ebay-mcp 1.8.3 → 1.8.8

package/README.md

@@ -8,7 +8,6 @@
 [![API Coverage](https://img.shields.io/badge/API%20coverage-100%25-success)](src/tools/)
 [![License](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 [![Contributors Welcome](https://img.shields.io/badge/contributors-welcome-brightgreen.svg)](CONTRIBUTING.md)
-[![grimoire-wizard](https://img.shields.io/npm/v/grimoire-wizard?label=wizard%3A+grimoire&color=0064D2)](https://github.com/YosefHayim/grimoire)
 
 [![MseeP.ai Security Assessment Badge](https://mseep.net/pr/yosefhayim-ebay-api-mcp-server-badge.png)](https://mseep.ai/app/yosefhayim-ebay-api-mcp-server)
 <a href="https://www.buymeacoffee.com/yosefhayim" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>
@@ -158,7 +157,7 @@ The interactive setup wizard handles everything for you:
 npm run setup
 ```
 
-> **Powered by [grimoire-wizard](https://github.com/YosefHayim/grimoire)** — a config-driven CLI wizard framework [![grimoire-wizard](https://img.shields.io/npm/v/grimoire-wizard?label=grimoire-wizard&color=0064D2)](https://www.npmjs.com/package/grimoire-wizard)
+> Built with a standard Node CLI prompt stack for reliable interactive setup.
 
 The wizard will:
 

package/build/api/client-trading.js

@@ -1,6 +1,7 @@
 import axios from 'axios';
 import { XMLBuilder, XMLParser } from 'fast-xml-parser';
 import { apiLogger } from '../utils/logger.js';
+import { isRecord } from '../utils/type-guards.js';
 const COMPAT_LEVEL = '1451';
 const SITE_ID = '0';
 export class TradingApiClient {
@@ -42,7 +43,7 @@ export class TradingApiClient {
             suppressEmptyNode: true,
         });
     }
-    getBaseUrl() {
+    getTradingBaseUrl() {
         return this.baseUrl;
     }
     async execute(callName, params) {
@@ -75,12 +76,20 @@ export class TradingApiClient {
         }
         let parsed;
         try {
-            parsed = this.parser.parse(response.data);
+            const parsedValue = this.parser.parse(response.data);
+            if (!isRecord(parsedValue)) {
+                throw new Error('Trading API response must be an object');
+            }
+            parsed = parsedValue;
         }
         catch (e) {
             throw new Error(`Failed to parse Trading API ${callName} response: ${e instanceof Error ? e.message : String(e)}`);
         }
-        const result = (parsed[responseTag] || parsed);
+        const resultValue = parsed[responseTag] || parsed;
+        if (!isRecord(resultValue)) {
+            throw new Error(`Trading API ${callName} response payload is not an object`);
+        }
+        const result = resultValue;
         // Log warnings without failing
         if (result.Ack === 'Warning') {
             apiLogger.warn(`Trading API ${callName} returned warnings`, {

package/build/api/communication/feedback.js

@@ -1,3 +1,4 @@
+import { getPaginatedWithContextError, getPathWithContextError } from './shared.js';
 /**
  * Feedback API - Manage buyer and seller feedback
  * Based on: docs/sell-apps/communication/commerce_feedback_v1_beta_oas3.json
@@ -11,34 +12,13 @@ export class FeedbackApi {
     /**
      * Get items awaiting feedback
      * Endpoint: GET /awaiting_feedback
+     * @param filter API filter expression.
+     * @param limit Maximum number of records to return.
+     * @param offset Zero-based pagination offset.
