gitlab-mcp-test 6.62.1

package/dist/src/oauth/endpoints/callback.js

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.callbackHandler = callbackHandler;
+const config_1 = require("../config");
+const session_store_1 = require("../session-store");
+const gitlab_device_flow_1 = require("../gitlab-device-flow");
+const token_utils_1 = require("../token-utils");
+const logger_1 = require("../../logger");
+const config_2 = require("../../config");
+async function callbackHandler(req, res) {
+    const config = (0, config_1.loadOAuthConfig)();
+    if (!config) {
+        res.status(500).json({
+            error: "server_error",
+            error_description: "OAuth not configured",
+        });
+        return;
+    }
+    const { code, state, error, error_description } = req.query;
+    if (error) {
+        (0, logger_1.logWarn)("GitLab authorization error", { error, error_description });
+        if (state) {
+            const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
+            if (flow) {
+                session_store_1.sessionStore.deleteAuthCodeFlow(state);
+                const redirectUrl = new URL(flow.clientRedirectUri);
+                redirectUrl.searchParams.set("error", error);
+                if (error_description) {
+                    redirectUrl.searchParams.set("error_description", error_description);
+                }
+                if (flow.clientState) {
+                    redirectUrl.searchParams.set("state", flow.clientState);
+                }
+                res.redirect(redirectUrl.toString());
+                return;
+            }
+        }
+        res.status(400).json({
+            error: error,
+            error_description: error_description ?? "GitLab authorization failed",
+        });
+        return;
+    }
+    if (!code) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "Missing authorization code from GitLab",
+        });
+        return;
+    }
+    if (!state) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "Missing state parameter",
+        });
+        return;
+    }
+    const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
+    if (!flow) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "Invalid or expired state. Please start authorization again.",
+        });
+        return;
+    }
+    if (Date.now() > flow.expiresAt) {
+        session_store_1.sessionStore.deleteAuthCodeFlow(state);
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "Authorization flow expired. Please start again.",
+        });
+        return;
+    }
+    try {
+        const gitlabTokens = await (0, gitlab_device_flow_1.exchangeGitLabAuthCode)(code, flow.callbackUri, config);
+        const userInfo = await (0, gitlab_device_flow_1.getGitLabUser)(gitlabTokens.access_token);
+        const sessionId = (0, token_utils_1.generateSessionId)();
+        const now = Date.now();
+        const mcpAuthCode = (0, token_utils_1.generateAuthorizationCode)();
+        session_store_1.sessionStore.storeAuthCode({
+            code: mcpAuthCode,
+            sessionId,
+            clientId: flow.clientId,
+            codeChallenge: flow.codeChallenge,
+            codeChallengeMethod: flow.codeChallengeMethod,
+            redirectUri: flow.clientRedirectUri,
+            expiresAt: now + 10 * 60 * 1000,
+        });
+        session_store_1.sessionStore.createSession({
+            id: sessionId,
+            mcpAccessToken: "",
+            mcpRefreshToken: "",
+            mcpTokenExpiry: 0,
+            gitlabAccessToken: gitlabTokens.access_token,
+            gitlabRefreshToken: gitlabTokens.refresh_token,
+            gitlabTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(gitlabTokens.expires_in),
+            gitlabUserId: userInfo.id,
+            gitlabUsername: userInfo.username,
+            gitlabApiUrl: flow.selectedInstance ?? config_2.GITLAB_BASE_URL,
+            instanceLabel: flow.selectedInstanceLabel,
+            clientId: flow.clientId,
+            scopes: ["mcp:tools", "mcp:resources"],
+            createdAt: now,
+            updatedAt: now,
+        });
+        session_store_1.sessionStore.deleteAuthCodeFlow(state);
+        (0, logger_1.logInfo)("Authorization Code Flow completed successfully", {
+            sessionId: (0, logger_1.truncateId)(sessionId),
+            userId: userInfo.id,
+            username: userInfo.username,
+        });
+        const redirectUrl = new URL(flow.clientRedirectUri);
+        redirectUrl.searchParams.set("code", mcpAuthCode);
+        if (flow.clientState) {
+            redirectUrl.searchParams.set("state", flow.clientState);
+        }
+        (0, logger_1.logDebug)("Redirecting to client with authorization code", {
+            redirectUri: flow.clientRedirectUri,
+        });
+        res.redirect(redirectUrl.toString());
+    }
+    catch (error) {
+        (0, logger_1.logError)("Failed to complete authorization code flow", { err: error });
+        session_store_1.sessionStore.deleteAuthCodeFlow(state);
+        const redirectUrl = new URL(flow.clientRedirectUri);
+        redirectUrl.searchParams.set("error", "server_error");
+        redirectUrl.searchParams.set("error_description", error instanceof Error ? error.message : "Failed to complete authorization");
+        if (flow.clientState) {
+            redirectUrl.searchParams.set("state", flow.clientState);
+        }
+        res.redirect(redirectUrl.toString());
+    }
+}
+//# sourceMappingURL=callback.js.map

