@silkweave/auth 1.3.1 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
 
2
2
  
3
- > @silkweave/auth@1.3.0 build /Users/atomic/projects/ai/silkweave/packages/auth
3
+ > @silkweave/auth@1.3.2 build /Users/atomic/projects/ai/silkweave/packages/auth
4
4
  > tsup
5
5
 
6
6
  CLI Building entry: src/index.ts
@@ -10,9 +10,9 @@
10
10
  CLI Target: node18
11
11
  CLI Cleaning output folder
12
12
  ESM Build start
13
- ESM build/index.js 25.86 KB
14
- ESM build/index.js.map 46.99 KB
15
- ESM ⚡️ Build success in 9ms
13
+ ESM build/index.js 26.07 KB
14
+ ESM build/index.js.map 48.54 KB
15
+ ESM ⚡️ Build success in 12ms
16
16
  DTS Build start
17
- DTS ⚡️ Build success in 455ms
18
- DTS build/index.d.ts 5.81 KB
17
+ DTS ⚡️ Build success in 527ms
18
+ DTS build/index.d.ts 5.84 KB
@@ -1,16 +1,12 @@
1
1
 
2
- > @silkweave/auth@1.3.0 check /Users/atomic/projects/ai/silkweave/packages/auth
2
+ > @silkweave/auth@1.3.2 check /Users/atomic/projects/ai/silkweave/packages/auth
3
3
  > pnpm lint && pnpm typecheck
4
4
 
5
5
 
6
- > @silkweave/auth@1.3.0 lint /Users/atomic/projects/ai/silkweave/packages/auth
6
+ > @silkweave/auth@1.3.2 lint /Users/atomic/projects/ai/silkweave/packages/auth
7
7
  > eslint
8
8
 
9
9
 
10
- > @silkweave/auth@1.3.0 typecheck /Users/atomic/projects/ai/silkweave/packages/auth
10
+ > @silkweave/auth@1.3.2 typecheck /Users/atomic/projects/ai/silkweave/packages/auth
11
11
  > tsc --noEmit
12
12
 
13
-  ELIFECYCLE  Command failed.
14
-  WARN  Local package.json exists, but node_modules missing, did you mean to install?
15
-  ELIFECYCLE  Command failed.
16
-  WARN  Local package.json exists, but node_modules missing, did you mean to install?
@@ -1,5 +1,5 @@
1
1
 
2
2
  
3
- > @silkweave/auth@1.3.0 lint /Users/atomic/projects/ai/silkweave/packages/auth
3
+ > @silkweave/auth@1.3.2 lint /Users/atomic/projects/ai/silkweave/packages/auth
4
4
  > eslint
5
5
 
@@ -1,14 +1,14 @@
1
1
 
2
2
  
3
- > @silkweave/auth@1.3.0 prepack /Users/atomic/projects/ai/silkweave/packages/auth
3
+ > @silkweave/auth@1.4.0 prepack /Users/atomic/projects/ai/silkweave/packages/auth
4
4
  > pnpm clean && pnpm build
5
5
 
6
6
 
7
- > @silkweave/auth@1.3.0 clean /Users/atomic/projects/ai/silkweave/packages/auth
7
+ > @silkweave/auth@1.4.0 clean /Users/atomic/projects/ai/silkweave/packages/auth
8
8
  > rimraf build
9
9
 
10
10
 
11
- > @silkweave/auth@1.3.0 build /Users/atomic/projects/ai/silkweave/packages/auth
11
+ > @silkweave/auth@1.4.0 build /Users/atomic/projects/ai/silkweave/packages/auth
12
12
  > tsup
13
13
 
14
14
  CLI Building entry: src/index.ts
@@ -18,9 +18,9 @@
18
18
  CLI Target: node18
19
19
  CLI Cleaning output folder
20
20
  ESM Build start
21
- ESM build/index.js 25.86 KB
22
- ESM build/index.js.map 46.99 KB
21
+ ESM build/index.js 26.07 KB
22
+ ESM build/index.js.map 48.54 KB
23
23
  ESM ⚡️ Build success in 9ms
24
24
  DTS Build start
25
- DTS ⚡️ Build success in 471ms
26
- DTS build/index.d.ts 5.81 KB
25
+ DTS ⚡️ Build success in 530ms
26
+ DTS build/index.d.ts 5.84 KB
package/README.md CHANGED
@@ -2,8 +2,6 @@
2
2
 
3
3
  OAuth 2.1 authentication for [Silkweave](https://github.com/silkweave/silkweave) MCP servers. Acts as an OAuth proxy between MCP clients and upstream identity providers (Google, etc.), handling PKCE, refresh tokens, dynamic client registration (CIMD), and protected resource metadata (RFC 9728).
4
4
 
5
- Standalone package -- only depends on `jose` for JWT signing/verification.
6
-
7
5
  ## Install
8
6
 