      * @throws Error if the request fails
      */
     async getAwaitingFeedback(filter, limit, offset) {
-        const params = {};
-        if (filter !== undefined) {
-            if (typeof filter !== 'string') {
-                throw new Error('filter must be a string when provided');
-            }
-            params.filter = filter;
-        }
-        if (limit !== undefined) {
-            if (typeof limit !== 'number' || limit < 1) {
-                throw new Error('limit must be a positive number when provided');
-            }
-            params.limit = limit;
-        }
-        if (offset !== undefined) {
-            if (typeof offset !== 'number' || offset < 0) {
-                throw new Error('offset must be a non-negative number when provided');
-            }
-            params.offset = offset;
-        }
-        try {
-            return await this.client.get(`${this.basePath}/awaiting_feedback`, params);
-        }
-        catch (error) {
-            throw new Error(`Failed to get awaiting feedback: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        return await getPaginatedWithContextError(this.client, `${this.basePath}/awaiting_feedback`, 'Failed to get awaiting feedback', filter, limit, offset);
     }
     /**
      * Get feedback for a transaction
@@ -64,12 +44,7 @@ export class FeedbackApi {
      * @throws Error if the request fails
      */
     async getFeedbackRatingSummary() {
-        try {
-            return await this.client.get(`${this.basePath}/feedback_rating_summary`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get feedback rating summary: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        return await getPathWithContextError(this.client, `${this.basePath}/feedback_rating_summary`, 'Failed to get feedback rating summary');
     }
     /**
      * Leave feedback for a buyer

package/build/api/communication/message.js

@@ -1,3 +1,4 @@
+import { assertRequiredString, buildPaginatedQueryParams, getPathWithContextError, getWithContextError, } from './shared.js';
 /**
  * Message API - Buyer-seller messaging
  * Based on: docs/sell-apps/communication/commerce_message_v1_oas3.json
@@ -27,50 +28,36 @@ export class MessageApi {
     /**
      * Get conversations
      * Endpoint: GET /conversation
+     * @param filter API filter expression.
+     * @param limit Maximum number of records to return.
+     * @param offset Zero-based pagination offset.
      * @throws Error if the request fails
      */
     async getConversations(filter, limit, offset) {
-        const params = {};
-        if (filter !== undefined) {
-            if (typeof filter !== 'string') {
-                throw new Error('filter must be a string when provided');
-            }
-            params.filter = filter;
-        }
-        if (limit !== undefined) {
-            if (typeof limit !== 'number' || limit < 1) {
-                throw new Error('limit must be a positive number when provided');
-            }
-            params.limit = limit;
-        }
-        if (offset !== undefined) {
-            if (typeof offset !== 'number' || offset < 0) {
-                throw new Error('offset must be a non-negative number when provided');
-            }
-            params.offset = offset;
-        }
-        try {
-            return await this.client.get(`${this.basePath}/conversation`, params);
-        }
-        catch (error) {
-            throw new Error(`Failed to get conversations: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        const conversationPath = `${this.basePath}/conversation`;
+        const queryParams = this.buildConversationQueryParams(filter, limit, offset);
+        return await getWithContextError(this.client, conversationPath, queryParams, 'Failed to get conversations');
+    }
+    /**
+     * Build query params used by conversation listing endpoints.
+     *
+     * @param filter API filter expression.
+     * @param limit Maximum number of records to return.
+     * @param offset Zero-based pagination offset.
+     * @returns Validated conversation query params.
+     */
+    buildConversationQueryParams(filter, limit, offset) {
+        return buildPaginatedQueryParams(filter, limit, offset);
     }
     /**
      * Get a specific conversation
      * Endpoint: GET /conversation/{conversation_id}
+     * @param conversationId Conversation identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getConversation(conversationId) {
-        if (!conversationId || typeof conversationId !== 'string') {
-            throw new Error('conversationId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/conversation/${conversationId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get conversation: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(conversationId, 'conversationId');
+        return await getPathWithContextError(this.client, `${this.basePath}/conversation/${conversationId}`, 'Failed to get conversation');
     }
     /**
      * Send a message

package/build/api/communication/negotiation.js

@@ -1,3 +1,5 @@
+import { assertRequiredString, buildPaginatedQueryParams, getPathWithContextError, getWithContextError, } from './shared.js';
+import { buildTruthyPaginatedParams } from '../shared/query-params.js';
 /**
  * Negotiation API - Buyer-seller negotiations and offers
  * Based on: docs/sell-apps/communication/sell_negotiation_v1_oas3.json
@@ -11,30 +13,17 @@ export class NegotiationApi {
     /**
      * Find eligible items for a seller-initiated offer
      * Endpoint: GET /find_eligible_items
+     * @param filter API filter expression.