package/dist/src/oauth/endpoints/callback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback.js","sourceRoot":"","sources":["../../../../src/oauth/endpoints/callback.ts"],"names":[],"mappings":";;AAqCA,0CAiKC;AArLD,sCAA4C;AAC5C,oDAAgD;AAChD,8DAA8E;AAC9E,gDAAoG;AACpG,yCAAgF;AAChF,yCAA+C;AAexC,KAAK,UAAU,eAAe,CAAC,GAAY,EAAE,GAAa;IAC/D,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,cAAc;YACrB,iBAAiB,EAAE,sBAAsB;SAC1C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC,KAA2C,CAAC;IAGlG,IAAI,KAAK,EAAE,CAAC;QACV,IAAA,gBAAO,EAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAEpE,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,GAAG,4BAAY,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACjD,IAAI,IAAI,EAAE,CAAC;gBACT,4BAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBACvC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBACpD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC7C,IAAI,iBAAiB,EAAE,CAAC;oBACtB,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;gBACvE,CAAC;gBACD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1D,CAAC;gBACD,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACrC,OAAO;YACT,CAAC;QACH,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,KAAK;YACZ,iBAAiB,EAAE,iBAAiB,IAAI,6BAA6B;SACtE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAGD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,wCAAwC;SAC5D,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,yBAAyB;SAC7C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAGD,MAAM,IAAI,GAAG,4BAAY,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,6DAA6D;SACjF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAGD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,4BAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,iDAAiD;SACrE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAA,2CAAsB,EAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAGlF,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAa,EAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAGhE,MAAM,SAAS,GAAG,IAAA,+BAAiB,GAAE,CAAC;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAGvB,MAAM,WAAW,GAAG,IAAA,uCAAyB,GAAE,CAAC;QAGhD,4BAAY,CAAC,aAAa,CAAC;YACzB,IAAI,EAAE,WAAW;YACjB,SAAS;YACT,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,WAAW,EAAE,IAAI,CAAC,iBAAiB;YACnC,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SAChC,CAAC,CAAC;QAIH,4BAAY,CAAC,aAAa,CAAC;YACzB,EAAE,EAAE,SAAS;YACb,cAAc,EAAE,EAAE;YAClB,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,CAAC;YACjB,iBAAiB,EAAE,YAAY,CAAC,YAAY;YAC5C,kBAAkB,EAAE,YAAY,CAAC,aAAa;YAC9C,iBAAiB,EAAE,IAAA,kCAAoB,EAAC,YAAY,CAAC,UAAU,CAAC;YAChE,YAAY,EAAE,QAAQ,CAAC,EAAE;YACzB,cAAc,EAAE,QAAQ,CAAC,QAAQ;YACjC,YAAY,EAAE,IAAI,CAAC,gBAAgB,IAAI,wBAAe;YACtD,aAAa,EAAE,IAAI,CAAC,qBAAqB;YACzC,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC;YACtC,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,CAAC,CAAC;QAGH,4BAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAEvC,IAAA,gBAAO,EAAC,gDAAgD,EAAE;YACxD,SAAS,EAAE,IAAA,mBAAU,EAAC,SAAS,CAAC;YAChC,MAAM,EAAE,QAAQ,CAAC,EAAE;YACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;SAC5B,CAAC,CAAC;QAGH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACpD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1D,CAAC;QAED,IAAA,iBAAQ,EAAC,+CAA+C,EAAE;YACxD,WAAW,EAAE,IAAI,CAAC,iBAAiB;SACpC,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAA,iBAAQ,EAAC,4CAA4C,EAAE,EAAE,GAAG,EAAE,KAAc,EAAE,CAAC,CAAC;QAGhF,4BAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAGvC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACpD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACtD,WAAW,CAAC,YAAY,CAAC,GAAG,CAC1B,mBAAmB,EACnB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,kCAAkC,CAC5E,CAAC;QACF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1D,CAAC;QAED,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvC,CAAC;AACH,CAAC"}

package/dist/src/oauth/endpoints/index.d.ts

@@ -0,0 +1,5 @@
+export { metadataHandler, protectedResourceHandler, getBaseUrl } from "./metadata";
+export { authorizeHandler, pollHandler } from "./authorize";
+export { callbackHandler } from "./callback";
+export { tokenHandler } from "./token";
+export { registerHandler, getRegisteredClient, isValidRedirectUri } from "./register";

