fastmcp 3.35.0 → 4.0.0

package/dist/FastMCP.cjs

@@ -20,7 +20,7 @@ var _chunkJP7QSER3cjs = require('./chunk-JP7QSER3.cjs');
 
 
 
-var _chunk7UDY4VFQcjs = require('./chunk-7UDY4VFQ.cjs');
+var _chunkSSVFQCSNcjs = require('./chunk-SSVFQCSN.cjs');
 
 
 
@@ -41,5 +41,5 @@ var _chunk7UDY4VFQcjs = require('./chunk-7UDY4VFQ.cjs');
 
 
 
-exports.AuthProvider = _chunk7UDY4VFQcjs.AuthProvider; exports.AzureProvider = _chunk7UDY4VFQcjs.AzureProvider; exports.DiscoveryDocumentCache = _chunkJP7QSER3cjs.DiscoveryDocumentCache; exports.FastMCP = _chunkJP7QSER3cjs.FastMCP; exports.FastMCPSession = _chunkJP7QSER3cjs.FastMCPSession; exports.GitHubProvider = _chunk7UDY4VFQcjs.GitHubProvider; exports.GoogleProvider = _chunk7UDY4VFQcjs.GoogleProvider; exports.OAuthProvider = _chunk7UDY4VFQcjs.OAuthProvider; exports.ServerState = _chunkJP7QSER3cjs.ServerState; exports.UnexpectedStateError = _chunkJP7QSER3cjs.UnexpectedStateError; exports.UserError = _chunkJP7QSER3cjs.UserError; exports.audioContent = _chunkJP7QSER3cjs.audioContent; exports.getAuthSession = _chunk7UDY4VFQcjs.getAuthSession; exports.imageContent = _chunkJP7QSER3cjs.imageContent; exports.requireAll = _chunk7UDY4VFQcjs.requireAll; exports.requireAny = _chunk7UDY4VFQcjs.requireAny; exports.requireAuth = _chunk7UDY4VFQcjs.requireAuth; exports.requireRole = _chunk7UDY4VFQcjs.requireRole; exports.requireScopes = _chunk7UDY4VFQcjs.requireScopes;
+exports.AuthProvider = _chunkSSVFQCSNcjs.AuthProvider; exports.AzureProvider = _chunkSSVFQCSNcjs.AzureProvider; exports.DiscoveryDocumentCache = _chunkJP7QSER3cjs.DiscoveryDocumentCache; exports.FastMCP = _chunkJP7QSER3cjs.FastMCP; exports.FastMCPSession = _chunkJP7QSER3cjs.FastMCPSession; exports.GitHubProvider = _chunkSSVFQCSNcjs.GitHubProvider; exports.GoogleProvider = _chunkSSVFQCSNcjs.GoogleProvider; exports.OAuthProvider = _chunkSSVFQCSNcjs.OAuthProvider; exports.ServerState = _chunkJP7QSER3cjs.ServerState; exports.UnexpectedStateError = _chunkJP7QSER3cjs.UnexpectedStateError; exports.UserError = _chunkJP7QSER3cjs.UserError; exports.audioContent = _chunkJP7QSER3cjs.audioContent; exports.getAuthSession = _chunkSSVFQCSNcjs.getAuthSession; exports.imageContent = _chunkJP7QSER3cjs.imageContent; exports.requireAll = _chunkSSVFQCSNcjs.requireAll; exports.requireAny = _chunkSSVFQCSNcjs.requireAny; exports.requireAuth = _chunkSSVFQCSNcjs.requireAuth; exports.requireRole = _chunkSSVFQCSNcjs.requireRole; exports.requireScopes = _chunkSSVFQCSNcjs.requireScopes;
 //# sourceMappingURL=FastMCP.cjs.map

