align-mcp-remote 0.1.39 → 0.1.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -15632,7 +15632,7 @@ var Client = class extends Protocol {
15632
15632
  };
15633
15633
 
15634
15634
  // package.json
15635
- var version2 = "0.1.38";
15635
+ var version2 = "0.1.40";
15636
15636
 
15637
15637
  // node_modules/pkce-challenge/dist/index.node.js
15638
15638
  var crypto;
@@ -18092,23 +18092,51 @@ async function discoverOAuthServerInfo2(serverUrl, headers = {}) {
18092
18092
  downstreamTokenHeader: protectedResourceMetadata?.x_downstream_resource ? downstreamTokenHeader : void 0
18093
18093
  };
18094
18094
  }
18095
- async function performDownstreamAuth(authProvider, downstreamResource, callbackPort, waitForAuthCode) {
18095
+ async function performDownstreamAuth(authProvider, downstreamResource, callbackPort) {
18096
18096
  debugLog("Starting downstream OAuth flow", { downstreamResource });
18097
- const downstreamServerMetadata = await fetchAuthorizationServerMetadata(downstreamResource.authorization_server);
18097
+ const downstreamAs = downstreamResource.authorization_servers[0];
18098
+ if (!downstreamAs) {
18099
+ throw new Error("x_downstream_resource.authorization_servers is empty");
18100
+ }
18101
+ const downstreamServerMetadata = await fetchAuthorizationServerMetadata(downstreamAs);
18098
18102
  if (!downstreamServerMetadata) {
18099
- throw new Error(`Failed to fetch downstream authorization server metadata from ${downstreamResource.authorization_server}`);
18103
+ throw new Error(`Failed to fetch downstream authorization server metadata from ${downstreamAs}`);
18100
18104
  }
18101
- const redirectUrl = `http://${authProvider.options.host || "localhost"}:${callbackPort}/oauth/callback`;
18105
+ const downstreamCallbackPort = await findAvailablePort(callbackPort + 1);
18106
+ const downstreamEvents = new (await import("events")).EventEmitter();
18107
+ const { server: downstreamServer, waitForAuthCode: waitForDownstreamCode } = setupOAuthCallbackServerWithLongPoll({
18108
+ port: downstreamCallbackPort,
18109
+ path: "/oauth/callback",
18110
+ events: downstreamEvents,
18111
+ authTimeoutMs: 3e5
18112
+ });
18113
+ const host = authProvider.options.host || "localhost";
18114
+ const redirectUrl = `http://${host}:${downstreamCallbackPort}/oauth/callback`;
18102
18115
  const scope = downstreamResource.scopes_required?.join(" ") ?? "";
18103
- const { authorizationUrl, codeVerifier } = await startAuthorization(downstreamResource.authorization_server, {
18116
+ const downstreamClientMetadata = {
18117
+ redirect_uris: [redirectUrl],
18118
+ token_endpoint_auth_method: "none",
18119
+ grant_types: ["authorization_code", "refresh_token"],
18120
+ response_types: ["code"],
18121
+ client_name: authProvider.options.clientName || "MCP CLI Client",
18122
+ scope
18123
+ };
18124
+ const downstreamClientInfo = await registerClient(downstreamAs, {
18125
+ metadata: downstreamServerMetadata,
18126
+ clientMetadata: downstreamClientMetadata
18127
+ });
18128
+ debugLog("Registered downstream client", { client_id: downstreamClientInfo.client_id });
18129
+ const downstreamHash = crypto2.createHash("md5").update(downstreamAs).digest("hex");
18130
+ await writeJsonFile(downstreamHash, "downstream_client_info.json", downstreamClientInfo);
18131
+ const { authorizationUrl, codeVerifier } = await startAuthorization(downstreamAs, {
18104
18132
  metadata: downstreamServerMetadata,
18105
- clientInformation: await authProvider.clientInformation(),
18133
+ clientInformation: downstreamClientInfo,
18106
18134
  redirectUrl,
18107
18135
  scope,
18108
18136
  resource: new URL(downstreamResource.resource)
18109
18137
  });
18110
18138
  log(`
18111
- Please authorize downstream resource by visiting:
18139
+ Please authorize the downstream resource by visiting:
18112
18140
  ${authorizationUrl.toString()}
18113
18141
  `);
18114
18142
  try {
@@ -18118,16 +18146,20 @@ ${authorizationUrl.toString()}
18118
18146
  } catch {
18119
18147
  log("Could not open browser automatically. Please copy and paste the URL above.");
18120
18148
  }
18121
- const code = await waitForAuthCode();
18122
- const tokens = await exchangeAuthorization(downstreamResource.authorization_server, {
18123
- metadata: downstreamServerMetadata,
18124
- clientInformation: await authProvider.clientInformation(),
18125
- authorizationCode: code,
18126
- codeVerifier,
18127
- redirectUri: redirectUrl
18128
- });
18129
- await authProvider.saveDownstreamTokens(tokens);
18130
- debugLog("Downstream OAuth flow completed, tokens saved");
18149
+ try {
18150
+ const code = await waitForDownstreamCode();
18151
+ const tokens = await exchangeAuthorization(downstreamAs, {
18152
+ metadata: downstreamServerMetadata,
18153
+ clientInformation: downstreamClientInfo,
18154
+ authorizationCode: code,
18155
+ codeVerifier,
18156
+ redirectUri: redirectUrl
18157
+ });
18158
+ await authProvider.saveDownstreamTokens(tokens);
18159
+ debugLog("Downstream OAuth flow completed, tokens saved");
18160
+ } finally {
18161
+ downstreamServer.close();
18162
+ }
18131
18163
  }
18132
18164
  async function connectToRemoteServer(client, serverUrl, authProvider, headers, authInitializer, transportStrategy = "http-first", downstreamTokenHeader, recursionReasons = /* @__PURE__ */ new Set()) {
18133
18165
  log(`[${pid}] Connecting to remote server: ${serverUrl}`);
package/dist/client.js CHANGED
@@ -13,7 +13,7 @@ import {
13
13
  performDownstreamAuth,
14
14
  setupSignalHandlers,
15
15
  version
16
- } from "./chunk-V2QU44UI.js";
16
+ } from "./chunk-YCBPOVTL.js";
17
17
 
