@vybestack/llxprt-code-auth 0.10.0-nightly.260613.1adad3b34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.last_build +0 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/src/auth-precedence-resolver.d.ts +147 -0
- package/dist/src/auth-precedence-resolver.js +542 -0
- package/dist/src/auth-precedence-resolver.js.map +1 -0
- package/dist/src/flows/anthropic-device-flow.d.ts +57 -0
- package/dist/src/flows/anthropic-device-flow.js +231 -0
- package/dist/src/flows/anthropic-device-flow.js.map +1 -0
- package/dist/src/flows/codex-device-flow.d.ts +114 -0
- package/dist/src/flows/codex-device-flow.js +437 -0
- package/dist/src/flows/codex-device-flow.js.map +1 -0
- package/dist/src/flows/qwen-device-flow.d.ts +45 -0
- package/dist/src/flows/qwen-device-flow.js +183 -0
- package/dist/src/flows/qwen-device-flow.js.map +1 -0
- package/dist/src/index.d.ts +34 -0
- package/dist/src/index.js +26 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/interfaces/debug-logger.d.ts +31 -0
- package/dist/src/interfaces/debug-logger.js +6 -0
- package/dist/src/interfaces/debug-logger.js.map +1 -0
- package/dist/src/interfaces/index.d.ts +18 -0
- package/dist/src/interfaces/index.js +10 -0
- package/dist/src/interfaces/index.js.map +1 -0
- package/dist/src/interfaces/provider-key-storage.d.ts +26 -0
- package/dist/src/interfaces/provider-key-storage.js +6 -0
- package/dist/src/interfaces/provider-key-storage.js.map +1 -0
- package/dist/src/interfaces/runtime-context.d.ts +37 -0
- package/dist/src/interfaces/runtime-context.js +6 -0
- package/dist/src/interfaces/runtime-context.js.map +1 -0
- package/dist/src/interfaces/secure-store.d.ts +47 -0
- package/dist/src/interfaces/secure-store.js +6 -0
- package/dist/src/interfaces/secure-store.js.map +1 -0
- package/dist/src/interfaces/settings-service.d.ts +25 -0
- package/dist/src/interfaces/settings-service.js +6 -0
- package/dist/src/interfaces/settings-service.js.map +1 -0
- package/dist/src/keyring-token-store.d.ts +96 -0
- package/dist/src/keyring-token-store.js +391 -0
- package/dist/src/keyring-token-store.js.map +1 -0
- package/dist/src/oauth-errors.d.ts +173 -0
- package/dist/src/oauth-errors.js +465 -0
- package/dist/src/oauth-errors.js.map +1 -0
- package/dist/src/precedence.d.ts +115 -0
- package/dist/src/precedence.js +278 -0
- package/dist/src/precedence.js.map +1 -0
- package/dist/src/proxy/framing.d.ts +35 -0
- package/dist/src/proxy/framing.js +86 -0
- package/dist/src/proxy/framing.js.map +1 -0
- package/dist/src/proxy/proxy-provider-key-storage.d.ts +23 -0
- package/dist/src/proxy/proxy-provider-key-storage.js +41 -0
- package/dist/src/proxy/proxy-provider-key-storage.js.map +1 -0
- package/dist/src/proxy/proxy-socket-client.d.ts +43 -0
- package/dist/src/proxy/proxy-socket-client.js +219 -0
- package/dist/src/proxy/proxy-socket-client.js.map +1 -0
- package/dist/src/proxy/proxy-token-store.d.ts +39 -0
- package/dist/src/proxy/proxy-token-store.js +87 -0
- package/dist/src/proxy/proxy-token-store.js.map +1 -0
- package/dist/src/token-merge.d.ts +16 -0
- package/dist/src/token-merge.js +13 -0
- package/dist/src/token-merge.js.map +1 -0
- package/dist/src/token-sanitization.d.ts +16 -0
- package/dist/src/token-sanitization.js +10 -0
- package/dist/src/token-sanitization.js.map +1 -0
- package/dist/src/token-store.d.ts +93 -0
- package/dist/src/token-store.js +7 -0
- package/dist/src/token-store.js.map +1 -0
- package/dist/src/types.d.ts +204 -0
- package/dist/src/types.js +86 -0
- package/dist/src/types.js.map +1 -0
- package/package.json +42 -0
|
@@ -0,0 +1,542 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2025 Vybestack LLC
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
import * as fs from 'node:fs/promises';
|
|
7
|
+
import * as path from 'node:path';
|
|
8
|
+
import * as os from 'node:os';
|
|
9
|
+
import { buildCacheKey, ensureRuntimeState, flushRuntimeAuthScope, getValidCachedEntry, invalidateEntry, invalidateMatchingEntries, recordCacheHit, recordCacheMiss, registerSettingsSubscriptions, resolveProfileId, runtimeScopedStates, storeRuntimeScopedToken, } from './precedence.js';
|
|
10
|
+
function isAuthOnlyEnabled(value) {
|
|
11
|
+
if (typeof value === 'boolean')
|
|
12
|
+
return value;
|
|
13
|
+
if (typeof value === 'string') {
|
|
14
|
+
const normalized = value.trim().toLowerCase();
|
|
15
|
+
if (normalized === 'true')
|
|
16
|
+
return true;
|
|
17
|
+
if (normalized === 'false')
|
|
18
|
+
return false;
|
|
19
|
+
}
|
|
20
|
+
return false;
|
|
21
|
+
}
|
|
22
|
+
export class AuthPrecedenceResolver {
|
|
23
|
+
static NO_OP_LOGGER = {
|
|
24
|
+
debug: () => { },
|
|
25
|
+
error: () => { },
|
|
26
|
+
warn: () => { },
|
|
27
|
+
log: () => { },
|
|
28
|
+
};
|
|
29
|
+
config;
|
|
30
|
+
oauthManager;
|
|
31
|
+
settingsService;
|
|
32
|
+
providerKeyStorage;
|
|
33
|
+
logger;
|
|
34
|
+
getActiveRuntimeContextFn;
|
|
35
|
+
/**
|
|
36
|
+
* Constructs an AuthPrecedenceResolver.
|
|
37
|
+
*
|
|
38
|
+
* If callers expect resolveAuthentication() to resolve named auth keys itself,
|
|
39
|
+
* providerKeyStorage must be injected. CLI profile handling normally resolves
|
|
40
|
+
* named keys to concrete provider apiKey values before provider construction;
|
|
41
|
+
* direct consumers should pass providerKeyStorage or use core's
|
|
42
|
+
* createAuthPrecedenceResolver() factory.