package/dist/FastMCP.d.cts

@@ -10,8 +10,8 @@ import { Hono } from 'hono';
 import http from 'http';
 import { StrictEventEmitter } from 'strict-event-emitter-types';
 import { z } from 'zod';
-import { A as AuthProvider, O as OAuthSession, a as OAuthProxy } from './OAuthProvider-R8buLRa8.cjs';
-export { j as AuthProviderConfig, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, d as OAuthProvider, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from './OAuthProvider-R8buLRa8.cjs';
+import { A as AuthProvider, O as OAuthSession, a as OAuthProxy } from './OAuthProvider-BV6EpF_k.cjs';
+export { j as AuthProviderConfig, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, d as OAuthProvider, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from './OAuthProvider-BV6EpF_k.cjs';
 import 'node:http';
 
 declare class DiscoveryDocumentCache {

package/dist/FastMCP.d.ts

@@ -10,8 +10,8 @@ import { Hono } from 'hono';
 import http from 'http';
 import { StrictEventEmitter } from 'strict-event-emitter-types';
 import { z } from 'zod';
-import { A as AuthProvider, O as OAuthSession, a as OAuthProxy } from './OAuthProvider-R8buLRa8.js';
-export { j as AuthProviderConfig, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, d as OAuthProvider, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from './OAuthProvider-R8buLRa8.js';
+import { A as AuthProvider, O as OAuthSession, a as OAuthProxy } from './OAuthProvider-BV6EpF_k.js';
+export { j as AuthProviderConfig, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, d as OAuthProvider, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from './OAuthProvider-BV6EpF_k.js';
 import 'node:http';
 
 declare class DiscoveryDocumentCache {

package/dist/FastMCP.js

@@ -20,7 +20,7 @@ import {
   requireAuth,
   requireRole,
   requireScopes
-} from "./chunk-H4VC4YTC.js";
+} from "./chunk-UN72PIH2.js";
 export {
   AuthProvider,
   AzureProvider,

package/dist/{OAuthProvider-R8buLRa8.d.cts → OAuthProvider-BV6EpF_k.d.cts}

@@ -185,7 +185,23 @@ interface OAuthProviderConfig {
 interface OAuthProxyConfig {
     /** Access token TTL in seconds (default: 3600) */
     accessTokenTtl?: number;
-    /** Allowed redirect URI patterns for client registration */
+    /**
+     * Allow-list of redirect URI patterns accepted by Dynamic Client Registration.
+     *
+     * A client calling POST /oauth/register must present a `redirect_uri` that
+     * matches one of these patterns (exact string or glob with `*` / `?`);
+     * otherwise the registration is rejected with `invalid_redirect_uri`. Once
+     * registered, the same exact URI must be echoed back at /oauth/authorize —
+     * the proxy performs exact string comparison per RFC 6749 §3.1.2.3.
+     *
+     * Default: `[]` (DCR rejects everything — explicit opt-in required).
+     *
+     * Prior versions defaulted to `["https://*", "http://localhost:*"]` with an
+     * implicit fallback that allowed any https URL. This enabled CWE-601
+     * open-redirect / authorization-code theft: an attacker could DCR their own
+     * URL and then steal victim codes via /oauth/authorize. Do not loosen this
+     * default without understanding that threat model.
+     */
     allowedRedirectUriPatterns?: string[];
     /** Authorization code TTL in seconds (default: 300) */
     authorizationCodeTtl?: number;
@@ -548,7 +564,16 @@ declare class OAuthProxy {
      */
     private startCleanup;
     /**
-     * Validate redirect URI against allowed patterns
+     * Validate a redirect URI against the configured allow-list.
+     *
+     * Returns `true` only if the URI is syntactically valid AND matches one of
+     * the explicitly configured `allowedRedirectUriPatterns`. An empty or unset
+     * pattern list means DCR will reject every URI — framework users must
+     * opt-in by listing the exact URIs (or wildcards) they trust.
+     *
+     * Prior versions also fell back to allowing any https URL or localhost,
+     * which enabled attackers to DCR an arbitrary URL and then abuse it via
+     * /oauth/authorize (CWE-601). Do not re-introduce that fallback.
      */
     private validateRedirectUri;
 }
@@ -573,7 +598,17 @@ declare class OAuthProxyError extends Error {
  * Configuration common to all OAuth providers.
  */
 interface AuthProviderConfig {
-    /** Allowed redirect URI patterns (default: ["http://localhost:*", "https://*"]) */
+    /**
+     * Allow-list of redirect URI patterns accepted by Dynamic Client
+     * Registration. Required for any deployment that exposes /oauth/register
+     * or /oauth/authorize — an empty/unset list rejects every URI.
+     *
+     * Example: `["https://yourapp.example.com/*"]`
+     *
+     * Prior versions defaulted to `["http://localhost:*", "https://*"]`, which
+     * enabled CWE-601 open-redirect / authorization-code theft. See the
+     * SECURITY advisory before loosening this.
+     */
     allowedRedirectUriPatterns?: string[];
     /** Base URL where the MCP server is accessible */
     baseUrl: string;

