integrate-sdk 0.2.3 → 0.2.4

package/README.md

@@ -98,6 +98,187 @@ await client.server.listToolsByIntegration({ integration: "github" });
 await client._callToolByName("slack_send_message", { channel: "#general", text: "Hello" });
 ```
 
+## OAuth Authorization
+
+The SDK implements OAuth 2.0 Authorization Code Flow with PKCE for secure third-party service authorization. Users must authorize your application to access their GitHub, Gmail, or other accounts.
+
+### How It Works
+
+1. **Your App**: Creates client with OAuth configuration
+2. **SDK**: Initiates OAuth flow (popup or redirect)
+3. **User**: Authorizes permissions on provider's website
+4. **Provider**: Redirects back with authorization code
+5. **Your Server**: Exchanges code for tokens and stores them
+6. **SDK**: Includes session token in all API requests
+7. **Your Server**: Uses stored OAuth tokens for API calls
+
+### Quick Start
+
+```typescript
+import { createMCPClient, githubPlugin } from "integrate-sdk";
+
+// Create client with OAuth flow configuration
+const client = createMCPClient({
+  plugins: [
+    githubPlugin({
+      clientId: process.env.GITHUB_CLIENT_ID!,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+      scopes: ["repo", "user"],
+      redirectUri: "http://localhost:3000/oauth/callback",
+    }),
+  ],
+  oauthFlow: {
+    mode: 'popup', // or 'redirect'
+    popupOptions: { width: 600, height: 700 },
+  },
+});
+
+// Check if authorized
+const isAuthorized = await client.isAuthorized('github');
+
+if (!isAuthorized) {
+  // Initiate OAuth flow - opens popup or redirects
+  await client.authorize('github');
+}
+
+// Now you can use GitHub tools
+const repos = await client.github.listOwnRepos({});
+```
+
+### Popup Flow (Recommended for SPAs)
+
+Best for single-page applications - authorization happens in a popup without leaving your app.
+
+```typescript
+const client = createMCPClient({
+  plugins: [githubPlugin({ ... })],
+  oauthFlow: { mode: 'popup' },
+});
+
+// This opens a popup for authorization
+await client.authorize('github');
+
+// After user approves, continues automatically
+const repos = await client.github.listOwnRepos({});
+```
+
+**Callback Page**: Create `/oauth/callback.html`:
+
+```html
+<!DOCTYPE html>
+<html>
+<head>
+  <title>OAuth Callback</title>
+  <script type="module">
+    import { sendCallbackToOpener } from 'integrate-sdk';
+    
+    const params = new URLSearchParams(window.location.search);
+    sendCallbackToOpener({
+      code: params.get('code'),
+      state: params.get('state'),
+      error: params.get('error')
+    });
+  </script>
+</head>
+<body>
+  <p>Authorization successful! Closing...</p>
+</body>
+</html>
+```
+
+### Redirect Flow (Traditional Web Apps)
+
+Best for traditional server-rendered applications.
+
+```typescript
+// Main page
+const client = createMCPClient({
+  plugins: [githubPlugin({ ... })],
+  oauthFlow: { mode: 'redirect' },
+});
+
+if (!await client.isAuthorized('github')) {
+  await client.authorize('github'); // Redirects to GitHub
+}
+
+// Callback page (e.g., /oauth/callback)
+const params = new URLSearchParams(window.location.search);
+await client.handleOAuthCallback({
+  code: params.get('code')!,
+  state: params.get('state')!