+     * @param limit Maximum number of records to return.
+     * @param offset Zero-based pagination offset.
      * @throws Error if the request fails
      */
     async findEligibleItems(filter, limit, offset) {
-        const params = {};
-        if (filter !== undefined) {
-            if (typeof filter !== 'string') {
-                throw new Error('filter must be a string when provided');
-            }
-            params.filter = filter;
-        }
-        if (limit !== undefined) {
-            if (typeof limit !== 'number' || limit < 1) {
-                throw new Error('limit must be a positive number when provided');
-            }
-            params.limit = limit;
-        }
-        if (offset !== undefined) {
-            if (typeof offset !== 'number' || offset < 0) {
-                throw new Error('offset must be a non-negative number when provided');
-            }
-            params.offset = offset;
-        }
+        const eligibleItemsPath = `${this.basePath}/find_eligible_items`;
+        const queryParams = buildPaginatedQueryParams(filter, limit, offset);
         try {
-            return await this.client.get(`${this.basePath}/find_eligible_items`, params);
+            const response = await this.client.get(eligibleItemsPath, queryParams);
+            return response;
         }
         catch (error) {
             throw new Error(`Failed to find eligible items: ${error instanceof Error ? error.message : 'Unknown error'}`);
@@ -58,17 +47,14 @@ export class NegotiationApi {
     }
     /**
      * Get offers to buyers (Best Offers)
+     * @param filter API filter expression.
+     * @param limit Maximum number of records to return.
+     * @param offset Zero-based pagination offset.
      * @deprecated This method does not match any endpoint in the OpenAPI spec
      */
     async getOffersToBuyers(filter, limit, offset) {
-        const params = {};
-        if (filter)
-            params.filter = filter;
-        if (limit)
-            params.limit = limit;
-        if (offset)
-            params.offset = offset;
-        return await this.client.get(`${this.basePath}/offer`, params);
+        const params = buildTruthyPaginatedParams(filter, limit, offset);
+        return await getWithContextError(this.client, `${this.basePath}/offer`, params, 'Failed to get offers to buyers');
     }
     /**
      * Get offers for listing (alias for getOffersToBuyers)
@@ -81,17 +67,11 @@ export class NegotiationApi {
     /**
      * Get a specific offer
      * Endpoint: GET /offer/{offerId}
+     * @param offerId Offer identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getOffer(offerId) {
-        if (!offerId || typeof offerId !== 'string') {
-            throw new Error('offerId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/offer/${offerId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get offer: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(offerId, 'offerId');
+        return await getPathWithContextError(this.client, `${this.basePath}/offer/${offerId}`, 'Failed to get offer');
     }
 }

package/build/api/communication/notification.js

@@ -1,3 +1,4 @@
+import { assertRequiredString, getPathWithContextError } from './shared.js';
 /**
  * Notification API - Event notifications and subscriptions
  * Based on: docs/sell-apps/communication/commerce_notification_v1_oas3.json
@@ -10,30 +11,19 @@ export class NotificationApi {
     }
     /**
      * Get public key for validating notifications
+     * @param publicKeyId Public key identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getPublicKey(publicKeyId) {
-        if (!publicKeyId || typeof publicKeyId !== 'string') {
-            throw new Error('publicKeyId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/public_key/${publicKeyId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get public key: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(publicKeyId, 'publicKeyId');
+        return await getPathWithContextError(this.client, `${this.basePath}/public_key/${publicKeyId}`, 'Failed to get public key');
     }
     /**
      * Get notification config
      * @throws Error if the request fails
      */
     async getConfig() {
-        try {
-            return await this.client.get(`${this.basePath}/config`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get config: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        return await getPathWithContextError(this.client, `${this.basePath}/config`, 'Failed to get config');
     }
     /**
      * Update notification config
@@ -69,18 +59,12 @@ export class NotificationApi {
     }
     /**
      * Get destination