package/dist/{OAuthProvider-R8buLRa8.d.ts → OAuthProvider-BV6EpF_k.d.ts}

@@ -185,7 +185,23 @@ interface OAuthProviderConfig {
 interface OAuthProxyConfig {
     /** Access token TTL in seconds (default: 3600) */
     accessTokenTtl?: number;
-    /** Allowed redirect URI patterns for client registration */
+    /**
+     * Allow-list of redirect URI patterns accepted by Dynamic Client Registration.
+     *
+     * A client calling POST /oauth/register must present a `redirect_uri` that
+     * matches one of these patterns (exact string or glob with `*` / `?`);
+     * otherwise the registration is rejected with `invalid_redirect_uri`. Once
+     * registered, the same exact URI must be echoed back at /oauth/authorize —
+     * the proxy performs exact string comparison per RFC 6749 §3.1.2.3.
+     *
+     * Default: `[]` (DCR rejects everything — explicit opt-in required).
+     *
+     * Prior versions defaulted to `["https://*", "http://localhost:*"]` with an
+     * implicit fallback that allowed any https URL. This enabled CWE-601
+     * open-redirect / authorization-code theft: an attacker could DCR their own
+     * URL and then steal victim codes via /oauth/authorize. Do not loosen this
+     * default without understanding that threat model.
+     */
     allowedRedirectUriPatterns?: string[];
     /** Authorization code TTL in seconds (default: 300) */
     authorizationCodeTtl?: number;
@@ -548,7 +564,16 @@ declare class OAuthProxy {
      */
     private startCleanup;
     /**
-     * Validate redirect URI against allowed patterns
+     * Validate a redirect URI against the configured allow-list.
+     *
+     * Returns `true` only if the URI is syntactically valid AND matches one of
+     * the explicitly configured `allowedRedirectUriPatterns`. An empty or unset
+     * pattern list means DCR will reject every URI — framework users must
+     * opt-in by listing the exact URIs (or wildcards) they trust.
+     *
+     * Prior versions also fell back to allowing any https URL or localhost,
+     * which enabled attackers to DCR an arbitrary URL and then abuse it via
+     * /oauth/authorize (CWE-601). Do not re-introduce that fallback.
      */
     private validateRedirectUri;
 }
@@ -573,7 +598,17 @@ declare class OAuthProxyError extends Error {
  * Configuration common to all OAuth providers.
  */
 interface AuthProviderConfig {
-    /** Allowed redirect URI patterns (default: ["http://localhost:*", "https://*"]) */
+    /**
+     * Allow-list of redirect URI patterns accepted by Dynamic Client
+     * Registration. Required for any deployment that exposes /oauth/register
+     * or /oauth/authorize — an empty/unset list rejects every URI.
+     *
+     * Example: `["https://yourapp.example.com/*"]`
+     *
+     * Prior versions defaulted to `["http://localhost:*", "https://*"]`, which
+     * enabled CWE-601 open-redirect / authorization-code theft. See the
+     * SECURITY advisory before loosening this.
+     */
     allowedRedirectUriPatterns?: string[];
     /** Base URL where the MCP server is accessible */
     baseUrl: string;

package/dist/auth/index.cjs

@@ -24,7 +24,7 @@
 
 
 
