105
|
-
verifyToken: VerifyToken;
|
|
106
|
-
required?: boolean;
|
|
107
|
-
resourceUrl?: string;
|
|
108
|
-
authorizationServers?: string[];
|
|
109
|
-
requiredScopes?: string[];
|
|
110
|
-
provider?: OAuthProvider;
|
|
111
|
-
callbackPath?: string;
|
|
112
|
-
}
|
|
113
|
-
|
|
114
113
|
interface GoogleOAuthOptions {
|
|
115
114
|
clientId: string;
|
|
116
115
|
clientSecret: string;
|
|
@@ -144,6 +143,8 @@ declare function matchRedirectUri(uri: string, patterns: string[]): boolean;
|
|
|
144
143
|
|
|
145
144
|
declare function createJsonStore(path: string): OAuthStore;
|
|
146
145
|
|
|
146
|
+
declare function createMemoryStore(): OAuthStore;
|
|
147
|
+
|
|
147
148
|
interface RedisClient {
|
|
148
149
|
get(key: string): Promise<unknown>;
|
|
149
150
|
set(key: string, value: string, options?: {
|
|
@@ -168,6 +169,6 @@ interface ValidateResult {
|
|
|
168
169
|
};
|
|
169
170
|
};
|
|
170
171
|
}
|
|
171
|
-
declare function validateToken(authorizationHeader: string | null | undefined, config: AuthConfig): Promise<ValidateResult>;
|
|
172
|
+
declare function validateToken(authorizationHeader: string | null | undefined, config: AuthConfig, context: SilkweaveContext): Promise<ValidateResult>;
|
|
172
173
|
|
|
173
|
-
export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri,
|
|
174
|
+
export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri, validateToken };
|