|
|
43
|
+
*/
|
|
44
|
+
constructor(config, options) {
|
|
45
|
+
this.config = config;
|
|
46
|
+
this.oauthManager = options?.oauthManager;
|
|
47
|
+
this.settingsService = options?.settingsService;
|
|
48
|
+
this.providerKeyStorage = options?.providerKeyStorage;
|
|
49
|
+
this.logger = options?.logger ?? AuthPrecedenceResolver.NO_OP_LOGGER;
|
|
50
|
+
this.getActiveRuntimeContextFn = options?.getActiveRuntimeContext;
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
54
|
+
* @requirement REQ-SP2-001
|
|
55
|
+
* @pseudocode base-provider-call-contract.md lines 1-2
|
|
56
|
+
*/
|
|
57
|
+
setSettingsService(settingsService) {
|
|
58
|
+
this.settingsService = settingsService ?? undefined;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Get the active runtime context via injected function.
|
|
62
|
+
* Returns null if no function was injected or if it returns null/undefined.
|
|
63
|
+
*/
|
|
64
|
+
getActiveRuntimeContext() {
|
|
65
|
+
if (typeof this.getActiveRuntimeContextFn !== 'function')
|
|
66
|
+
return null;
|
|
67
|
+
return this.getActiveRuntimeContextFn() ?? null;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
71
|
+
* @requirement REQ-SP2-001
|
|
72
|
+
* @pseudocode base-provider-call-contract.md lines 1-2
|
|
73
|
+
*/
|
|
74
|
+
resolveSettingsService(override) {
|
|
75
|
+
if (override != null)
|
|
76
|
+
return override;
|
|
77
|
+
if (this.settingsService != null)
|
|
78
|
+
return this.settingsService;
|
|
79
|
+
const context = this.getActiveRuntimeContext();
|
|
80
|
+
const settingsService = context.settingsService;
|
|
81
|
+
if (settingsService == null) {
|
|
82
|
+
throw new Error('Active provider runtime context not available');
|
|
83
|
+
}
|
|
84
|
+
this.settingsService = settingsService;
|
|
85
|
+
return settingsService;
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
89
|
+
* @requirement REQ-SP2-001
|
|
90
|
+
* @pseudocode base-provider-call-contract.md lines 1-3
|
|
91
|
+
* Resolves authentication using the full precedence chain
|
|
92
|
+
* Returns the first available authentication method or null if none found
|
|
93
|
+
*/
|
|
94
|
+
async resolveAuthentication(options) {
|
|
95
|
+
const includeOAuth = options?.includeOAuth ?? false;
|
|
96
|
+
const settingsService = this.resolveSettingsService(options?.settingsService ?? undefined);
|
|
97
|
+
const providerKey = this.normalizeProviderId(this.config.providerId);
|
|
98
|
+
if (!isAuthOnlyEnabled(settingsService.get('authOnly'))) {
|
|
99
|
+
const nonOAuthAuth = await this.resolveNonOAuthAuthentication(settingsService, providerKey);
|
|
100
|
+
if (nonOAuthAuth !== null)
|
|
101
|
+
return nonOAuthAuth;
|
|
102
|
+
}
|
|
103
|
+
if (!this.canResolveOAuth(includeOAuth))
|
|
104
|
+
return null;
|
|
105
|
+
return this.resolveOAuthAuthentication(settingsService, providerKey);
|
|
106
|
+
}
|
|
107
|
+
async resolveNonOAuthAuthentication(settingsService, providerKey) {
|
|
108
|
+
const directAuth = await this.resolveDirectAuthentication(settingsService, providerKey);
|
|
109
|
+
if (directAuth !== null)
|
|
110
|
+
return directAuth;
|
|
111
|
+
const envAuth = this.resolveEnvironmentAuthentication();
|
|
112
|
+
return envAuth ?? null;
|
|
113
|
+
}
|
|
114
|
+
async resolveDirectAuthentication(settingsService, providerKey) {
|
|
115
|
+
const providerAuth = await this.resolveProviderAuthentication(settingsService, providerKey);
|
|
116
|
+
if (providerAuth !== null)
|
|
117
|
+
return providerAuth;
|
|
118
|
+
const configAuth = this.normalizeAuthValue(this.config.apiKey ?? null);
|
|
119
|
+
if (configAuth !== undefined)
|
|
120
|
+
return configAuth;
|
|
121
|
+
return this.resolveGlobalAuthentication(settingsService, providerKey);
|
|
122
|
+
}
|
|
123
|
+
async resolveProviderAuthentication(settingsService, providerKey) {
|
|
124
|
+
const providerSettings = providerKey !== undefined &&
|
|
125
|
+
typeof settingsService.getProviderSettings === 'function'
|
|
126
|
+
? settingsService.getProviderSettings(providerKey)
|
|
127
|
+
: undefined;
|
|
128
|
+
const providerAuthKey = this.normalizeAuthValue(providerSettings?.['auth-key']);
|
|
129
|
+
if (providerAuthKey !== undefined)
|
|
130
|
+
return providerAuthKey;
|
|
131
|
+
const providerAuthKeyfile = this.normalizeAuthValue(providerSettings?.['auth-keyfile']);
|
|
132
|
+
return this.resolveKeyFileAuth(providerAuthKeyfile);
|
|
133
|
+
}
|
|
134
|
+
async resolveGlobalAuthentication(settingsService, providerKey) {
|
|
135
|
+
if (!this.shouldUseGlobalAuth(settingsService, providerKey))
|
|
136
|
+
return null;
|
|
137
|
+
const authKey = this.normalizeAuthValue(settingsService.get('auth-key'));
|
|
138
|
+
if (authKey !== undefined)
|
|
139
|
+
return authKey;
|
|
140
|
+
const authKeyName = this.normalizeAuthValue(settingsService.get('auth-key-name'));
|
|
141
|
+
if (authKeyName !== undefined)
|
|
142
|
+
return this.resolveNamedKey(authKeyName);