-var _chunk7UDY4VFQcjs = require('../chunk-7UDY4VFQ.cjs');
+var _chunkSSVFQCSNcjs = require('../chunk-SSVFQCSN.cjs');
 
 
 
@@ -51,5 +51,5 @@ var _chunk7UDY4VFQcjs = require('../chunk-7UDY4VFQ.cjs');
 
 
 
-exports.AuthProvider = _chunk7UDY4VFQcjs.AuthProvider; exports.AzureProvider = _chunk7UDY4VFQcjs.AzureProvider; exports.ConsentManager = _chunk7UDY4VFQcjs.ConsentManager; exports.DEFAULT_ACCESS_TOKEN_TTL = _chunk7UDY4VFQcjs.DEFAULT_ACCESS_TOKEN_TTL; exports.DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH = _chunk7UDY4VFQcjs.DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH; exports.DEFAULT_AUTHORIZATION_CODE_TTL = _chunk7UDY4VFQcjs.DEFAULT_AUTHORIZATION_CODE_TTL; exports.DEFAULT_REFRESH_TOKEN_TTL = _chunk7UDY4VFQcjs.DEFAULT_REFRESH_TOKEN_TTL; exports.DEFAULT_TRANSACTION_TTL = _chunk7UDY4VFQcjs.DEFAULT_TRANSACTION_TTL; exports.DiskStore = _chunk7UDY4VFQcjs.DiskStore; exports.EncryptedTokenStorage = _chunk7UDY4VFQcjs.EncryptedTokenStorage; exports.GitHubProvider = _chunk7UDY4VFQcjs.GitHubProvider; exports.GoogleProvider = _chunk7UDY4VFQcjs.GoogleProvider; exports.JWKSVerifier = _chunk7UDY4VFQcjs.JWKSVerifier; exports.JWTIssuer = _chunk7UDY4VFQcjs.JWTIssuer; exports.MemoryTokenStorage = _chunk7UDY4VFQcjs.MemoryTokenStorage; exports.OAuthProvider = _chunk7UDY4VFQcjs.OAuthProvider; exports.OAuthProxy = _chunk7UDY4VFQcjs.OAuthProxy; exports.OAuthProxyError = _chunk7UDY4VFQcjs.OAuthProxyError; exports.PKCEUtils = _chunk7UDY4VFQcjs.PKCEUtils; exports.getAuthSession = _chunk7UDY4VFQcjs.getAuthSession; exports.requireAll = _chunk7UDY4VFQcjs.requireAll; exports.requireAny = _chunk7UDY4VFQcjs.requireAny; exports.requireAuth = _chunk7UDY4VFQcjs.requireAuth; exports.requireRole = _chunk7UDY4VFQcjs.requireRole; exports.requireScopes = _chunk7UDY4VFQcjs.requireScopes;
+exports.AuthProvider = _chunkSSVFQCSNcjs.AuthProvider; exports.AzureProvider = _chunkSSVFQCSNcjs.AzureProvider; exports.ConsentManager = _chunkSSVFQCSNcjs.ConsentManager; exports.DEFAULT_ACCESS_TOKEN_TTL = _chunkSSVFQCSNcjs.DEFAULT_ACCESS_TOKEN_TTL; exports.DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH = _chunkSSVFQCSNcjs.DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH; exports.DEFAULT_AUTHORIZATION_CODE_TTL = _chunkSSVFQCSNcjs.DEFAULT_AUTHORIZATION_CODE_TTL; exports.DEFAULT_REFRESH_TOKEN_TTL = _chunkSSVFQCSNcjs.DEFAULT_REFRESH_TOKEN_TTL; exports.DEFAULT_TRANSACTION_TTL = _chunkSSVFQCSNcjs.DEFAULT_TRANSACTION_TTL; exports.DiskStore = _chunkSSVFQCSNcjs.DiskStore; exports.EncryptedTokenStorage = _chunkSSVFQCSNcjs.EncryptedTokenStorage; exports.GitHubProvider = _chunkSSVFQCSNcjs.GitHubProvider; exports.GoogleProvider = _chunkSSVFQCSNcjs.GoogleProvider; exports.JWKSVerifier = _chunkSSVFQCSNcjs.JWKSVerifier; exports.JWTIssuer = _chunkSSVFQCSNcjs.JWTIssuer; exports.MemoryTokenStorage = _chunkSSVFQCSNcjs.MemoryTokenStorage; exports.OAuthProvider = _chunkSSVFQCSNcjs.OAuthProvider; exports.OAuthProxy = _chunkSSVFQCSNcjs.OAuthProxy; exports.OAuthProxyError = _chunkSSVFQCSNcjs.OAuthProxyError; exports.PKCEUtils = _chunkSSVFQCSNcjs.PKCEUtils; exports.getAuthSession = _chunkSSVFQCSNcjs.getAuthSession; exports.requireAll = _chunkSSVFQCSNcjs.requireAll; exports.requireAny = _chunkSSVFQCSNcjs.requireAny; exports.requireAuth = _chunkSSVFQCSNcjs.requireAuth; exports.requireRole = _chunkSSVFQCSNcjs.requireRole; exports.requireScopes = _chunkSSVFQCSNcjs.requireScopes;
 //# sourceMappingURL=index.cjs.map