+});
+
+// Save session token for future use
+const sessionToken = client.getSessionToken();
+localStorage.setItem('session_token', sessionToken);
+
+// Redirect back to main app
+```
+
+### Session Token Management
+
+Store and restore sessions to avoid re-authorization:
+
+```typescript
+// Restore previous session
+const client = createMCPClient({
+  plugins: [githubPlugin({ ... })],
+  sessionToken: localStorage.getItem('session_token'),
+});
+
+// Check if session is still valid
+if (!await client.isAuthorized('github')) {
+  await client.authorize('github');
+}
+
+// Store token after new authorization
+const token = client.getSessionToken();
+localStorage.setItem('session_token', token);
+```
+
+### Multiple Providers
+
+Authorize multiple services independently:
+
+```typescript
+const client = createMCPClient({
+  plugins: [
+    githubPlugin({ ... }),
+    gmailPlugin({ ... }),
+  ],
+  oauthFlow: { mode: 'popup' },
+});
+
+// Get list of all authorized providers
+const authorized = await client.authorizedProviders();
+console.log('Authorized:', authorized); // ['github', 'gmail']
+
+// Or check and authorize each provider individually
+if (!await client.isAuthorized('github')) {
+  await client.authorize('github');
+}
+
+if (!await client.isAuthorized('gmail')) {
+  await client.authorize('gmail');
+}
+
+// Use both services
+const repos = await client.github.listOwnRepos({});
+const messages = await client.gmail.listMessages({});
+```
+
+### Server Requirements
+
+Your MCP server must implement these OAuth endpoints:
+
+**GET `/oauth/authorize`** - Returns authorization URL
+**POST `/oauth/callback`** - Exchanges code for tokens, returns session token
+**GET `/oauth/status`** - Checks authorization status
+
+All tool endpoints must accept `X-Session-Token` header and use stored OAuth tokens for API calls.
+
+[→ View complete OAuth flow implementation guide](/docs/guides/oauth-flow.md)
+
 ## Built-in Plugins
 
 ### GitHub Plugin

package/dist/client.d.ts

@@ -9,6 +9,7 @@ import { type AuthenticationError } from "./errors.js";
 import type { GitHubPluginClient } from "./plugins/github-client.js";
 import type { GmailPluginClient } from "./plugins/gmail-client.js";
 import type { ServerPluginClient } from "./plugins/server-client.js";
+import type { AuthStatus, OAuthCallbackParams } from "./oauth/types.js";
 /**
  * Tool invocation options
  */
@@ -54,6 +55,7 @@ export declare class MCPClient<TPlugins extends readonly MCPPlugin[] = readonly
     private authState;
     private connectionMode;
     private connecting;
+    private oauthManager;
     readonly github: PluginNamespaces<TPlugins> extends {
         github: GitHubPluginClient;
     } ? GitHubPluginClient : never;
@@ -169,6 +171,97 @@ export declare class MCPClient<TPlugins extends readonly MCPPlugin[] = readonly
      * Check if a specific provider is authenticated
      */
     isProviderAuthenticated(provider: string): boolean;
+    /**
+     * Check if a provider is authorized via OAuth
+     * Queries the MCP server to verify OAuth token validity
+     *
+     * @param provider - Provider name (github, gmail, etc.)
+     * @returns Authorization status
+     *
+     * @example
+     * ```typescript
+     * const isAuthorized = await client.isAuthorized('github');
+     * if (!isAuthorized) {
+     *   await client.authorize('github');
+     * }
+     * ```
+     */
+    isAuthorized(provider: string): Promise<boolean>;
+    /**
+     * Get list of all authorized providers
+     * Checks all configured OAuth providers and returns names of authorized ones
+     *
+     * @returns Array of authorized provider names
+     *
+     * @example
+     * ```typescript
+     * const authorized = await client.authorizedProviders();
+     * console.log('Authorized services:', authorized); // ['github', 'gmail']
+     *
+     * // Check if specific service is in the list
+     * if (authorized.includes('github')) {
+     *   const repos = await client.github.listOwnRepos({});
+     * }
+     * ```
+     */
+    authorizedProviders(): Promise<string[]>;
+    /**
+     * Get detailed authorization status for a provider
+     *
+     * @param provider - Provider name
+     * @returns Full authorization status including scopes and expiration
+     */
+    getAuthorizationStatus(provider: string): Promise<AuthStatus>;
+    /**
+     * Initiate OAuth authorization flow for a provider
+     * Opens authorization URL in popup or redirects based on configuration
+     *
+     * @param provider - Provider name (github, gmail, etc.)