|
|
143
|
+
const authKeyfile = this.normalizeAuthValue(settingsService.get('auth-keyfile'));
|
|
144
|
+
return this.resolveKeyFileAuth(authKeyfile);
|
|
145
|
+
}
|
|
146
|
+
async resolveKeyFileAuth(keyFile) {
|
|
147
|
+
if (keyFile === undefined)
|
|
148
|
+
return null;
|
|
149
|
+
const keyFromFile = await this.readKeyFile(keyFile);
|
|
150
|
+
return keyFromFile ?? null;
|
|
151
|
+
}
|
|
152
|
+
resolveEnvironmentAuthentication() {
|
|
153
|
+
if (this.config.envKeyNames == null ||
|
|
154
|
+
this.config.envKeyNames.length === 0) {
|
|
155
|
+
return undefined;
|
|
156
|
+
}
|
|
157
|
+
for (const envVarName of this.config.envKeyNames) {
|
|
158
|
+
const envValue = this.normalizeAuthValue(process.env[envVarName]);
|
|
159
|
+
if (envValue !== undefined)
|
|
160
|
+
return envValue;
|
|
161
|
+
}
|
|
162
|
+
return undefined;
|
|
163
|
+
}
|
|
164
|
+
canResolveOAuth(includeOAuth) {
|
|
165
|
+
if (!includeOAuth)
|
|
166
|
+
return false;
|
|
167
|
+
if (this.config.isOAuthEnabled !== true)
|
|
168
|
+
return false;
|
|
169
|
+
if (this.config.supportsOAuth !== true)
|
|
170
|
+
return false;
|
|
171
|
+
return this.oauthManager != null && this.config.oauthProvider != null;
|
|
172
|
+
}
|
|
173
|
+
async resolveOAuthAuthentication(settingsService, providerKey) {
|
|
174
|
+
const context = this.buildOAuthContext(settingsService, providerKey);
|
|
175
|
+
if ((await this.isOAuthDisabledByManager()) === true) {
|
|
176
|
+
this.invalidateDisabledOAuthEntry(context);
|
|
177
|
+
return null;
|
|
178
|
+
}
|
|
179
|
+
const cachedToken = this.getCachedOAuthToken(context);
|
|
180
|
+
if (cachedToken !== null)
|
|
181
|
+
return cachedToken;
|
|
182
|
+
return this.fetchAndCacheOAuthToken(context);
|
|
183
|
+
}
|
|
184
|
+
buildOAuthContext(settingsService, providerKey) {
|
|
185
|
+
const providerId = this.resolveProviderIdentifier(providerKey);
|
|
186
|
+
const profileId = resolveProfileId(settingsService);
|
|
187
|
+
const runtime = this.tryGetRuntimeState(settingsService, providerId);
|
|
188
|
+
return {
|
|
189
|
+
settingsService,
|
|
190
|
+
providerKey,
|
|
191
|
+
providerId,
|
|
192
|
+
profileId,
|
|
193
|
+
profileScopeId: profileId ?? 'no-profile',
|
|
194
|
+
runtimeContext: runtime.runtimeContext,
|
|
195
|
+
runtimeState: runtime.runtimeState,
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
tryGetRuntimeState(settingsService, providerId) {
|
|
199
|
+
try {
|
|
200
|
+
const runtimeContext = this.getActiveRuntimeContext();
|
|
201
|
+
if (!runtimeContext) {
|
|
202
|
+
return { runtimeContext: null, runtimeState: null };
|
|
203
|
+
}
|
|
204
|
+
const runtimeState = ensureRuntimeState(runtimeContext, this.logger);
|
|
205
|
+
registerSettingsSubscriptions(runtimeState, settingsService, providerId, this.logger);
|
|
206
|
+
return { runtimeContext, runtimeState };
|
|
207
|
+
}
|
|
208
|
+
catch {
|
|
209
|
+
return { runtimeContext: null, runtimeState: null };
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
async isOAuthDisabledByManager() {
|
|
213
|
+
const managerWithCheck = this.oauthManager;
|
|
214
|
+
if (typeof managerWithCheck?.isOAuthEnabled !== 'function')
|
|
215
|
+
return false;
|
|
216
|
+
try {
|
|
217
|
+
const enabledResult = managerWithCheck.isOAuthEnabled(this.config.oauthProvider);
|
|
218
|
+
return (await enabledResult) === false;
|
|
219
|
+
}
|
|
220
|
+
catch (error) {
|
|
221
|
+
this.debugOAuthEnablementError(error);
|
|
222
|
+
return false;
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
debugOAuthEnablementError(error) {
|
|
226
|
+
if (process.env.DEBUG) {
|
|
227
|
+
this.logger.debug(`Failed to determine OAuth enablement for ${this.config.oauthProvider}:`, error);
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
invalidateDisabledOAuthEntry(context) {
|
|
231
|
+
const runtimeState = context.runtimeState;
|
|
232
|
+
if (runtimeState == null)
|
|
233
|
+
return;
|
|
234
|
+
const cacheKey = buildCacheKey(runtimeState.runtimeAuthScopeId, context.providerId, context.profileScopeId);
|
|
235
|
+
if (runtimeState.entries.has(cacheKey)) {
|
|
236
|
+
invalidateEntry(runtimeState, cacheKey, 'oauth-disabled');
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
getCachedOAuthToken(context) {
|
|
240
|
+
const runtimeState = context.runtimeState;
|
|
241
|
+
if (runtimeState == null)
|
|
242
|
+
return null;
|
|
243
|
+
const cachedEntry = getValidCachedEntry(runtimeState, context.providerId, context.profileScopeId);
|
|
244
|
+
if (cachedEntry !== null) {
|
|
245
|
+
recordCacheHit(runtimeState);
|
|
246
|
+
return cachedEntry.token;
|
|
247
|
+
}
|
|
248
|
+
recordCacheMiss(runtimeState);
|
|
249
|
+
return null;
|
|
250
|
+
}
|
|
251
|
+
async fetchAndCacheOAuthToken(context) {
|
|
252
|
+
try {
|
|
253
|
+
const requestMetadata = this.buildOAuthRequestMetadata(context);
|
|
254
|
+
const token = await this.oauthManager.getToken(this.config.oauthProvider, requestMetadata);