18
18
  // src/client.ts
19
19
  import { EventEmitter } from "events";
@@ -67,7 +67,7 @@ async function runClient(serverUrl, callbackPort, headers, transportStrategy = "
67
67
  const code = await authState.waitForAuthCode();
68
68
  if (downstreamResource && !authState.skipBrowserAuth) {
69
69
  log("Layer 1 auth complete. Starting downstream (Layer 2) OAuth flow...");
70
- await performDownstreamAuth(authProvider, downstreamResource, callbackPort, authState.waitForAuthCode);
70
+ await performDownstreamAuth(authProvider, downstreamResource, callbackPort);
71
71
  log("Layer 2 auth complete.");
72
72
  }
73
73
  return code;
package/dist/proxy.js CHANGED
@@ -11,7 +11,7 @@ import {
11
11
  parseCommandLineArgs,
12
12
  performDownstreamAuth,
13
13
  setupSignalHandlers
14
- } from "./chunk-V2QU44UI.js";
14
+ } from "./chunk-YCBPOVTL.js";
15
15
 
16
16
  // src/proxy.ts
17
17
  import { EventEmitter } from "events";
@@ -152,7 +152,7 @@ async function runProxy(serverUrl, callbackPort, headers, transportStrategy = "h
152
152
  const code = await authState.waitForAuthCode();
153
153
  if (downstreamResource && !authState.skipBrowserAuth) {
154
154
  log("Layer 1 auth complete. Starting downstream (Layer 2) OAuth flow...");
155
- await performDownstreamAuth(authProvider, downstreamResource, callbackPort, authState.waitForAuthCode);
155
+ await performDownstreamAuth(authProvider, downstreamResource, callbackPort);
156
156
  log("Layer 2 auth complete.");
157
157
  }
158
158
  return code;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "align-mcp-remote",
3
- "version": "0.1.39",
3
+ "version": "0.1.41",
4
4
  "description": "Remote proxy for Model Context Protocol, allowing local-only clients to connect to remote servers using oAuth",
5
5
  "keywords": [
6
6
  "mcp",