package/dist/src/oauth/endpoints/index.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidRedirectUri = exports.getRegisteredClient = exports.registerHandler = exports.tokenHandler = exports.callbackHandler = exports.pollHandler = exports.authorizeHandler = exports.getBaseUrl = exports.protectedResourceHandler = exports.metadataHandler = void 0;
+var metadata_1 = require("./metadata");
+Object.defineProperty(exports, "metadataHandler", { enumerable: true, get: function () { return metadata_1.metadataHandler; } });
+Object.defineProperty(exports, "protectedResourceHandler", { enumerable: true, get: function () { return metadata_1.protectedResourceHandler; } });
+Object.defineProperty(exports, "getBaseUrl", { enumerable: true, get: function () { return metadata_1.getBaseUrl; } });
+var authorize_1 = require("./authorize");
+Object.defineProperty(exports, "authorizeHandler", { enumerable: true, get: function () { return authorize_1.authorizeHandler; } });
+Object.defineProperty(exports, "pollHandler", { enumerable: true, get: function () { return authorize_1.pollHandler; } });
+var callback_1 = require("./callback");
+Object.defineProperty(exports, "callbackHandler", { enumerable: true, get: function () { return callback_1.callbackHandler; } });
+var token_1 = require("./token");
+Object.defineProperty(exports, "tokenHandler", { enumerable: true, get: function () { return token_1.tokenHandler; } });
+var register_1 = require("./register");
+Object.defineProperty(exports, "registerHandler", { enumerable: true, get: function () { return register_1.registerHandler; } });
+Object.defineProperty(exports, "getRegisteredClient", { enumerable: true, get: function () { return register_1.getRegisteredClient; } });
+Object.defineProperty(exports, "isValidRedirectUri", { enumerable: true, get: function () { return register_1.isValidRedirectUri; } });
+//# sourceMappingURL=index.js.map

package/dist/src/oauth/endpoints/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/oauth/endpoints/index.ts"],"names":[],"mappings":";;;AAMA,uCAAmF;AAA1E,2GAAA,eAAe,OAAA;AAAE,oHAAA,wBAAwB,OAAA;AAAE,sGAAA,UAAU,OAAA;AAC9D,yCAA4D;AAAnD,6GAAA,gBAAgB,OAAA;AAAE,wGAAA,WAAW,OAAA;AACtC,uCAA6C;AAApC,2GAAA,eAAe,OAAA;AACxB,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,uCAAsF;AAA7E,2GAAA,eAAe,OAAA;AAAE,+GAAA,mBAAmB,OAAA;AAAE,8GAAA,kBAAkB,OAAA"}

package/dist/src/oauth/endpoints/metadata.d.ts

@@ -0,0 +1,5 @@
+import { Request, Response } from "express";
+export declare const MCP_PROTOCOL_VERSION = "2025-03-26";
+export declare function getBaseUrl(req: Request): string;
+export declare function metadataHandler(req: Request, res: Response): void;
+export declare function protectedResourceHandler(req: Request, res: Response): void;

package/dist/src/oauth/endpoints/metadata.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCP_PROTOCOL_VERSION = void 0;
+exports.getBaseUrl = getBaseUrl;
+exports.metadataHandler = metadataHandler;
+exports.protectedResourceHandler = protectedResourceHandler;
+const config_1 = require("../../config");
+exports.MCP_PROTOCOL_VERSION = "2025-03-26";
+function getBaseUrl(req) {
+    const forwardedProto = req.get("x-forwarded-proto");
+    const protocol = forwardedProto ?? req.protocol ?? "http";
+    const forwardedHost = req.get("x-forwarded-host");
+    const host = forwardedHost ?? req.get("host") ?? `${config_1.HOST}:${config_1.PORT}`;
+    return `${protocol}://${host}`;
+}
+function metadataHandler(req, res) {
+    const baseUrl = getBaseUrl(req);
+    const metadata = {
+        issuer: baseUrl,
+        authorization_endpoint: `${baseUrl}/authorize`,
+        token_endpoint: `${baseUrl}/token`,
+        response_types_supported: ["code"],
+        grant_types_supported: ["authorization_code", "refresh_token"],
+        code_challenge_methods_supported: ["S256"],
+        token_endpoint_auth_methods_supported: ["none"],
+        scopes_supported: ["mcp:tools", "mcp:resources"],
+        registration_endpoint: `${baseUrl}/register`,
+        mcp_version: exports.MCP_PROTOCOL_VERSION,
+    };
+    res.json(metadata);
+}
+function protectedResourceHandler(req, res) {
+    const baseUrl = getBaseUrl(req);
+    const metadata = {
+        resource: baseUrl,
+        authorization_servers: [baseUrl],
+        scopes_supported: ["mcp:tools", "mcp:resources"],
+        bearer_methods_supported: ["header"],
+    };
+    res.json(metadata);
+}
+//# sourceMappingURL=metadata.js.map