package/dist/auth/index.d.cts

@@ -1,5 +1,5 @@
-import { p as OAuthTransaction, C as ConsentData, T as TokenStorage, q as TokenVerifier, s as TokenVerificationResult, P as PKCEPair } from '../OAuthProvider-R8buLRa8.cjs';
-export { A as AuthProvider, j as AuthProviderConfig, y as AuthorizationParams, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, z as ClientCode, B as DCRClientMetadata, E as DCRRequest, F as DCRResponse, D as DEFAULT_ACCESS_TOKEN_TTL, u as DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH, v as DEFAULT_AUTHORIZATION_CODE_TTL, w as DEFAULT_REFRESH_TOKEN_TTL, x as DEFAULT_TRANSACTION_TTL, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, H as OAuthError, d as OAuthProvider, I as OAuthProviderConfig, a as OAuthProxy, J as OAuthProxyConfig, t as OAuthProxyError, O as OAuthSession, K as ProxyDCRClient, R as RefreshRequest, L as TokenMapping, M as TokenRequest, N as TokenResponse, U as UpstreamTokenSet, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from '../OAuthProvider-R8buLRa8.cjs';
+import { p as OAuthTransaction, C as ConsentData, T as TokenStorage, q as TokenVerifier, s as TokenVerificationResult, P as PKCEPair } from '../OAuthProvider-BV6EpF_k.cjs';
+export { A as AuthProvider, j as AuthProviderConfig, y as AuthorizationParams, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, z as ClientCode, B as DCRClientMetadata, E as DCRRequest, F as DCRResponse, D as DEFAULT_ACCESS_TOKEN_TTL, u as DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH, v as DEFAULT_AUTHORIZATION_CODE_TTL, w as DEFAULT_REFRESH_TOKEN_TTL, x as DEFAULT_TRANSACTION_TTL, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, H as OAuthError, d as OAuthProvider, I as OAuthProviderConfig, a as OAuthProxy, J as OAuthProxyConfig, t as OAuthProxyError, O as OAuthSession, K as ProxyDCRClient, R as RefreshRequest, L as TokenMapping, M as TokenRequest, N as TokenResponse, U as UpstreamTokenSet, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from '../OAuthProvider-BV6EpF_k.cjs';
 import 'node:http';
 