|
|
255
|
+
if (token == null || token === '')
|
|
256
|
+
return null;
|
|
257
|
+
const oauthToken = await this.tryGetOAuthTokenMetadata(requestMetadata);
|
|
258
|
+
this.storeOAuthTokenMetadata(context, token, oauthToken);
|
|
259
|
+
return token;
|
|
260
|
+
}
|
|
261
|
+
catch (error) {
|
|
262
|
+
this.debugOAuthTokenError(error);
|
|
263
|
+
return null;
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
buildOAuthRequestMetadata(context) {
|
|
267
|
+
const runtimeMetadata = this.extractRuntimeMetadata(context.runtimeContext);
|
|
268
|
+
return {
|
|
269
|
+
runtimeAuthScopeId: context.runtimeState?.runtimeAuthScopeId ?? 'no-runtime',
|
|
270
|
+
providerId: context.providerId,
|
|
271
|
+
profileId: context.profileId ?? undefined,
|
|
272
|
+
cliScope: runtimeMetadata,
|
|
273
|
+
runtimeMetadata,
|
|
274
|
+
};
|
|
275
|
+
}
|
|
276
|
+
extractRuntimeMetadata(runtimeContext) {
|
|
277
|
+
const metadata = runtimeContext?.metadata;
|
|
278
|
+
return metadata != null && typeof metadata === 'object'
|
|
279
|
+
? metadata
|
|
280
|
+
: undefined;
|
|
281
|
+
}
|
|
282
|
+
storeOAuthTokenMetadata(context, token, oauthToken) {
|
|
283
|
+
const runtimeState = context.runtimeState;
|
|
284
|
+
if (runtimeState == null)
|
|
285
|
+
return;
|
|
286
|
+
storeRuntimeScopedToken(runtimeState, context.providerId, context.profileScopeId, token, oauthToken);
|
|
287
|
+
}
|
|
288
|
+
async tryGetOAuthTokenMetadata(requestMetadata) {
|
|
289
|
+
if (typeof this.oauthManager?.getOAuthToken !== 'function')
|
|
290
|
+
return null;
|
|
291
|
+
try {
|
|
292
|
+
return await this.oauthManager.getOAuthToken(this.config.oauthProvider, requestMetadata);
|
|
293
|
+
}
|
|
294
|
+
catch (tokenError) {
|
|
295
|
+
if (process.env.DEBUG) {
|
|
296
|
+
this.logger.debug(`Failed to fetch OAuth token metadata for ${this.config.oauthProvider}:`, tokenError);
|
|
297
|
+
}
|
|
298
|
+
return null;
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
debugOAuthTokenError(error) {
|
|
302
|
+
if (process.env.DEBUG) {
|
|
303
|
+
this.logger.warn(`Failed to get OAuth token for ${this.config.oauthProvider}:`, error);
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
/**
|
|
307
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
308
|
+
* @requirement REQ-SP2-001
|
|
309
|
+
* @pseudocode base-provider-call-contract.md lines 1-3
|
|
310
|
+
* Check if any authentication method is available without triggering OAuth
|
|
311
|
+
*/
|
|
312
|
+
async hasNonOAuthAuthentication(options) {
|
|
313
|
+
const auth = await this.resolveAuthentication({
|
|
314
|
+
...options,
|
|
315
|
+
includeOAuth: false,
|
|
316
|
+
});
|
|
317
|
+
return auth !== null;
|
|
318
|
+
}
|
|
319
|
+
/**
|
|
320
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
321
|
+
* @requirement REQ-SP2-001
|
|
322
|
+
* @pseudocode base-provider-call-contract.md lines 1-3
|
|
323
|
+
* Check if OAuth is the only available authentication method
|
|
324
|
+
*/
|
|
325
|
+
async isOAuthOnlyAvailable(options) {
|
|
326
|
+
const hasNonOAuth = await this.hasNonOAuthAuthentication(options);
|
|
327
|
+
return (!hasNonOAuth &&
|
|
328
|
+
this.config.isOAuthEnabled === true &&
|
|
329
|
+
this.config.supportsOAuth === true);
|
|
330
|
+
}
|
|
331
|
+
/**
|
|
332
|
+
* @plan PLAN-20251018-STATELESSPROVIDER2.P06
|
|
333
|
+
* @requirement REQ-SP2-001
|
|
334
|
+
* @pseudocode base-provider-call-contract.md lines 1-3
|
|
335
|
+
* Get authentication method name for debugging/logging
|
|
336
|
+
*/
|
|
337
|
+
async getAuthMethodName(options) {
|
|
338
|
+
const settingsService = this.resolveSettingsService(options?.settingsService ?? undefined);
|
|
339
|
+
const globalMethod = await this.getGlobalAuthMethodName(settingsService);
|
|
340
|
+
if (globalMethod !== null)
|
|
341
|
+
return globalMethod;
|
|
342
|
+
const configMethod = this.getConfigAuthMethodName();
|
|
343
|
+
if (configMethod !== null)
|
|
344
|
+
return configMethod;
|
|
345
|
+
return this.getOAuthMethodName();
|
|
346
|
+
}
|
|
347
|
+
async getGlobalAuthMethodName(settingsService) {
|
|
348
|
+
const authKey = settingsService.get('auth-key');
|
|
349
|
+
if (typeof authKey === 'string' && authKey.trim() !== '') {
|
|
350
|
+
return 'command-key';
|
|
351
|
+
}
|
|
352
|
+
if (this.normalizeAuthValue(settingsService.get('auth-key-name')) !==
|
|
353
|
+
undefined) {
|
|
354
|
+
return 'named-key';
|
|
355
|
+
}
|
|
356
|
+
return this.getKeyFileMethodName(settingsService.get('auth-keyfile'));
|
|
357
|
+
}
|
|
358
|
+
async getKeyFileMethodName(value) {
|
|
359
|
+
if (typeof value !== 'string' || value === '')
|
|
360
|
+
return null;
|
|
361
|
+
try {
|
|
362
|
+
const keyFromFile = await this.readKeyFile(value);
|
|
363
|
+
return keyFromFile !== null ? 'command-keyfile' : null;
|
|
364
|
+
}
|
|
365
|
+
catch {
|
|
366
|
+
return null;
|
|
367
|
+
}
|
|
368
|
+
}
|
|