package/dist/src/oauth/endpoints/metadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../src/oauth/endpoints/metadata.ts"],"names":[],"mappings":";;;AA0BA,gCAUC;AAaD,0CAsCC;AAWD,4DAmBC;AA3GD,yCAA0C;AAM7B,QAAA,oBAAoB,GAAG,YAAY,CAAC;AAUjD,SAAgB,UAAU,CAAC,GAAY;IAErC,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,cAAc,IAAI,GAAG,CAAC,QAAQ,IAAI,MAAM,CAAC;IAG1D,MAAM,aAAa,GAAG,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,aAAa,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,aAAI,IAAI,aAAI,EAAE,CAAC;IAEnE,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;AACjC,CAAC;AAaD,SAAgB,eAAe,CAAC,GAAY,EAAE,GAAa;IACzD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAGhC,MAAM,QAAQ,GAAG;QAEf,MAAM,EAAE,OAAO;QAGf,sBAAsB,EAAE,GAAG,OAAO,YAAY;QAG9C,cAAc,EAAE,GAAG,OAAO,QAAQ;QAGlC,wBAAwB,EAAE,CAAC,MAAM,CAAC;QAGlC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAG9D,gCAAgC,EAAE,CAAC,MAAM,CAAC;QAI1C,qCAAqC,EAAE,CAAC,MAAM,CAAC;QAG/C,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC;QAGhD,qBAAqB,EAAE,GAAG,OAAO,WAAW;QAG5C,WAAW,EAAE,4BAAoB;KAClC,CAAC;IAEF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrB,CAAC;AAWD,SAAgB,wBAAwB,CAAC,GAAY,EAAE,GAAa;IAClE,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAGhC,MAAM,QAAQ,GAAG;QAEf,QAAQ,EAAE,OAAO;QAGjB,qBAAqB,EAAE,CAAC,OAAO,CAAC;QAGhC,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC;QAGhD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;KACrC,CAAC;IAEF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrB,CAAC"}

package/dist/src/oauth/endpoints/register.d.ts

@@ -0,0 +1,15 @@
+import { Request, Response } from "express";
+interface RegisteredClient {
+    client_id: string;
+    client_secret?: string;
+    redirect_uris: string[];
+    client_name?: string;
+    token_endpoint_auth_method: string;
+    grant_types: string[];
+    response_types: string[];
+    created_at: number;
+}
+export declare function registerHandler(req: Request, res: Response): Promise<void>;
+export declare function getRegisteredClient(clientId: string): RegisteredClient | undefined;
+export declare function isValidRedirectUri(clientId: string, redirectUri: string): boolean;
+export {};

package/dist/src/oauth/endpoints/register.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerHandler = registerHandler;
+exports.getRegisteredClient = getRegisteredClient;
+exports.isValidRedirectUri = isValidRedirectUri;
+const crypto_1 = require("crypto");
+const logger_1 = require("../../logger");
+const registeredClients = new Map();
+async function registerHandler(req, res) {
+    try {
+        const body = req.body;
+        const { redirect_uris, client_name, token_endpoint_auth_method = "none", grant_types = ["authorization_code", "refresh_token"], response_types = ["code"], } = body;
+        if (!redirect_uris || !Array.isArray(redirect_uris) || redirect_uris.length === 0) {
+            res.status(400).json({
+                error: "invalid_client_metadata",
+                error_description: "redirect_uris is required and must be a non-empty array",
+            });
+            return;
+        }
+        for (const uri of redirect_uris) {
+            try {
+                new URL(uri);
+            }
+            catch {
+                res.status(400).json({
+                    error: "invalid_redirect_uri",
+                    error_description: `Invalid redirect URI: ${uri}`,
+                });
+                return;
+            }
+        }
+        const client_id = (0, crypto_1.randomUUID)();
+        let client_secret;
+        if (token_endpoint_auth_method !== "none") {
+            client_secret = (0, crypto_1.randomUUID)() + (0, crypto_1.randomUUID)();
+        }
+        const clientData = {
+            client_id,
+            client_secret,
+            redirect_uris,
+            client_name,
+            token_endpoint_auth_method,
+            grant_types,
+            response_types,
+            created_at: Date.now(),
+        };
+        registeredClients.set(client_id, clientData);
+        (0, logger_1.logInfo)("New OAuth client registered via DCR", {
+            client_id,
+            client_name,
+            redirect_uris,
+            token_endpoint_auth_method,
+        });
+        const response = {
+            client_id,
+            redirect_uris,
+            client_name,
+            token_endpoint_auth_method,
+            grant_types,
+            response_types,
+        };
+        if (client_secret) {
+            response.client_secret = client_secret;
+        }
+        res.status(201).json(response);
+    }
+    catch (error) {
+        (0, logger_1.logError)("Error in dynamic client registration", { err: error });
+        res.status(500).json({
+            error: "server_error",
+            error_description: "Failed to register client",
+        });
+    }
+}
+function getRegisteredClient(clientId) {
+    return registeredClients.get(clientId);
+}
+function isValidRedirectUri(clientId, redirectUri) {
+    const client = registeredClients.get(clientId);
+    if (!client) {
+        return true;
+    }
+    return client.redirect_uris.includes(redirectUri);
+}
+//# sourceMappingURL=register.js.map