+     * @param destinationId Destination identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getDestination(destinationId) {
-        if (!destinationId || typeof destinationId !== 'string') {
-            throw new Error('destinationId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/destination/${destinationId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get destination: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(destinationId, 'destinationId');
+        return await getPathWithContextError(this.client, `${this.basePath}/destination/${destinationId}`, 'Failed to get destination');
     }
     /**
      * Create destination
@@ -175,18 +159,12 @@ export class NotificationApi {
     /**
      * Get a subscription
      * Endpoint: GET /subscription/{subscription_id}
+     * @param subscriptionId Subscription identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getSubscription(subscriptionId) {
-        if (!subscriptionId || typeof subscriptionId !== 'string') {
-            throw new Error('subscriptionId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/subscription/${subscriptionId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get subscription: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(subscriptionId, 'subscriptionId');
+        return await getPathWithContextError(this.client, `${this.basePath}/subscription/${subscriptionId}`, 'Failed to get subscription');
     }
     /**
      * Update a subscription
@@ -274,18 +252,12 @@ export class NotificationApi {
     /**
      * Get a topic
      * Endpoint: GET /topic/{topic_id}
+     * @param topicId Topic identifier.
      * @throws Error if required parameters are missing or invalid
      */
     async getTopic(topicId) {
-        if (!topicId || typeof topicId !== 'string') {
-            throw new Error('topicId is required and must be a string');
-        }
-        try {
-            return await this.client.get(`${this.basePath}/topic/${topicId}`);
-        }
-        catch (error) {
-            throw new Error(`Failed to get topic: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+        assertRequiredString(topicId, 'topicId');
+        return await getPathWithContextError(this.client, `${this.basePath}/topic/${topicId}`, 'Failed to get topic');
     }
     /**
      * Get all topics

package/build/api/communication/shared.js

@@ -0,0 +1,71 @@
+import { buildValidatedPaginatedParams } from '../shared/query-params.js';
+/**
+ * Build validated pagination query params.
+ *
+ * @param filter API filter expression.
+ * @param limit Maximum number of records.
+ * @param offset Zero-based pagination offset.
+ * @returns Query parameter object for paginated GET calls.
+ */
+export function buildPaginatedQueryParams(filter, limit, offset) {
+    return buildValidatedPaginatedParams(filter, limit, offset);
+}
+/**
+ * Validate that a required parameter is a non-empty string.
+ *
+ * @param value Value to validate.
+ * @param paramName Parameter name used in error text.
+ */
+export function assertRequiredString(value, paramName) {
+    if (!value || typeof value !== 'string') {
+        throw new Error(`${paramName} is required and must be a string`);
+    }
+}
+/**
+ * Perform a GET request and wrap errors with endpoint-specific context.
+ *
+ * @param client Configured eBay API client.
+ * @param path Endpoint path to request.
+ * @param failureMessage Prefix text for thrown error messages.
+ * @returns API response payload.
+ */
+export async function getPathWithContextError(client, path, failureMessage) {
+    try {
+        return await client.get(path);
+    }
+    catch (error) {
+        throw new Error(`${failureMessage}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * Perform a GET request with query params and wrap errors with endpoint-specific context.
+ *
+ * @param client Configured eBay API client.
+ * @param path Endpoint path to request.
+ * @param params Query parameters sent with the request.
+ * @param failureMessage Prefix text for thrown error messages.
+ * @returns API response payload.
+ */
+export async function getWithContextError(client, path, params, failureMessage) {
+    try {
+        return await client.get(path, params);
+    }
+    catch (error) {
+        throw new Error(`${failureMessage}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * Perform a paginated GET request with validated filter/limit/offset params.
+ *
+ * @param client Configured eBay API client.
+ * @param path Endpoint path to request.
+ * @param failureMessage Prefix text for thrown error messages.
+ * @param filter API filter expression.
+ * @param limit Maximum number of records.
+ * @param offset Zero-based pagination offset.