 /**

package/dist/auth/index.d.ts

@@ -1,5 +1,5 @@
-import { p as OAuthTransaction, C as ConsentData, T as TokenStorage, q as TokenVerifier, s as TokenVerificationResult, P as PKCEPair } from '../OAuthProvider-R8buLRa8.js';
-export { A as AuthProvider, j as AuthProviderConfig, y as AuthorizationParams, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, z as ClientCode, B as DCRClientMetadata, E as DCRRequest, F as DCRResponse, D as DEFAULT_ACCESS_TOKEN_TTL, u as DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH, v as DEFAULT_AUTHORIZATION_CODE_TTL, w as DEFAULT_REFRESH_TOKEN_TTL, x as DEFAULT_TRANSACTION_TTL, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, H as OAuthError, d as OAuthProvider, I as OAuthProviderConfig, a as OAuthProxy, J as OAuthProxyConfig, t as OAuthProxyError, O as OAuthSession, K as ProxyDCRClient, R as RefreshRequest, L as TokenMapping, M as TokenRequest, N as TokenResponse, U as UpstreamTokenSet, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from '../OAuthProvider-R8buLRa8.js';
+import { p as OAuthTransaction, C as ConsentData, T as TokenStorage, q as TokenVerifier, s as TokenVerificationResult, P as PKCEPair } from '../OAuthProvider-BV6EpF_k.js';
+export { A as AuthProvider, j as AuthProviderConfig, y as AuthorizationParams, b as AzureProvider, k as AzureProviderConfig, l as AzureSession, z as ClientCode, B as DCRClientMetadata, E as DCRRequest, F as DCRResponse, D as DEFAULT_ACCESS_TOKEN_TTL, u as DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH, v as DEFAULT_AUTHORIZATION_CODE_TTL, w as DEFAULT_REFRESH_TOKEN_TTL, x as DEFAULT_TRANSACTION_TTL, m as GenericOAuthProviderConfig, G as GitHubProvider, n as GitHubSession, c as GoogleProvider, o as GoogleSession, H as OAuthError, d as OAuthProvider, I as OAuthProviderConfig, a as OAuthProxy, J as OAuthProxyConfig, t as OAuthProxyError, O as OAuthSession, K as ProxyDCRClient, R as RefreshRequest, L as TokenMapping, M as TokenRequest, N as TokenResponse, U as UpstreamTokenSet, g as getAuthSession, r as requireAll, e as requireAny, f as requireAuth, h as requireRole, i as requireScopes } from '../OAuthProvider-BV6EpF_k.js';
 import 'node:http';
 
 /**

package/dist/auth/index.js

@@ -24,7 +24,7 @@ import {
   requireAuth,
   requireRole,
   requireScopes
-} from "../chunk-H4VC4YTC.js";
+} from "../chunk-UN72PIH2.js";
 export {
   AuthProvider,
   AzureProvider,