package/dist/src/oauth/endpoints/register.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../src/oauth/endpoints/register.ts"],"names":[],"mappings":";;AA2CA,0CAuFC;AAKD,kDAEC;AAKD,gDAQC;AA9ID,mCAAoC;AACpC,yCAAiD;AAwBjD,MAAM,iBAAiB,GAAkC,IAAI,GAAG,EAAE,CAAC;AAU5D,KAAK,UAAU,eAAe,CAAC,GAAY,EAAE,GAAa;IAC/D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAiC,CAAC;QACnD,MAAM,EACJ,aAAa,EACb,WAAW,EACX,0BAA0B,GAAG,MAAM,EACnC,WAAW,GAAG,CAAC,oBAAoB,EAAE,eAAe,CAAC,EACrD,cAAc,GAAG,CAAC,MAAM,CAAC,GAC1B,GAAG,IAAI,CAAC;QAGT,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,yBAAyB;gBAChC,iBAAiB,EAAE,yDAAyD;aAC7E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAGD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACf,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,sBAAsB;oBAC7B,iBAAiB,EAAE,yBAAyB,GAAG,EAAE;iBAClD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;QACH,CAAC;QAGD,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;QAI/B,IAAI,aAAiC,CAAC;QACtC,IAAI,0BAA0B,KAAK,MAAM,EAAE,CAAC;YAC1C,aAAa,GAAG,IAAA,mBAAU,GAAE,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC9C,CAAC;QAGD,MAAM,UAAU,GAAqB;YACnC,SAAS;YACT,aAAa;YACb,aAAa;YACb,WAAW;YACX,0BAA0B;YAC1B,WAAW;YACX,cAAc;YACd,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;QAEF,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAE7C,IAAA,gBAAO,EAAC,qCAAqC,EAAE;YAC7C,SAAS;YACT,WAAW;YACX,aAAa;YACb,0BAA0B;SAC3B,CAAC,CAAC;QAGH,MAAM,QAAQ,GAA4B;YACxC,SAAS;YACT,aAAa;YACb,WAAW;YACX,0BAA0B;YAC1B,WAAW;YACX,cAAc;SACf,CAAC;QAGF,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,CAAC,aAAa,GAAG,aAAa,CAAC;QACzC,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAA,iBAAQ,EAAC,sCAAsC,EAAE,EAAE,GAAG,EAAE,KAAc,EAAE,CAAC,CAAC;QAC1E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,cAAc;YACrB,iBAAiB,EAAE,2BAA2B;SAC/C,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAKD,SAAgB,mBAAmB,CAAC,QAAgB;IAClD,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACzC,CAAC;AAKD,SAAgB,kBAAkB,CAAC,QAAgB,EAAE,WAAmB;IACtE,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;QAGZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACpD,CAAC"}

package/dist/src/oauth/endpoints/token.d.ts

@@ -0,0 +1,2 @@
+import { Request, Response } from "express";
+export declare function tokenHandler(req: Request, res: Response): Promise<void>;