+     *
+     * @example
+     * ```typescript
+     * // Popup flow
+     * await client.authorize('github');
+     *
+     * // Redirect flow
+     * await client.authorize('github'); // User is redirected away
+     * ```
+     */
+    authorize(provider: string): Promise<void>;
+    /**
+     * Handle OAuth callback after user authorization
+     * Call this from your OAuth callback page with code and state from URL
+     *
+     * @param params - Callback parameters containing code and state
+     *
+     * @example
+     * ```typescript
+     * // In your callback route (e.g., /oauth/callback)
+     * const params = new URLSearchParams(window.location.search);
+     * await client.handleOAuthCallback({
+     *   code: params.get('code')!,
+     *   state: params.get('state')!
+     * });
+     *
+     * // Now you can use the client
+     * const repos = await client.github.listOwnRepos({});
+     * ```
+     */
+    handleOAuthCallback(params: OAuthCallbackParams): Promise<void>;
+    /**
+     * Get the current session token
+     * Useful for storing and restoring sessions
+     *
+     * @returns Session token or undefined if not authorized
+     */
+    getSessionToken(): string | undefined;
+    /**
+     * Set session token manually
+     * Use this if you have an existing session token
+     *
+     * @param token - Session token
+     */
+    setSessionToken(token: string): void;
     /**
      * Manually trigger re-authentication for a specific provider
      * Useful if you want to proactively refresh tokens

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,OAAO,EAEP,mBAAmB,EAIpB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAsBrE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,KAAK,eAAe,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,EAAE,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,EAAE,GAAG,KAAK,CAAC;AAClE,KAAK,SAAS,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAE1F;;GAEG;AACH,KAAK,WAAW,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,EAAE,EAAE,SAAS,MAAM,IACvE,EAAE,SAAS,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,KAAK,CAAC;AAEhD;;GAEG;AACH,KAAK,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IACzD,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,IAAI,GAAG;IAAE,MAAM,EAAE,kBAAkB,CAAA;CAAE,GAAG,EAAE,CAAC,GACpF,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,GAAG;IAAE,KAAK,EAAE,iBAAiB,CAAA;CAAE,GAAG,EAAE,CAAC,CAAC;AAEpF;;;;GAIG;AACH,qBAAa,SAAS,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,SAAS,EAAE;IACjF,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,gBAAgB,CAAC,CAAgB;IACzC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,SAAS,CAAuF;IACxG,OAAO,CAAC,cAAc,CAA8B;IACpD,OAAO,CAAC,UAAU,CAA8B;IAGhD,SAAgB,MAAM,EAAG,gBAAgB,CAAC,QAAQ,CAAC,SAAS;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,GACtF,kBAAkB,GAClB,KAAK,CAAC;IACV,SAAgB,KAAK,EAAG,gBAAgB,CAAC,QAAQ,CAAC,SAAS;QAAE,KAAK,EAAE,iBAAiB,CAAA;KAAE,GACnF,iBAAiB,GACjB,KAAK,CAAC;IAGV,SAAgB,MAAM,EAAG,kBAAkB,CAAC;gBAEhC,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC;IAqC7C;;OAEG;YACW,eAAe;IA0B7B;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAczB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAgBzB;;OAEG;YACW,sBAAsB;IAmCpC;;OAEG;YACW,iBAAiB;IAQ/B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAyB9B;;OAEG;YACW,UAAU;IAkBxB;;OAEG;YACW,aAAa;IAoB3B;;;;OAIG;IACG,eAAe,CACnB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,mBAAmB,CAAC;IAI/B;;;;;;;;;;;OAWG;IACG,cAAc,CAClB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,mBAAmB,CAAC;IAgC/B;;OAEG;YACW,iBAAiB;IA4E/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAS1B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS;IAI1C;;OAEG;IACH,iBAAiB,IAAI,OAAO,EAAE;IAI9B;;OAEG;IACH,eAAe,IAAI,OAAO,EAAE;IAM5B;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAKzD;;OAEG;IACH,kBAAkB,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC;IAU9C;;OAEG;IACH,SAAS,CACP,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,GAClC,MAAM,IAAI;IAIb;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG;QAAE,aAAa,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE,GAAG,SAAS;IAIvG;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIlD;;;OAGG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA2BzD;AA4DD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,wBAAgB,eAAe,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,EACnE,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,GAChC,SAAS,CAAC,QAAQ,CAAC,CAwDrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAetD"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,OAAO,EAEP,mBAAmB,EAIpB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,mBAAmB,CAAC;AACxE,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAErE,OAAO,KAAK,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAsBxE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,KAAK,eAAe,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,EAAE,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,EAAE,GAAG,KAAK,CAAC;AAClE,KAAK,SAAS,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAE1F;;GAEG;AACH,KAAK,WAAW,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,EAAE,EAAE,SAAS,MAAM,IACvE,EAAE,SAAS,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,KAAK,CAAC;AAEhD;;GAEG;AACH,KAAK,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IACzD,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,IAAI,GAAG;IAAE,MAAM,EAAE,kBAAkB,CAAA;CAAE,GAAG,EAAE,CAAC,GACpF,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,GAAG;IAAE,KAAK,EAAE,iBAAiB,CAAA;CAAE,GAAG,EAAE,CAAC,CAAC;AAEpF;;;;GAIG;AACH,qBAAa,SAAS,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,SAAS,EAAE;IACjF,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,gBAAgB,CAAC,CAAgB;IACzC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,SAAS,CAAuF;IACxG,OAAO,CAAC,cAAc,CAA8B;IACpD,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,YAAY,CAAe;IAGnC,SAAgB,MAAM,EAAG,gBAAgB,CAAC,QAAQ,CAAC,SAAS;QAAE,MAAM,EAAE,kBAAkB,CAAA;KAAE,GACtF,kBAAkB,GAClB,KAAK,CAAC;IACV,SAAgB,KAAK,EAAG,gBAAgB,CAAC,QAAQ,CAAC,SAAS;QAAE,KAAK,EAAE,iBAAiB,CAAA;KAAE,GACnF,iBAAiB,GACjB,KAAK,CAAC;IAGV,SAAgB,MAAM,EAAG,kBAAkB,CAAC;gBAEhC,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC;IAiD7C;;OAEG;YACW,eAAe;IA0B7B;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAczB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAgBzB;;OAEG;YACW,sBAAsB;IAmCpC;;OAEG;YACW,iBAAiB;IAQ/B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAyB9B;;OAEG;YACW,UAAU;IAkBxB;;OAEG;YACW,aAAa;IAoB3B;;;;OAIG;IACG,eAAe,CACnB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,mBAAmB,CAAC;IAI/B;;;;;;;;;;;OAWG;IACG,cAAc,CAClB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC,mBAAmB,CAAC;IAgC/B;;OAEG;YACW,iBAAiB;IA4E/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAS1B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS;IAI1C;;OAEG;IACH,iBAAiB,IAAI,OAAO,EAAE;IAI9B;;OAEG;IACH,eAAe,IAAI,OAAO,EAAE;IAM5B;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAKzD;;OAEG;IACH,kBAAkB,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC;IAU9C;;OAEG;IACH,SAAS,CACP,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,GAClC,MAAM,IAAI;IAIb;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,aAAa,IAAI,OAAO;IAIxB;;OAEG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG;QAAE,aAAa,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE,GAAG,SAAS;IAIvG;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIlD;;;;;;;;;;;;;;OAcG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKtD;;;;;;;;;;;;;;;;OAgBG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAgB9C;;;;;OAKG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAInE;;;;;;;;;;;;;;OAcG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAahD;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAcrE;;;;;OAKG;IACH,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKpC;;;OAGG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA2BzD;AA4DD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,wBAAgB,eAAe,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,EACnE,MAAM,EAAE,eAAe,CAAC,QAAQ,CAAC,GAChC,SAAS,CAAC,QAAQ,CAAC,CAwDrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAetD"}

package/dist/config/types.d.ts

@@ -88,6 +88,46 @@ export interface MCPClientConfig<TPlugins extends readonly MCPPlugin[]> {
      * @default true
      */
     autoCleanup?: boolean;
+    /**
+     * OAuth flow configuration
+     * Controls how OAuth authorization is handled (popup vs redirect)
+     *
+     * @example
+     * ```typescript
+     * const client = createMCPClient({
+     *   plugins: [githubPlugin({ ... })],
+     *   oauthFlow: {
+     *     mode: 'popup',
+     *     popupOptions: { width: 600, height: 700 }
+     *   }
+     * });
+     * ```
+     */
+    oauthFlow?: {
+        /** How to display OAuth authorization (default: 'redirect') */
+        mode?: 'popup' | 'redirect';
+        /** Popup window dimensions (only for popup mode) */
+        popupOptions?: {
