align-mcp-remote 0.1.39 → 0.1.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -15632,7 +15632,7 @@ var Client = class extends Protocol {
15632
15632
  };
15633
15633
 
15634
15634
  // package.json
15635
- var version2 = "0.1.38";
15635
+ var version2 = "0.1.39";
15636
15636
 
15637
15637
  // node_modules/pkce-challenge/dist/index.node.js
15638
15638
  var crypto;
@@ -18092,15 +18092,28 @@ async function discoverOAuthServerInfo2(serverUrl, headers = {}) {
18092
18092
  downstreamTokenHeader: protectedResourceMetadata?.x_downstream_resource ? downstreamTokenHeader : void 0
18093
18093
  };
18094
18094
  }
18095
- async function performDownstreamAuth(authProvider, downstreamResource, callbackPort, waitForAuthCode) {
18095
+ async function performDownstreamAuth(authProvider, downstreamResource, callbackPort) {
18096
18096
  debugLog("Starting downstream OAuth flow", { downstreamResource });
18097
- const downstreamServerMetadata = await fetchAuthorizationServerMetadata(downstreamResource.authorization_server);
18097
+ const downstreamAs = downstreamResource.authorization_servers[0];
18098
+ if (!downstreamAs) {
18099
+ throw new Error("x_downstream_resource.authorization_servers is empty");
18100
+ }
18101
+ const downstreamServerMetadata = await fetchAuthorizationServerMetadata(downstreamAs);
18098
18102
  if (!downstreamServerMetadata) {
18099
- throw new Error(`Failed to fetch downstream authorization server metadata from ${downstreamResource.authorization_server}`);
18103
+ throw new Error(`Failed to fetch downstream authorization server metadata from ${downstreamAs}`);
18100
18104
  }
18101
- const redirectUrl = `http://${authProvider.options.host || "localhost"}:${callbackPort}/oauth/callback`;
18105
+ const downstreamCallbackPort = await findAvailablePort(callbackPort + 1);
18106
+ const downstreamEvents = new (await import("events")).EventEmitter();
18107
+ const { server: downstreamServer, waitForAuthCode: waitForDownstreamCode } = setupOAuthCallbackServerWithLongPoll({
18108
+ port: downstreamCallbackPort,
18109
+ path: "/oauth/callback",
18110
+ events: downstreamEvents,
18111
+ authTimeoutMs: 3e5
18112
+ });
18113
+ const host = authProvider.options.host || "localhost";
18114
+ const redirectUrl = `http://${host}:${downstreamCallbackPort}/oauth/callback`;
18102
18115
  const scope = downstreamResource.scopes_required?.join(" ") ?? "";
18103
- const { authorizationUrl, codeVerifier } = await startAuthorization(downstreamResource.authorization_server, {
18116
+ const { authorizationUrl, codeVerifier } = await startAuthorization(downstreamAs, {
18104
18117
  metadata: downstreamServerMetadata,
18105
18118
  clientInformation: await authProvider.clientInformation(),
18106
18119
  redirectUrl,
@@ -18108,7 +18121,7 @@ async function performDownstreamAuth(authProvider, downstreamResource, callbackP
18108
18121
  resource: new URL(downstreamResource.resource)
18109
18122
  });
18110
18123
  log(`
18111
- Please authorize downstream resource by visiting:
18124
+ Please authorize the downstream resource by visiting:
18112
18125
  ${authorizationUrl.toString()}
18113
18126
  `);
18114
18127
  try {
@@ -18118,16 +18131,20 @@ ${authorizationUrl.toString()}
18118
18131
  } catch {
18119
18132
  log("Could not open browser automatically. Please copy and paste the URL above.");
18120
18133
  }
18121
- const code = await waitForAuthCode();
18122
- const tokens = await exchangeAuthorization(downstreamResource.authorization_server, {
18123
- metadata: downstreamServerMetadata,
18124
- clientInformation: await authProvider.clientInformation(),
18125
- authorizationCode: code,
18126
- codeVerifier,
18127
- redirectUri: redirectUrl
18128
- });
18129
- await authProvider.saveDownstreamTokens(tokens);
18130
- debugLog("Downstream OAuth flow completed, tokens saved");
18134
+ try {
18135
+ const code = await waitForDownstreamCode();
18136
+ const tokens = await exchangeAuthorization(downstreamAs, {
18137
+ metadata: downstreamServerMetadata,
18138
+ clientInformation: await authProvider.clientInformation(),
18139
+ authorizationCode: code,
18140
+ codeVerifier,
18141
+ redirectUri: redirectUrl
18142
+ });
18143
+ await authProvider.saveDownstreamTokens(tokens);
18144
+ debugLog("Downstream OAuth flow completed, tokens saved");
18145
+ } finally {
18146
+ downstreamServer.close();
18147
+ }
18131
18148
  }
18132
18149
  async function connectToRemoteServer(client, serverUrl, authProvider, headers, authInitializer, transportStrategy = "http-first", downstreamTokenHeader, recursionReasons = /* @__PURE__ */ new Set()) {
18133
18150
  log(`[${pid}] Connecting to remote server: ${serverUrl}`);
package/dist/client.js CHANGED
@@ -13,7 +13,7 @@ import {
13
13
  performDownstreamAuth,
14
14
  setupSignalHandlers,
15
15
  version
16
- } from "./chunk-V2QU44UI.js";
16
+ } from "./chunk-X7AWYUMO.js";
17
17
 
18
18
  // src/client.ts
19
19
  import { EventEmitter } from "events";
@@ -67,7 +67,7 @@ async function runClient(serverUrl, callbackPort, headers, transportStrategy = "
67
67
  const code = await authState.waitForAuthCode();
68
68
  if (downstreamResource && !authState.skipBrowserAuth) {
69
69
  log("Layer 1 auth complete. Starting downstream (Layer 2) OAuth flow...");
70
- await performDownstreamAuth(authProvider, downstreamResource, callbackPort, authState.waitForAuthCode);
70
+ await performDownstreamAuth(authProvider, downstreamResource, callbackPort);
71
71
  log("Layer 2 auth complete.");
72
72
  }
73
73
  return code;
package/dist/proxy.js CHANGED
@@ -11,7 +11,7 @@ import {
11
11
  parseCommandLineArgs,
12
12
  performDownstreamAuth,
13
13
  setupSignalHandlers
14
- } from "./chunk-V2QU44UI.js";
14
+ } from "./chunk-X7AWYUMO.js";
15
15
 
16
16
  // src/proxy.ts
17
17
  import { EventEmitter } from "events";
@@ -152,7 +152,7 @@ async function runProxy(serverUrl, callbackPort, headers, transportStrategy = "h
152
152
  const code = await authState.waitForAuthCode();
153
153
  if (downstreamResource && !authState.skipBrowserAuth) {
154
154
  log("Layer 1 auth complete. Starting downstream (Layer 2) OAuth flow...");
155
- await performDownstreamAuth(authProvider, downstreamResource, callbackPort, authState.waitForAuthCode);
155
+ await performDownstreamAuth(authProvider, downstreamResource, callbackPort);
156
156
  log("Layer 2 auth complete.");
157
157
  }
158
158
  return code;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "align-mcp-remote",
3
- "version": "0.1.39",
3
+ "version": "0.1.40",
4
4
  "description": "Remote proxy for Model Context Protocol, allowing local-only clients to connect to remote servers using oAuth",
5
5
  "keywords": [
6
6
  "mcp",