package/dist/src/oauth/endpoints/token.js

@@ -0,0 +1,167 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenHandler = tokenHandler;
+const config_1 = require("../config");
+const session_store_1 = require("../session-store");
+const token_utils_1 = require("../token-utils");
+const gitlab_device_flow_1 = require("../gitlab-device-flow");
+const metadata_1 = require("./metadata");
+const logger_1 = require("../../logger");
+const request_logger_1 = require("../../utils/request-logger");
+async function tokenHandler(req, res) {
+    const config = (0, config_1.loadOAuthConfig)();
+    if (!config) {
+        sendError(req, res, 500, "server_error", "OAuth not configured");
+        return;
+    }
+    const { grant_type } = req.body;
+    switch (grant_type) {
+        case "authorization_code":
+            await handleAuthorizationCode(req, res, config);
+            break;
+        case "refresh_token":
+            await handleRefreshToken(req, res, config);
+            break;
+        default:
+            sendError(req, res, 400, "unsupported_grant_type", `Grant type "${grant_type}" is not supported`);
+    }
+}
+async function handleAuthorizationCode(req, res, config) {
+    const { code, code_verifier, redirect_uri } = req.body;
+    if (!code) {
+        sendError(req, res, 400, "invalid_request", "Missing authorization code");
+        return;
+    }
+    if (!code_verifier) {
+        sendError(req, res, 400, "invalid_request", "Missing code_verifier (PKCE required)");
+        return;
+    }
+    const authCode = session_store_1.sessionStore.getAuthCode(code);
+    if (!authCode) {
+        sendError(req, res, 400, "invalid_grant", "Invalid or expired authorization code");
+        return;
+    }
+    if (Date.now() > authCode.expiresAt) {
+        session_store_1.sessionStore.deleteAuthCode(code);
+        sendError(req, res, 400, "invalid_grant", "Authorization code has expired");
+        return;
+    }
+    if (!(0, token_utils_1.verifyCodeChallenge)(code_verifier, authCode.codeChallenge, authCode.codeChallengeMethod)) {
+        sendError(req, res, 400, "invalid_grant", "Invalid code_verifier");
+        return;
+    }
+    if (authCode.redirectUri && redirect_uri !== authCode.redirectUri) {
+        sendError(req, res, 400, "invalid_grant", "redirect_uri does not match");
+        return;
+    }
+    const session = session_store_1.sessionStore.getSession(authCode.sessionId);
+    if (!session) {
+        sendError(req, res, 400, "invalid_grant", "Session not found");
+        return;
+    }
+    const baseUrl = (0, metadata_1.getBaseUrl)(req);
+    const accessToken = (0, token_utils_1.createJWT)({
+        iss: baseUrl,
+        sub: session.gitlabUserId.toString(),
+        aud: authCode.clientId,
+        sid: session.id,
+        scope: session.scopes.join(" "),
+        gitlab_user: session.gitlabUsername,
+    }, config.sessionSecret, config.tokenTtl);
+    const refreshToken = (0, token_utils_1.generateRefreshToken)();
+    session_store_1.sessionStore.updateSession(session.id, {
+        mcpAccessToken: accessToken,
+        mcpRefreshToken: refreshToken,
+        mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
+    });
+    session_store_1.sessionStore.deleteAuthCode(code);
+    (0, logger_1.logInfo)("MCP tokens issued via authorization_code grant", {
+        sessionId: (0, logger_1.truncateId)(session.id),
+        userId: session.gitlabUserId,
+    });
+    const response = {
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: config.tokenTtl,
+        refresh_token: refreshToken,
+        scope: session.scopes.join(" "),
+    };
+    res.json(response);
+}
+async function handleRefreshToken(req, res, config) {
+    const { refresh_token } = req.body;
+    if (!refresh_token) {
+        sendError(req, res, 400, "invalid_request", "Missing refresh_token");
+        return;
+    }
+    const session = session_store_1.sessionStore.getSessionByRefreshToken(refresh_token);
+    if (!session) {
+        sendError(req, res, 400, "invalid_grant", "Invalid refresh token");
+        return;
+    }
+    let updatedSession = session;
+    if ((0, token_utils_1.isTokenExpiringSoon)(session.gitlabTokenExpiry)) {
+        try {
+            const newTokens = await (0, gitlab_device_flow_1.refreshGitLabToken)(session.gitlabRefreshToken, config);
+            session_store_1.sessionStore.updateSession(session.id, {
+                gitlabAccessToken: newTokens.access_token,
+                gitlabRefreshToken: newTokens.refresh_token,
+                gitlabTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(newTokens.expires_in),
+            });
+            const refreshedSession = session_store_1.sessionStore.getSession(session.id);
+            if (!refreshedSession) {
+                sendError(req, res, 400, "invalid_grant", "Session lost during refresh");
+                return;
+            }
+            updatedSession = refreshedSession;
+            (0, logger_1.logDebug)("GitLab token refreshed", { sessionId: (0, logger_1.truncateId)(session.id) });
+        }
+        catch (error) {
+            (0, logger_1.logError)("Failed to refresh GitLab token", { err: error });
+            sendError(req, res, 400, "invalid_grant", "Failed to refresh underlying GitLab token");
+            return;
+        }
+    }
+    const baseUrl = (0, metadata_1.getBaseUrl)(req);
+    const accessToken = (0, token_utils_1.createJWT)({
+        iss: baseUrl,
+        sub: updatedSession.gitlabUserId.toString(),
+        aud: updatedSession.clientId,
+        sid: updatedSession.id,
+        scope: updatedSession.scopes.join(" "),
+        gitlab_user: updatedSession.gitlabUsername,
+    }, config.sessionSecret, config.tokenTtl);
+    const newRefreshToken = (0, token_utils_1.generateRefreshToken)();
+    session_store_1.sessionStore.updateSession(updatedSession.id, {
+        mcpAccessToken: accessToken,
+        mcpRefreshToken: newRefreshToken,
+        mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
+    });
+    (0, logger_1.logInfo)("MCP tokens refreshed via refresh_token grant", {
+        sessionId: (0, logger_1.truncateId)(updatedSession.id),
+        userId: updatedSession.gitlabUserId,
+    });
+    const response = {
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: config.tokenTtl,
+        refresh_token: newRefreshToken,
+        scope: updatedSession.scopes.join(" "),
+    };
+    res.json(response);
+}
+function sendError(req, res, status, error, description) {
+    (0, logger_1.logWarn)("OAuth token request failed", {
+        event: "oauth_error",
+        endpoint: "/token",
+        ip: (0, request_logger_1.getIpAddress)(req),
+        error,
+        description,
+    });
+    const response = {
+        error,
+        error_description: description,
+    };
+    res.status(status).json(response);
+}
+//# sourceMappingURL=token.js.map