+ * @returns API response payload.
+ */
+export async function getPaginatedWithContextError(client, path, failureMessage, filter, limit, offset) {
+    const params = buildPaginatedQueryParams(filter, limit, offset);
+    return await getWithContextError(client, path, params, failureMessage);
+}

package/build/api/other/vero.js

@@ -1,3 +1,4 @@
+import { buildTruthyPaginatedParams } from '../shared/query-params.js';
 /**
  * VERO API - Verified Rights Owner program
  * Based on: docs/sell-apps/other-apis/commerce_vero_v1_oas3.json
@@ -24,13 +25,7 @@ export class VeroApi {
      * Get VERO report items (listings reported for infringement)
      */
     async getVeroReportItems(filter, limit, offset) {
-        const params = {};
-        if (filter)
-            params.filter = filter;
-        if (limit)
-            params.limit = limit;
-        if (offset)
-            params.offset = offset;
+        const params = buildTruthyPaginatedParams(filter, limit, offset);
         return await this.client.get(`${this.basePath}/vero_report_items`, params);
     }
     /**

package/build/api/shared/query-params.js

@@ -0,0 +1,35 @@
+export function buildValidatedPaginatedParams(filter, limit, offset) {
+    const params = {};
+    if (filter !== undefined) {
+        if (typeof filter !== 'string') {
+            throw new Error('filter must be a string when provided');
+        }
+        params.filter = filter;
+    }
+    if (limit !== undefined) {
+        if (typeof limit !== 'number' || limit < 1) {
+            throw new Error('limit must be a positive number when provided');
+        }
+        params.limit = limit;
+    }
+    if (offset !== undefined) {
+        if (typeof offset !== 'number' || offset < 0) {
+            throw new Error('offset must be a non-negative number when provided');
+        }
+        params.offset = offset;
+    }
+    return params;
+}
+export function buildTruthyPaginatedParams(filter, limit, offset) {
+    const params = {};
+    if (filter) {
+        params.filter = filter;
+    }
+    if (limit) {
+        params.limit = limit;
+    }
+    if (offset) {
+        params.offset = offset;
+    }
+    return params;
+}

package/build/api/trading/trading.js

@@ -1,3 +1,13 @@
+import { isRecord } from '../../utils/type-guards.js';
+function asRecord(value) {
+    return isRecord(value) ? value : undefined;
+}
+function asRecordArray(value) {
+    if (!Array.isArray(value)) {
+        return [];
+    }
+    return value.filter((entry) => typeof entry === 'object' && entry !== null && !Array.isArray(entry));
+}
 export class TradingApi {
     client;
     constructor(client) {
@@ -13,13 +23,16 @@ export class TradingApi {
                 },
             },
         });
-        const activeList = result.ActiveList;
-        const itemArray = activeList?.ItemArray;
-        const items = itemArray?.Item || [];
-        const pagination = activeList?.PaginationResult;
+        const activeList = asRecord(result.ActiveList);
+        const itemArray = asRecord(activeList?.ItemArray);
+        const items = asRecordArray(itemArray?.Item);
+        const pagination = asRecord(activeList?.PaginationResult);
         const listings = items.map((item) => {
-            const sellingStatus = item.SellingStatus;
-            const currentPrice = sellingStatus?.CurrentPrice;
+            const sellingStatus = asRecord(item.SellingStatus);
+            const currentPriceRaw = sellingStatus?.CurrentPrice;
+            const currentPrice = typeof currentPriceRaw === 'number' || isRecord(currentPriceRaw)
+                ? currentPriceRaw
+                : undefined;
             const priceValue = typeof currentPrice === 'object' && currentPrice !== null
                 ? Number(currentPrice['#text'] || 0)
                 : Number(currentPrice || 0);
@@ -47,7 +60,7 @@ export class TradingApi {
             ItemID: itemId,
             DetailLevel: 'ReturnAll',
         });
-        const items = result.Item;
+        const items = asRecordArray(result.Item);
         return items?.[0] || result;
     }
     async createListing(item) {

package/build/auth/oauth.js

@@ -208,7 +208,7 @@ export class EbayOAuthClient {
     }
     /**
      * Exchange authorization code for user access token
-     * Note: After receiving tokens, manually add EBAY_USER_REFRESH_TOKEN to .env file
+     * Persists received tokens to .env automatically
      */
     async exchangeCodeForToken(code) {
         if (!this.config.redirectUri) {
@@ -241,8 +241,11 @@ export class EbayOAuthClient {
                 userRefreshTokenExpiry: now + tokenData.refresh_token_expires_in * 1000,
                 scope: tokenData.scope,
             };
-            // Tokens are automatically saved to .env file by updateEnvFile()
-            // No console output needed here to avoid interfering with MCP JSON protocol
+            // Persist tokens to .env so they survive process restarts.