369
|
+
getConfigAuthMethodName() {
|
|
370
|
+
if (typeof this.config.apiKey === 'string' &&
|
|
371
|
+
this.config.apiKey.trim() !== '') {
|
|
372
|
+
return 'constructor-apikey';
|
|
373
|
+
}
|
|
374
|
+
const envAuthName = this.getEnvironmentAuthMethodName();
|
|
375
|
+
return envAuthName ?? null;
|
|
376
|
+
}
|
|
377
|
+
getEnvironmentAuthMethodName() {
|
|
378
|
+
if (this.config.envKeyNames == null ||
|
|
379
|
+
this.config.envKeyNames.length === 0) {
|
|
380
|
+
return undefined;
|
|
381
|
+
}
|
|
382
|
+
for (const envVarName of this.config.envKeyNames) {
|
|
383
|
+
const envValue = process.env[envVarName];
|
|
384
|
+
if (typeof envValue === 'string' && envValue.trim() !== '') {
|
|
385
|
+
return `env-${envVarName.toLowerCase()}`;
|
|
386
|
+
}
|
|
387
|
+
}
|
|
388
|
+
return undefined;
|
|
389
|
+
}
|
|
390
|
+
async getOAuthMethodName() {
|
|
391
|
+
if (!this.canResolveOAuth(true))
|
|
392
|
+
return null;
|
|
393
|
+
try {
|
|
394
|
+
const isAuthenticated = await this.oauthManager.isAuthenticated(this.config.oauthProvider);
|
|
395
|
+
return isAuthenticated ? `oauth-${this.config.oauthProvider}` : null;
|
|
396
|
+
}
|
|
397
|
+
catch {
|
|
398
|
+
return null;
|
|
399
|
+
}
|
|
400
|
+
}
|
|
401
|
+
normalizeAuthValue(value) {
|
|
402
|
+
if (typeof value !== 'string')
|
|
403
|
+
return undefined;
|
|
404
|
+
const trimmed = value.trim();
|
|
405
|
+
return trimmed === '' || trimmed.toLowerCase() === 'none'
|
|
406
|
+
? undefined
|
|
407
|
+
: trimmed;
|
|
408
|
+
}
|
|
409
|
+
normalizeProviderId(value) {
|
|
410
|
+
if (typeof value !== 'string')
|
|
411
|
+
return undefined;
|
|
412
|
+
const trimmed = value.trim();
|
|
413
|
+
return trimmed === '' ? undefined : trimmed;
|
|
414
|
+
}
|
|
415
|
+
resolveProviderIdentifier(preferredProviderId) {
|
|
416
|
+
const providerId = this.normalizeProviderId(preferredProviderId);
|
|
417
|
+
if (providerId !== undefined)
|
|
418
|
+
return providerId;
|
|
419
|
+
const oauthProvider = this.normalizeProviderId(this.config.oauthProvider);
|
|
420
|
+
if (oauthProvider !== undefined)
|
|
421
|
+
return oauthProvider;
|
|
422
|
+
return this.config.envKeyNames?.[0] ?? 'unknown-provider';
|
|
423
|
+
}
|
|
424
|
+
shouldUseGlobalAuth(settingsService, providerId) {
|
|
425
|
+
if (providerId === undefined)
|
|
426
|
+
return true;
|
|
427
|
+
const activeProvider = settingsService.get('activeProvider');
|
|
428
|
+
if (typeof activeProvider !== 'string')
|
|
429
|
+
return true;
|
|
430
|
+
const trimmed = activeProvider.trim();
|
|
431
|
+
return trimmed === '' || trimmed === providerId;
|
|
432
|
+
}
|
|
433
|
+
async resolveNamedKey(name) {
|
|
434
|
+
const trimmedName = this.normalizeAuthValue(name);
|
|
435
|
+
if (trimmedName === undefined) {
|
|
436
|
+
throw new Error('Named key reference is empty');
|
|
437
|
+
}
|
|
438
|
+
const storage = this.providerKeyStorage;
|
|
439
|
+
if (!storage) {
|
|
440
|
+
throw new Error('Provider key storage is required to resolve named auth keys. ' +
|
|
441
|
+
'Pass providerKeyStorage to AuthPrecedenceResolver or use createAuthPrecedenceResolver() from core.');
|
|
442
|
+
}
|
|
443
|
+
const key = this.normalizeAuthValue(await storage.getKey(trimmedName));
|
|
444
|
+
if (key === undefined) {
|
|
445
|
+
throw new Error(`Named key '${trimmedName}' not found. Save it with /key save ${trimmedName} <api-key> before retrying.`);
|
|
446
|
+
}
|
|
447
|
+
return key;
|
|
448
|
+
}
|
|
449
|
+
/**
|
|
450
|
+
* Reads API key from a file path, handling tilde expansion, absolute and relative paths
|
|
451
|
+
*/
|
|
452
|
+
async readKeyFile(filePath) {
|
|
453
|
+
try {
|
|
454
|
+
const expandedPath = filePath.startsWith('~')
|
|
455
|
+
? path.join(os.homedir(), filePath.slice(1))
|
|
456
|
+
: filePath;
|
|
457
|
+
const resolvedPath = path.isAbsolute(expandedPath)
|
|
458
|
+
? expandedPath
|
|
459
|
+
: path.resolve(process.cwd(), expandedPath);
|
|
460
|
+
const content = await fs.readFile(resolvedPath, 'utf-8');
|
|
461
|
+
const key = content.trim();
|
|
462
|
+
if (key === '') {
|
|
463
|
+
if (process.env.DEBUG) {
|
|
464
|
+
this.logger.warn(`Key file ${filePath} is empty`);
|
|
465
|
+
}
|
|
466
|
+
return null;
|
|
467
|
+
}
|
|
468
|
+
return key;
|
|
469
|
+
}
|
|
470
|
+
catch (error) {
|
|
471
|
+
if (process.env.DEBUG) {
|
|
472
|
+
this.logger.warn(`Failed to read key file ${filePath}:`, error);
|
|
473
|
+
}
|
|
474
|
+
return null;
|
|
475
|
+
}
|
|
476
|
+
}
|
|
477
|
+
/**
|
|
478
|
+
* Updates the configuration
|
|
479
|
+
*/
|
|
480
|
+
updateConfig(newConfig) {
|
|
481
|
+
this.config = { ...this.config, ...newConfig };
|
|
482
|
+
}
|
|
483
|
+
/**
|
|
484
|
+
* Updates the OAuth manager
|
|
485
|
+
*/
|
|
486
|
+
updateOAuthManager(oauthManager) {
|
|
487
|
+
this.oauthManager = oauthManager;
|
|
488
|
+
}
|
|
489
|
+
/**
|
|
490
|
+
* Invalidates the cached OAuth tokens for this resolver.