package/dist/src/oauth/endpoints/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../src/oauth/endpoints/token.ts"],"names":[],"mappings":";;AAoCA,oCA2BC;AAnDD,sCAAyD;AACzD,oDAAgD;AAChD,gDAMwB;AACxB,8DAA2D;AAC3D,yCAAwC;AACxC,yCAAgF;AAEhF,+DAA0D;AAWnD,KAAK,UAAU,YAAY,CAAC,GAAY,EAAE,GAAa;IAC5D,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAA+B,CAAC;IAE3D,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,oBAAoB;YACvB,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;YAChD,MAAM;QAER,KAAK,eAAe;YAClB,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3C,MAAM;QAER;YACE,SAAS,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,wBAAwB,EACxB,eAAe,UAAU,oBAAoB,CAC9C,CAAC;IACN,CAAC;AACH,CAAC;AAQD,KAAK,UAAU,uBAAuB,CACpC,GAAY,EACZ,GAAa,EACb,MAAmB;IAEnB,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,GAAG,CAAC,IAIjD,CAAC;IAGF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,4BAA4B,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,uCAAuC,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IAGD,MAAM,QAAQ,GAAG,4BAAY,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAChD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,uCAAuC,CAAC,CAAC;QACnF,OAAO;IACT,CAAC;IAGD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QACpC,4BAAY,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,gCAAgC,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAGD,IAAI,CAAC,IAAA,iCAAmB,EAAC,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC9F,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,uBAAuB,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAGD,IAAI,QAAQ,CAAC,WAAW,IAAI,YAAY,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC;QAClE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,6BAA6B,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAGD,MAAM,OAAO,GAAG,4BAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAGD,MAAM,OAAO,GAAG,IAAA,qBAAU,EAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,WAAW,GAAG,IAAA,uBAAS,EAC3B;QACE,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE;QACpC,GAAG,EAAE,QAAQ,CAAC,QAAQ;QACtB,GAAG,EAAE,OAAO,CAAC,EAAE;QACf,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QAC/B,WAAW,EAAE,OAAO,CAAC,cAAc;KACpC,EACD,MAAM,CAAC,aAAa,EACpB,MAAM,CAAC,QAAQ,CAChB,CAAC;IAEF,MAAM,YAAY,GAAG,IAAA,kCAAoB,GAAE,CAAC;IAG5C,4BAAY,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;QACrC,cAAc,EAAE,WAAW;QAC3B,eAAe,EAAE,YAAY;QAC7B,cAAc,EAAE,IAAA,kCAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC;KACtD,CAAC,CAAC;IAGH,4BAAY,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAElC,IAAA,gBAAO,EAAC,gDAAgD,EAAE;QACxD,SAAS,EAAE,IAAA,mBAAU,EAAC,OAAO,CAAC,EAAE,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC,YAAY;KAC7B,CAAC,CAAC;IAGH,MAAM,QAAQ,GAAqB;QACjC,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,MAAM,CAAC,QAAQ;QAC3B,aAAa,EAAE,YAAY;QAC3B,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KAChC,CAAC;IAEF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrB,CAAC;AAQD,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa,EAAE,MAAmB;IAChF,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAkC,CAAC;IAEjE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iBAAiB,EAAE,uBAAuB,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAGD,MAAM,OAAO,GAAG,4BAAY,CAAC,wBAAwB,CAAC,aAAa,CAAC,CAAC;IACrE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,uBAAuB,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAGD,IAAI,