9
7
  ```bash
package/build/index.d.ts CHANGED
@@ -1,3 +1,5 @@
1
+ import { SilkweaveContext } from '@silkweave/core';
2
+
1
3
  declare class AuthError extends Error {
2
4
  readonly code: string;
3
5
  readonly statusCode: number;
@@ -5,7 +7,6 @@ declare class AuthError extends Error {
5
7
  }
6
8
  declare function invalidToken(message?: string): AuthError;
7
9
  declare function insufficientScope(message?: string): AuthError;
8
- declare function missingToken(message?: string): AuthError;
9
10
 
10
11
  declare function extractBearerToken(header: string | null | undefined): string | null;
11
12
  declare function buildWWWAuthenticate(error?: string, description?: string, resourceMetadataUrl?: string): string;
@@ -18,6 +19,44 @@ interface ProtectedResourceMetadata {
18
19
  }
19
20
  declare function generateProtectedResourceMetadata(resourceUrl: string, authorizationServers: string[]): ProtectedResourceMetadata;
20
21
 
22
+ interface AuthInfo {
23
+ token: string;
24
+ clientId?: string;
25
+ scopes?: string[];
26
+ expiresAt?: number;
27
+ [key: string]: unknown;
28
+ }
29
+ interface OAuthRequest {
30
+ method: string;
31
+ url: URL;
32
+ headers: Record<string, string | undefined>;
33
+ body?: Record<string, string>;
34
+ }
35
+ interface OAuthResponse {
36
+ status: number;
37
+ headers: Record<string, string>;
38
+ body?: string | Record<string, unknown>;
39
+ }
40
+ interface OAuthProvider {
41
+ authorize(req: OAuthRequest): Promise<OAuthResponse>;
42
+ callback(req: OAuthRequest): Promise<OAuthResponse>;
43
+ token(req: OAuthRequest): Promise<OAuthResponse>;
44
+ register(req: OAuthRequest): Promise<OAuthResponse>;
45
+ metadata(): OAuthResponse;
46
+ verifyToken(token: string): Promise<AuthInfo | undefined>;
47
+ }
48
+
49
+ type VerifyToken = (token: string, context: SilkweaveContext) => Promise<AuthInfo | undefined>;
50
+ interface AuthConfig {
51
+ verifyToken: VerifyToken;
52
+ required?: boolean;
53
+ resourceUrl?: string;
54
+ authorizationServers?: string[];
55
+ requiredScopes?: string[];
56
+ provider?: OAuthProvider;
57
+ callbackPath?: string;
58
+ }
59
+
21
60
  interface AuthCodeData {
22
61
  clientId: string;
23
62
  redirectUri: string;
@@ -71,46 +110,6 @@ interface OAuthStore {
71
110
  deleteRefreshToken(token: string): Promise<void>;
72
111
  }
73
112
 
74
- declare function createMemoryStore(): OAuthStore;
75
-
76
- interface OAuthRequest {
77
- method: string;
78
- url: URL;
79
- headers: Record<string, string | undefined>;
80
- body?: Record<string, string>;
81
- }
82
- interface OAuthResponse {
83
- status: number;
84
- headers: Record<string, string>;
85
- body?: string | Record<string, unknown>;
86
- }
87
- interface OAuthProvider {
88
- authorize(req: OAuthRequest): Promise<OAuthResponse>;
89
- callback(req: OAuthRequest): Promise<OAuthResponse>;
90
- token(req: OAuthRequest): Promise<OAuthResponse>;
91
- register(req: OAuthRequest): Promise<OAuthResponse>;
92
- metadata(): OAuthResponse;
93
- verifyToken(token: string): Promise<AuthInfo | undefined>;
94
- }
95
-
96
- interface AuthInfo {
97
- token: string;
98
- clientId?: string;
99
- scopes?: string[];
100
- expiresAt?: number;
101
- [key: string]: unknown;
102
- }
103
- type VerifyToken = (token: string) => Promise<AuthInfo | undefined>;
104
- interface AuthConfig {
105
- verifyToken: VerifyToken;
106
- required?: boolean;
107
- resourceUrl?: string;
108
- authorizationServers?: string[];
109
- requiredScopes?: string[];
110
- provider?: OAuthProvider;
111
- callbackPath?: string;
112
- }
113
-
114
113
  interface GoogleOAuthOptions {
115
114
  clientId: string;
116
115
  clientSecret: string;
@@ -144,6 +143,8 @@ declare function matchRedirectUri(uri: string, patterns: string[]): boolean;
144
143
 
145
144
  declare function createJsonStore(path: string): OAuthStore;
146
145
 
146
+ declare function createMemoryStore(): OAuthStore;
147
+
147
148
  interface RedisClient {
148
149
  get(key: string): Promise<unknown>;
149
150
  set(key: string, value: string, options?: {
@@ -168,6 +169,6 @@ interface ValidateResult {
168
169
  };
169
170
  };
170
171
  }
171
- declare function validateToken(authorizationHeader: string | null | undefined, config: AuthConfig): Promise<ValidateResult>;
172
+ declare function validateToken(authorizationHeader: string | null | undefined, config: AuthConfig, context: SilkweaveContext): Promise<ValidateResult>;
172
173
 
173
- export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri, missingToken, validateToken };
174
+ export { type AuthCodeData, type AuthConfig, AuthError, type AuthInfo, type ClientRegistration, type GoogleOAuthOptions, type OAuthProvider, type OAuthProxyConfig, type OAuthRequest, type OAuthResponse, type OAuthStore, type PendingAuthData, type ProtectedResourceMetadata, type RedisClient, type RedisStoreOptions, type RefreshTokenData, type ValidateResult, type VerifyToken, buildWWWAuthenticate, createJsonStore, createMemoryStore, createOAuthProxy, createRedisStore, extractBearerToken, generateProtectedResourceMetadata, google, insufficientScope, invalidToken, matchRedirectUri, validateToken };