|
|
491
|
+
* This should be called during logout to ensure fresh tokens are fetched
|
|
492
|
+
* on the next authentication attempt.
|
|
493
|
+
*
|
|
494
|
+
* @plan PLAN-20251023-STATELESS-HARDENING
|
|
495
|
+
* @requirement Issue #975 - OAuth logout cache invalidation
|
|
496
|
+
*/
|
|
497
|
+
invalidateCache() {
|
|
498
|
+
const knownRuntimeIds = ['legacy-singleton', 'provider-manager-singleton'];
|
|
499
|
+
try {
|
|
500
|
+
const ctx = this.getActiveRuntimeContext();
|
|
501
|
+
const runtimeId = ctx?.runtimeId;
|
|
502
|
+
if (typeof runtimeId === 'string' &&
|
|
503
|
+
runtimeId !== '' &&
|
|
504
|
+
!knownRuntimeIds.includes(runtimeId)) {
|
|
505
|
+
knownRuntimeIds.push(runtimeId);
|
|
506
|
+
}
|
|
507
|
+
}
|
|
508
|
+
catch {
|
|
509
|
+
// Context not available, proceed with known IDs
|
|
510
|
+
}
|
|
511
|
+
for (const runtimeId of knownRuntimeIds) {
|
|
512
|
+
try {
|
|
513
|
+
flushRuntimeAuthScope(runtimeId);
|
|
514
|
+
}
|
|
515
|
+
catch (error) {
|
|
516
|
+
this.logger.debug(`Failed to flush runtime auth scope ${runtimeId}: ${error}`);
|
|
517
|
+
}
|
|
518
|
+
}
|
|
519
|
+
}
|
|
520
|
+
/**
|
|
521
|
+
* Invalidates cached OAuth tokens for a specific provider.
|
|
522
|
+
* This enables surgical cache invalidation for a single provider rather than
|
|
523
|
+
* the all-or-nothing invalidateCache() behavior.
|
|
524
|
+
*
|
|
525
|
+
* @param providerId - The provider ID to invalidate cache entries for
|
|
526
|
+
* @param profileId - Optional profile ID to invalidate only that specific profile
|
|
527
|
+
* @fix issue1861 - Token revocation handling
|
|
528
|
+
*/
|
|
529
|
+
invalidateProviderCache(providerId, profileId) {
|
|
530
|
+
for (const [, state] of runtimeScopedStates) {
|
|
531
|
+
invalidateMatchingEntries(state, (entry) => {
|
|
532
|
+
if (entry.providerId !== providerId)
|
|
533
|
+
return false;
|
|
534
|
+
if (profileId !== undefined && entry.profileId !== profileId) {
|
|
535
|
+
return false;
|
|
536
|
+
}
|
|
537
|
+
return true;
|
|
538
|
+
}, 'token-revoked');
|
|
539
|
+
}
|
|
540
|
+
}
|
|
541
|
+
}
|
|
542
|
+
//# sourceMappingURL=auth-precedence-resolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-precedence-resolver.js","sourceRoot":"","sources":["../../src/auth-precedence-resolver.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAe9B,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,yBAAyB,EACzB,cAAc,EACd,eAAe,EACf,6BAA6B,EAC7B,gBAAgB,EAChB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,iBAAiB,CAAC;AAqBzB,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,UAAU,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QACvC,IAAI,UAAU,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;IAC3C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,OAAO,sBAAsB;IACzB,MAAM,CAAU,YAAY,GAAiB;QACnD,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;QACd,GAAG,EAAE,GAAG,EAAE,GAAE,CAAC;KACd,CAAC;IAEM,MAAM,CAAuB;IAC7B,YAAY,CAAgB;IAC5B,eAAe,CAAoB;IACnC,kBAAkB,CAAuB;IACzC,MAAM,CAAe;IACrB,yBAAyB,CAA2B;IAE5D;;;;;;;;OAQG;IACH,YACE,MAA4B,EAC5B,OAMC;QAED,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,CAAC;QAC1C,IAAI,CAAC,eAAe,GAAG,OAAO,EAAE,eAAe,CAAC;QAChD,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,sBAAsB,CAAC,YAAY,CAAC;QACrE,IAAI,CAAC,yBAAyB,GAAG,OAAO,EAAE,uBAAuB,CAAC;IACpE,CAAC;IAED;;;;OAIG;IACH,kBAAkB,CAChB,eAAoD;QAEpD,IAAI,CAAC,eAAe,GAAG,eAAe,IAAI,SAAS,CAAC;IACtD,CAAC;IAED;;;OAGG;IACK,uBAAuB;QAC7B,IAAI,OAAO,IAAI,CAAC,yBAAyB,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;QACtE,OAAO,IAAI,CAAC,yBAAyB,EAAE,IAAI,IAAI,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACK,sBAAsB,CAC5B,QAAkC;QAElC,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO,QAAQ,CAAC;QACtC,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC/C,MAAM,eAAe,GACnB,OACD,CAAC,eAAe,CAAC;QAClB,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,qBAAqB,CACzB,OAA4B;QAE5B,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAAC;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CACjD,OAAO,EAAE,eAAe,IAAI,SAAS,CACtC,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAC3D,eAAe,EACf,WAAW,CACZ,CAAC;YACF,IAAI,YAAY,KAAK,IAAI;gBAAE,OAAO,YAAY,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QACrD,OAAO,IAAI,CAAC,0BAA0B,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,6BAA6B,CACzC,eAAiC,EACjC,WAA+B;QAE/B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,2BAA2B,CACvD,eAAe,EACf,WAAW,CACZ,CAAC;QACF,IAAI,UAAU,KAAK,IAAI;YAAE,OAAO,UAAU,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,gCAAgC,EAAE,CAAC;QACxD,OAAO,OAAO,IAAI,IAAI,CAAC;IACzB,CAAC;IAEO,KAAK,CAAC,2BAA2B,CACvC,eAAiC,EACjC,WAA+B;QAE/B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAC3D,eAAe,EACf,WAAW,CACZ,CAAC;QACF,IAAI,YAAY,KAAK,IAAI;YAAE,OAAO,YAAY,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;QACvE,IAAI,UAAU,KAAK,SAAS;YAAE,OAAO,UAAU,CAAC;QAChD,OAAO,IAAI,CAAC,2BAA2B,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEO,KAAK,CAAC,6BAA6B,CACzC,eAAiC,EACjC,WAA+B;QAE/B,MAAM,gBAAgB,GACpB,WAAW,KAAK,SAAS;YACzB,OAAO,eAAe,CAAC,mBAAmB,KAAK,UAAU;YACvD,CAAC,CAAC,eAAe,CAAC,mBAAmB,CAAC,WAAW,CAAC;YAClD,CAAC,CAAC,SAAS,CAAC;QAChB,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAC7C,gBAAgB,EAAE,CAAC,UAAU,CAAC,CAC/B,CAAC;QACF,IAAI,eAAe,KAAK,SAAS;YAAE,OAAO,eAAe,CAAC;QAC1D,MAAM,mBAAmB,GAAG,IAAI,CAAC,kBAAkB,CACjD,gBAAgB,EAAE,CAAC,cAAc,CAAC,CACnC,CAAC;QACF,OAAO,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,2BAA2B,CACvC,eAAiC,EACjC,WAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,eAAe,EAAE,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,IAAI,OAAO,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CACzC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CACrC,CAAC;QACF,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QACxE,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CACzC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,CACpC,CAAC;QACF