cAAc,GAAiB,OAAO,CAAC;IAE3C,IAAI,IAAA,iCAAmB,EAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAA,uCAAkB,EAAC,OAAO,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;YAE/E,4BAAY,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBACrC,iBAAiB,EAAE,SAAS,CAAC,YAAY;gBACzC,kBAAkB,EAAE,SAAS,CAAC,aAAa;gBAC3C,iBAAiB,EAAE,IAAA,kCAAoB,EAAC,SAAS,CAAC,UAAU,CAAC;aAC9D,CAAC,CAAC;YAGH,MAAM,gBAAgB,GAAG,4BAAY,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC7D,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,6BAA6B,CAAC,CAAC;gBACzE,OAAO;YACT,CAAC;YACD,cAAc,GAAG,gBAAgB,CAAC;YAElC,IAAA,iBAAQ,EAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,IAAA,mBAAU,EAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAA,iBAAQ,EAAC,gCAAgC,EAAE,EAAE,GAAG,EAAE,KAAc,EAAE,CAAC,CAAC;YACpE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,2CAA2C,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;IACH,CAAC;IAGD,MAAM,OAAO,GAAG,IAAA,qBAAU,EAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,WAAW,GAAG,IAAA,uBAAS,EAC3B;QACE,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE;QAC3C,GAAG,EAAE,cAAc,CAAC,QAAQ;QAC5B,GAAG,EAAE,cAAc,CAAC,EAAE;QACtB,KAAK,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACtC,WAAW,EAAE,cAAc,CAAC,cAAc;KAC3C,EACD,MAAM,CAAC,aAAa,EACpB,MAAM,CAAC,QAAQ,CAChB,CAAC;IAEF,MAAM,eAAe,GAAG,IAAA,kCAAoB,GAAE,CAAC;IAG/C,4BAAY,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,EAAE;QAC5C,cAAc,EAAE,WAAW;QAC3B,eAAe,EAAE,eAAe;QAChC,cAAc,EAAE,IAAA,kCAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC;KACtD,CAAC,CAAC;IAEH,IAAA,gBAAO,EAAC,8CAA8C,EAAE;QACtD,SAAS,EAAE,IAAA,mBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QACxC,MAAM,EAAE,cAAc,CAAC,YAAY;KACpC,CAAC,CAAC;IAGH,MAAM,QAAQ,GAAqB;QACjC,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,MAAM,CAAC,QAAQ;QAC3B,aAAa,EAAE,eAAe;QAC9B,KAAK,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KACvC,CAAC;IAEF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrB,CAAC;AAOD,SAAS,SAAS,CAChB,GAAY,EACZ,GAAa,EACb,MAAc,EACd,KAAa,EACb,WAAmB;IAGnB,IAAA,gBAAO,EAAC,4BAA4B,EAAE;QACpC,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,IAAA,6BAAY,EAAC,GAAG,CAAC;QACrB,KAAK;QACL,WAAW;KACZ,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAuB;QACnC,KAAK;QACL,iBAAiB,EAAE,WAAW;KAC/B,CAAC;IACF,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC"}

package/dist/src/oauth/gitlab-device-flow.d.ts

@@ -0,0 +1,10 @@
+import { OAuthConfig } from "./config";
+import { GitLabDeviceResponse, GitLabTokenResponse, GitLabUserInfo } from "./types";
+export declare function initiateDeviceFlow(config: OAuthConfig): Promise<GitLabDeviceResponse>;
+export declare function pollDeviceFlowOnce(deviceCode: string, config: OAuthConfig): Promise<GitLabTokenResponse | null>;
+export declare function pollForToken(deviceCode: string, config: OAuthConfig, onPending?: () => void): Promise<GitLabTokenResponse>;
+export declare function refreshGitLabToken(refreshToken: string, config: OAuthConfig): Promise<GitLabTokenResponse>;
+export declare function getGitLabUser(accessToken: string): Promise<GitLabUserInfo>;
+export declare function validateGitLabToken(accessToken: string): Promise<boolean>;
+export declare function exchangeGitLabAuthCode(code: string, redirectUri: string, config: OAuthConfig): Promise<GitLabTokenResponse>;
+export declare function buildGitLabAuthUrl(config: OAuthConfig, redirectUri: string, state: string): string;