+            updateEnvFile({
+                EBAY_USER_ACCESS_TOKEN: tokenData.access_token,
+                EBAY_USER_REFRESH_TOKEN: tokenData.refresh_token,
+            });
             return tokenData;
         }
         catch (error) {
@@ -298,11 +301,9 @@ export class EbayOAuthClient {
             const envUpdates = {
                 EBAY_USER_ACCESS_TOKEN: tokenData.access_token,
             };
-            // If eBay provided a new refresh token, update it too
-            if (tokenData.refresh_token &&
-                tokenData.refresh_token !== process.env.EBAY_USER_REFRESH_TOKEN) {
-                envUpdates.EBAY_USER_REFRESH_TOKEN = tokenData.refresh_token;
-                // New refresh token updated silently
+            // Reconcile .env with the authoritative in-memory refresh token.
+            if (this.userTokens.userRefreshToken !== process.env.EBAY_USER_REFRESH_TOKEN) {
+                envUpdates.EBAY_USER_REFRESH_TOKEN = this.userTokens.userRefreshToken;
             }
             // Write updates to .env file
             updateEnvFile(envUpdates);

package/build/auth/scope-utils.js

@@ -272,7 +272,7 @@ export function getReadonlyScope(writeScope) {
 /**
  * Get scope description from scope name
  */
-export function getScopeDescription(scope) {
+export function getScopeTypeDescription(scope) {
     // Extract the last part of the scope
     const parts = scope.split('/');
     const scopeType = parts[parts.length - 1];
@@ -302,3 +302,9 @@ export function getScopeDescription(scope) {
     };
     return descriptions[scopeType] || `Access to ${scopeType}`;
 }
+/**
+ * Backward-compatible alias for scope description lookup.
+ */
+export function getScopeDescription(scope) {
+    return getScopeTypeDescription(scope);
+}

package/build/auth/token-verifier.js

@@ -3,7 +3,7 @@
  * and JWT validation
  */
 import axios from 'axios';
-import * as jose from 'jose';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
 export class TokenVerifier {
     config;
     metadata = null;
@@ -121,9 +121,9 @@ export class TokenVerifier {
         }
         try {
             // Get JWKS from authorization server
-            const JWKS = jose.createRemoteJWKSet(new URL(this.metadata.jwks_uri));
+            const JWKS = createRemoteJWKSet(new URL(this.metadata.jwks_uri));
             // Verify JWT
-            const { payload } = await jose.jwtVerify(token, JWKS, {
+            const { payload } = await jwtVerify(token, JWKS, {
                 issuer: this.metadata.issuer,
                 audience: this.config.expectedAudience,
             });
@@ -140,9 +140,14 @@ export class TokenVerifier {
                     throw new Error(`Missing required scopes. Required: ${this.config.requiredScopes.join(', ')}, Got: ${scopes.join(', ')}`);
                 }
             }
+            const clientId = typeof payload.client_id === 'string'
+                ? payload.client_id
+                : typeof payload.azp === 'string'
+                    ? payload.azp
+                    : 'unknown';
             return {
                 token,
-                clientId: payload.client_id || payload.azp || 'unknown',
+                clientId,
                 scopes,
                 expiresAt: payload.exp,
                 audience: payload.aud,