,OAAO,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,OAA2B;QAE3B,IAAI,OAAO,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACvC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACpD,OAAO,WAAW,IAAI,IAAI,CAAC;IAC7B,CAAC;IAEO,gCAAgC;QACtC,IACE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI;YAC/B,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EACpC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;YAClE,IAAI,QAAQ,KAAK,SAAS;gBAAE,OAAO,QAAQ,CAAC;QAC9C,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,eAAe,CAAC,YAAqB;QAC3C,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QACtD,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC;IACxE,CAAC;IAEO,KAAK,CAAC,0BAA0B,CACtC,eAAiC,EACjC,WAA+B;QAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,IAAI,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,WAAW,KAAK,IAAI;YAAE,OAAO,WAAW,CAAC;QAC7C,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,iBAAiB,CACvB,eAAiC,EACjC,WAA+B;QAE/B,MAAM,UAAU,GAAG,IAAI,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACrE,OAAO;YACL,eAAe;YACf,WAAW;YACX,UAAU;YACV,SAAS;YACT,cAAc,EAAE,SAAS,IAAI,YAAY;YACzC,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC;IACJ,CAAC;IAEO,kBAAkB,CACxB,eAAiC,EACjC,UAAkB;QAKlB,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;YACtD,CAAC;YACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACrE,6BAA6B,CAC3B,YAAY,EACZ,eAAe,EACf,UAAU,EACV,IAAI,CAAC,MAAM,CACZ,CAAC;YACF,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB;QACpC,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAEjB,CAAC;QACd,IAAI,OAAO,gBAAgB,EAAE,cAAc,KAAK,UAAU;YAAE,OAAO,KAAK,CAAC;QACzE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,gBAAgB,CAAC,cAAc,CACnD,IAAI,CAAC,MAAM,CAAC,aAAc,CAC3B,CAAC;YACF,OAAO,CAAC,MAAM,aAAa,CAAC,KAAK,KAAK,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;YACtC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,yBAAyB,CAAC,KAAc;QAC9C,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,4CAA4C,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,EACxE,KAAK,CACN,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,OAA+B;QAClE,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,YAAY,IAAI,IAAI;YAAE,OAAO;QACjC,MAAM,QAAQ,GAAG,aAAa,CAC5B,YAAY,CAAC,kBAAkB,EAC/B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,cAAc,CACvB,CAAC;QACF,IAAI,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,YAAY,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,OAA+B;QACzD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,YAAY,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,WAAW,GAAG,mBAAmB,CACrC,YAAY,EACZ,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,cAAc,CACvB,CAAC;QACF,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,cAAc,CAAC,YAAY,CAAC,CAAC;YAC7B,OAAO,WAAW,CAAC,KAAK,CAAC;QAC3B,CAAC;QACD,eAAe,CAAC,YAAY,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,OAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;YAChE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAa,CAAC,QAAQ,CAC7C,IAAI,CAAC,MAAM,CAAC,aAAc,EAC1B,eAAe,CAChB,CAAC;YACF,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,EAAE;gBAAE,OAAO,IAAI,CAAC;YAC/C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,eAAe,CAAC,CAAC;YACxE,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,yBAAyB,CAC/B,OAA+B;QAE/B,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC5E,OAAO;YACL,kBAAkB,EAChB,OAAO,CAAC,YAAY,EAAE,kBAAkB,IAAI,YAAY;YAC1D,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,SAAS;YACzC,QAAQ,EAAE,eAAe;YACzB,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAC5B,cAA8C;QAE9C,MAAM,QAAQ,GAAG,cAAc,EAAE,QAAQ,CAAC;QAC1C,OAAO,QAAQ,IAAI,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ;YACrD,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC7B,OAA+B,EAC/B,KAAa,EACb,UAA6B;QAE7B,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,YAAY,IAAI,IAAI;YAAE,OAAO;QACjC,uBAAuB,CACrB,YAAY,EACZ,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,cAAc,EACtB,KAAK,EACL,UAAU,CACX,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,eAA0C;QAE1C,IAAI,OAAO,IAAI,CAAC,YAAY,EAAE,aAAa,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAC1C,IAAI,CAAC,MAAM,CAAC,aAAc,EAC1B,eAAe,CAChB,CAAC;QACJ,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,4CAA4C,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,EACxE,UAAU,CACX,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,KAAc;QACzC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,iCAAiC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,EAC7D,KAAK,CACN,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,yBAAyB,CAC7B,OAA4B;QAE5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC;YAC5C,GAAG,OAAO;YACV,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,KAAK,IAAI,CAAC;IACvB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA4B;QACrD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAClE,OAAO,CACL,CAAC,WAAW;YACZ,IAAI,CAAC,MAAM,CAAC,cAAc,KAAK,IAAI;YACnC,IAAI,CAAC,MAAM,CAAC,aAAa,KAAK,IAAI,CACnC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CACrB,OAA4B;QAE5B,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CACjD,OAAO,EAAE,eAAe,IAAI,SAAS,CACtC,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,eAAe,CAAC,CAAC;QACzE,IAAI,YAAY,KAAK,IAAI;YAAE,OAAO,YAAY,CAAC;QAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACpD,IAAI,YAAY,KAAK,IAAI;YAAE,OAAO,YAAY,CAAC;QAC/C,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,eAAiC;QAEjC,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACzD,OAAO,aAAa,CAAC;QACvB,CAAC;QACD,IACE,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC7D,SAAS,EACT,CAAC;YACD,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,KAAc;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC3D,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAClD,OAAO,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,uBAAuB;QAC7B,IACE,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ;YACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAChC,CAAC;YACD,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,4BAA4B,EAAE,CAAC;QACxD,OAAO,WAAW,IAAI,IAAI,CAAC;IAC7B,CAAC;IAEO,4BAA4B;QAClC,IACE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI;YAC/B,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EACpC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACzC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC3D,OAAO,OAAO,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAa,CAAC,eAAe,CAC9D,IAAI,CAAC,MAAM,CAAC,aAAc,CAC3B,CAAC;YACF,OAAO,eAAe,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,KAAc;QACvC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,OAAO,KAAK,EAAE,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,MAAM;YACvD,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,OAAO,CAAC;IACd,CAAC;IAEO,mBAAmB,CAAC,KAAqB;QAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;IAC9C,CAAC;IAEO,yBAAyB,CAAC,mBAA4B;QAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;QACjE,IAAI,UAAU,KAAK,SAAS;YAAE,OAAO,UAAU,CAAC;QAChD,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC1E,IAAI,aAAa,KAAK,SAAS;YAAE,OAAO,aAAa,CAAC;QACtD,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC;IAC5D,CAAC;IAEO,mBAAmB,CACzB,eAAiC,EACjC,UAAmB;QAEnB,IAAI,UAAU,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QAC1C,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC7D,IAAI,OAAO,cAAc,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACpD,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,UAAU,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,IAAY;QACxC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,+DAA+D;gBAC7D,oGAAoG,CACvG,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QACvE,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,cAAc,WAAW,uCAAuC,WAAW,6BAA6B,CACzG,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,QAAgB;QACxC,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;gBAC3C,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5C,CAAC,CAAC,QAAQ,CAAC;YACb,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;gBAChD,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;YAC9C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACzD,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3B,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,QAAQ,WAAW,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;YAClE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAwC;QACnD,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,YAA0B;QAC3C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;;;;OAOG;IACH,eAAe;QACb,MAAM,eAAe,GAAG,CAAC,kBAAkB,EAAE,4BAA4B,CAAC,CAAC;QAC3E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAG,GAAG,EAAE,SAAS,CAAC;YACjC,IACE,OAAO,SAAS,KAAK,QAAQ;gBAC7B,SAAS,KAAK,EAAE;gBAChB,CAAC,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,EACpC,CAAC;gBACD,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;QACD,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,qBAAqB,CAAC,SAAS,CAAC,CAAC;YACnC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,sCAAsC,SAAS,KAAK,KAAK,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,uBAAuB,CAAC,UAAkB,EAAE,SAAkB;QAC5D,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,mBAAmB,EAAE,CAAC;YAC5C,yBAAyB,CACvB,KAAK,EACL,CAAC,KAAK,EAAE,EAAE;gBACR,IAAI,KAAK,CAAC,UAAU,KAAK,UAAU;oBAAE,OAAO,KAAK,CAAC;gBAClD,IAAI,SAAS,KAAK,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC7D,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC,EACD,eAAe,CAChB,CAAC;QACJ,CAAC;IACH,CAAC"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anthropic OAuth 2.0 Device Flow Implementation
|
|
3
|
+
*
|
|
4
|
+
* Implements OAuth 2.0 device authorization grant flow for Anthropic Claude API.
|
|
5
|
+
* Based on the OAuth 2.0 Device Authorization Grant specification (RFC 8628).
|
|
6
|
+
*/
|
|
7
|
+
import { type DeviceCodeResponse, type OAuthToken } from '../types.js';
|
|
8
|
+
/**
|
|
9
|
+
* Configuration for Anthropic device flow authentication
|
|
10
|
+
*/
|
|
11
|
+
interface AnthropicFlowConfig {
|
|
12
|
+
clientId: string;
|
|
13
|
+
authorizationEndpoint: string;
|
|
14
|
+
tokenEndpoint: string;
|
|
15
|
+
scopes: string[];
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Anthropic-specific OAuth 2.0 device flow implementation.
|
|
19
|
+
* Handles authentication for Claude API access.
|
|
20
|
+
*/
|
|
21
|
+
export declare class AnthropicDeviceFlow {
|
|
22
|
+
private config;
|
|
23
|
+
private codeVerifier?;
|
|
24
|
+
private _codeChallenge?;
|
|
25
|
+
private state?;
|
|
26
|
+
private redirectUri;
|
|
27
|
+
revokeToken?: (token: string) => Promise<void>;
|
|
28
|
+
constructor(config?: Partial<AnthropicFlowConfig>);
|
|
29
|
+
/**
|
|
30
|
+
* Generates PKCE code verifier and challenge using S256 method
|
|
31
|
+
*/
|
|
32
|
+
private generatePKCE;
|
|
33
|
+
/**
|
|
34
|
+
* Initiates the OAuth flow by constructing the authorization URL.
|
|
35
|
+
* Since Anthropic doesn't have a device flow, we simulate it with authorization code flow.
|
|
36
|
+
*/
|
|
37
|
+
initiateDeviceFlow(redirectUri?: string): Promise<DeviceCodeResponse>;
|
|
38
|
+
/**
|
|
39
|
+
* Exchange authorization code for access token (PKCE flow)
|
|
40
|
+
*/
|
|
41
|
+
exchangeCodeForToken(authCodeWithState: string): Promise<OAuthToken>;
|
|
42
|
+
getState(): string;
|
|
43
|
+
buildAuthorizationUrl(redirectUri: string): string;
|
|
44
|
+
/**
|
|
45
|
+
* Polls for the access token after user authorization.
|
|
46
|
+
*/
|
|
47
|
+
pollForToken(deviceCode: string): Promise<OAuthToken>;
|
|
48
|
+
/**
|
|
49
|
+
* Refreshes an expired access token using a refresh token.
|
|
50
|
+
*/
|
|
51
|
+
refreshToken(refreshToken: string): Promise<OAuthToken>;
|
|
52
|
+
/**
|
|
53
|
+
* Maps Anthropic's token response to our standard OAuthToken format.
|
|
54
|
+
*/
|
|
55
|
+
private mapTokenResponse;
|
|
56
|
+
}
|
|
57
|
+
export {};
|