package/dist/{chunk-7UDY4VFQ.cjs → chunk-SSVFQCSN.cjs}

@@ -863,7 +863,11 @@ var OAuthProxy = (_class4 = class {
   __init9() {this.transactions = /* @__PURE__ */ new Map()}
   constructor(config) {;_class4.prototype.__init5.call(this);_class4.prototype.__init6.call(this);_class4.prototype.__init7.call(this);_class4.prototype.__init8.call(this);_class4.prototype.__init9.call(this);
     this.config = {
-      allowedRedirectUriPatterns: ["https://*", "http://localhost:*"],
+      // Empty by default. Framework users must explicitly configure the URIs they
+      // trust, per RFC 6819 §4.1.5. The previous default (`["https://*", "http://localhost:*"]`)
+      // allowed open DCR registration of any https URL, enabling CWE-601 open-redirect
+      // attacks against /oauth/authorize.
+      allowedRedirectUriPatterns: [],
       authorizationCodeTtl: DEFAULT_AUTHORIZATION_CODE_TTL,
       consentRequired: true,
       enableTokenSwap: true,
@@ -913,6 +917,15 @@ var OAuthProxy = (_class4 = class {
         "Only 'code' response type is supported"
       );
     }
+    if (params.client_id !== this.config.upstreamClientId) {
+      throw new OAuthProxyError("invalid_client", "Unknown client_id");
+    }
+    if (!this.registeredClients.has(params.redirect_uri)) {
+      throw new OAuthProxyError(
+        "invalid_request",
+        "redirect_uri is not registered for this client"
+      );
+    }
     if (params.code_challenge && !params.code_challenge_method) {
       throw new OAuthProxyError(
         "invalid_request",
@@ -950,6 +963,9 @@ var OAuthProxy = (_class4 = class {
         "Only authorization_code grant type is supported"
       );
     }
+    if (request.client_id !== this.config.upstreamClientId) {
+      throw new OAuthProxyError("invalid_client", "Unknown client_id");
+    }
     const clientCode = this.clientCodes.get(request.code);
     if (!clientCode) {
       throw new OAuthProxyError(
@@ -1063,6 +1079,13 @@ var OAuthProxy = (_class4 = class {
     if (!transaction) {
       throw new OAuthProxyError("invalid_request", "Invalid or expired state");
     }
+    if (!this.registeredClients.has(transaction.clientCallbackUrl)) {
+      this.transactions.delete(state);
+      throw new OAuthProxyError(
+        "invalid_request",
+        "Transaction callback URL is not registered"
+      );
+    }
     const upstreamTokens = await this.exchangeUpstreamCode(code, transaction);
     const clientCode = this.generateAuthorizationCode(
       transaction,
@@ -1098,6 +1121,12 @@ var OAuthProxy = (_class4 = class {
     }
     if (action === "deny") {
       this.transactions.delete(transactionId);
+      if (!this.registeredClients.has(transaction.clientCallbackUrl)) {
+        throw new OAuthProxyError(
+          "invalid_request",
+          "Transaction callback URL is not registered"
+        );
+      }
       const redirectUrl = new URL(transaction.clientCallbackUrl);
       redirectUrl.searchParams.set("error", "access_denied");
       redirectUrl.searchParams.set(
@@ -1176,7 +1205,9 @@ var OAuthProxy = (_class4 = class {
       },
       registeredAt: /* @__PURE__ */ new Date()
     };
-    this.registeredClients.set(request.redirect_uris[0], client);
+    for (const uri of request.redirect_uris) {
+      this.registeredClients.set(uri, client);
+    }
     const response = {
       client_id: clientId,
       client_id_issued_at: Math.floor(Date.now() / 1e3),
@@ -1287,11 +1318,16 @@ var OAuthProxy = (_class4 = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "server_error",
-        error.error_description
-      );
+      let errorCode = "server_error";
+      let errorDescription;
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "server_error";
+        errorDescription = error.error_description;
+      } catch (e3) {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1425,11 +1461,16 @@ var OAuthProxy = (_class4 = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "invalid_grant",
-        error.error_description
-      );
+      let errorCode = "invalid_grant";
+      let errorDescription;
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "invalid_grant";
+        errorDescription = error.error_description;
+      } catch (e4) {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1737,11 +1778,16 @@ var OAuthProxy = (_class4 = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "invalid_grant",
-        error.error_description || "Upstream refresh failed"
-      );
+      let errorCode = "invalid_grant";
+      let errorDescription = "Upstream refresh failed";
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "invalid_grant";
+        errorDescription = error.error_description || "Upstream refresh failed";
+      } catch (e5) {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1764,21 +1810,28 @@ var OAuthProxy = (_class4 = class {
     }, 6e4);
   }
   /**
-   * Validate redirect URI against allowed patterns
+   * Validate a redirect URI against the configured allow-list.
+   *
+   * Returns `true` only if the URI is syntactically valid AND matches one of
+   * the explicitly configured `allowedRedirectUriPatterns`. An empty or unset
+   * pattern list means DCR will reject every URI — framework users must
+   * opt-in by listing the exact URIs (or wildcards) they trust.
+   *
+   * Prior versions also fell back to allowing any https URL or localhost,
+   * which enabled attackers to DCR an arbitrary URL and then abuse it via
+   * /oauth/authorize (CWE-601). Do not re-introduce that fallback.
    */
   validateRedirectUri(uri) {
     try {
-      const url = new URL(uri);
-      const patterns = this.config.allowedRedirectUriPatterns || [];
-      for (const pattern of patterns) {
-        if (this.matchesPattern(uri, pattern)) {
-          return true;
-        }
-      }
-      return url.protocol === "https:" || url.hostname === "localhost" || url.hostname === "127.0.0.1";
-    } catch (e3) {
+      new URL(uri);
+    } catch (e6) {
+      return false;
+    }
+    const patterns = this.config.allowedRedirectUriPatterns || [];
+    if (patterns.length === 0) {
       return false;
     }
+    return patterns.some((pattern) => this.matchesPattern(uri, pattern));
   }
 }, _class4);
 var OAuthProxyError = class extends Error {
@@ -1883,10 +1936,10 @@ var AzureProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: _nullishCoalesce(this.config.allowedRedirectUriPatterns, () => ( [
-        "http://localhost:*",
-        "https://*"
-      ])),
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: _nullishCoalesce(this.config.consentRequired, () => ( true)),
       encryptionKey: this.config.encryptionKey,
@@ -1917,10 +1970,10 @@ var GitHubProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: _nullishCoalesce(this.config.allowedRedirectUriPatterns, () => ( [
-        "http://localhost:*",
-        "https://*"
-      ])),
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: _nullishCoalesce(this.config.consentRequired, () => ( true)),
       encryptionKey: this.config.encryptionKey,
@@ -1951,10 +2004,10 @@ var GoogleProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: _nullishCoalesce(this.config.allowedRedirectUriPatterns, () => ( [
-        "http://localhost:*",
-        "https://*"
-      ])),
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: _nullishCoalesce(this.config.consentRequired, () => ( true)),
       encryptionKey: this.config.encryptionKey,
@@ -1987,10 +2040,10 @@ var OAuthProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: _nullishCoalesce(this.config.allowedRedirectUriPatterns, () => ( [
-        "http://localhost:*",
-        "https://*"
-      ])),
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: _nullishCoalesce(this.config.consentRequired, () => ( true)),
       encryptionKey: this.config.encryptionKey,
@@ -2054,7 +2107,7 @@ var DiskStore = (_class5 = class {
           console.warn(`Failed to read/parse file ${file}, deleting:`, error);
           try {
             await _promises.rm.call(void 0, _path.join.call(void 0, this.directory, file));
-          } catch (e4) {
+          } catch (e7) {
           }
         }
       }
@@ -2131,7 +2184,7 @@ var DiskStore = (_class5 = class {
       await this.ensureDirectory();
       const files = await _promises.readdir.call(void 0, this.directory);
       return files.filter((f) => f.endsWith(this.fileExtension)).length;
-    } catch (e5) {
+    } catch (e8) {
       return 0;
     }
   }
@@ -2325,4 +2378,4 @@ Original error: ${error.message}`
 
 
 exports.getAuthSession = getAuthSession; exports.requireAll = requireAll; exports.requireAny = requireAny; exports.requireAuth = requireAuth; exports.requireRole = requireRole; exports.requireScopes = requireScopes; exports.DEFAULT_ACCESS_TOKEN_TTL = DEFAULT_ACCESS_TOKEN_TTL; exports.DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH = DEFAULT_ACCESS_TOKEN_TTL_NO_REFRESH; exports.DEFAULT_REFRESH_TOKEN_TTL = DEFAULT_REFRESH_TOKEN_TTL; exports.DEFAULT_AUTHORIZATION_CODE_TTL = DEFAULT_AUTHORIZATION_CODE_TTL; exports.DEFAULT_TRANSACTION_TTL = DEFAULT_TRANSACTION_TTL; exports.ConsentManager = ConsentManager; exports.JWTIssuer = JWTIssuer; exports.PKCEUtils = PKCEUtils; exports.EncryptedTokenStorage = EncryptedTokenStorage; exports.MemoryTokenStorage = MemoryTokenStorage; exports.OAuthProxy = OAuthProxy; exports.OAuthProxyError = OAuthProxyError; exports.AuthProvider = AuthProvider; exports.AzureProvider = AzureProvider; exports.GitHubProvider = GitHubProvider; exports.GoogleProvider = GoogleProvider; exports.OAuthProvider = OAuthProvider; exports.DiskStore = DiskStore; exports.JWKSVerifier = JWKSVerifier;
-//# sourceMappingURL=chunk-7UDY4VFQ.cjs.map
+//# sourceMappingURL=chunk-SSVFQCSN.cjs.map