+            width?: number;
+            height?: number;
+        };
+        /** Custom callback handler for receiving auth code */
+        onAuthCallback?: (provider: string, code: string, state: string) => Promise<void>;
+    };
+    /**
+     * Session token for authenticated requests
+     * Set automatically after OAuth flow completes
+     * Can be provided manually if you manage tokens externally
+     *
+     * @example
+     * ```typescript
+     * const client = createMCPClient({
+     *   plugins: [githubPlugin({ ... })],
+     *   sessionToken: 'existing-session-token'
+     * });
+     * ```
+     */
+    sessionToken?: string;
 }
 /**
  * Helper type to infer enabled tools from plugins

package/dist/config/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,iDAAiD;IACjD,KAAK,EAAE,mBAAmB,CAAC;IAC3B,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,aAAa,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;AAEnF;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE;IACpE,iCAAiC;IACjC,OAAO,EAAE,QAAQ,CAAC;IAElB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,yBAAyB;IACzB,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,aAAa,CAAC;IAEjC;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAE7C;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IACjE,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;AAEpC;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI;KACnE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;CAC/C,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,iDAAiD;IACjD,KAAK,EAAE,mBAAmB,CAAC;IAC3B,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,aAAa,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;AAEnF;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE;IACpE,iCAAiC;IACjC,OAAO,EAAE,QAAQ,CAAC;IAElB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,yBAAyB;IACzB,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,aAAa,CAAC;IAEjC;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAE7C;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;;;;;;;;;;;;OAcG;IACH,SAAS,CAAC,EAAE;QACV,+DAA+D;QAC/D,IAAI,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;QAC5B,oDAAoD;QACpD,YAAY,CAAC,EAAE;YACb,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,sDAAsD;QACtD,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KACnF,CAAC;IAEF;;;;;;;;;;;;OAYG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IACjE,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;AAEpC;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI;KACnE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;CAC/C,CAAC"}

package/dist/index.d.ts

@@ -4,6 +4,10 @@
  */
 export { MCPClient, createMCPClient, clearClientCache } from "./client.js";
 export type { ToolInvocationOptions } from "./client.js";
+export { OAuthManager } from "./oauth/manager.js";
+export { OAuthWindowManager, sendCallbackToOpener } from "./oauth/window-manager.js";
+export { generateCodeVerifier, generateCodeChallenge, generateState } from "./oauth/pkce.js";
+export type { OAuthFlowConfig, PopupOptions, AuthStatus, PendingAuth, AuthorizationUrlResponse, OAuthCallbackResponse, OAuthCallbackParams, } from "./oauth/types.js";
 export type { MCPClientConfig, ReauthContext, ReauthHandler } from "./config/types.js";
 export { IntegrateSDKError, AuthenticationError, AuthorizationError, TokenExpiredError, ConnectionError, ToolCallError, isAuthError, isTokenExpiredError, isAuthorizationError, parseServerError, } from "./errors.js";
 export type { MCPPlugin, OAuthConfig, ExtractPluginIds, ExtractPluginTools, } from "./plugins/types.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC3E,YAAY,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGzD,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGvF,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAE/F,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAG3F,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAErE,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAGrE,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAGhE,YAAY,EACV,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,OAAO,EACP,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,YAAY,EACV,cAAc,EACd,2BAA2B,GAC5B,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC3E,YAAY,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC7F,YAAY,EACV,eAAe,EACf,YAAY,EACZ,UAAU,EACV,WAAW,EACX,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGvF,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAE/F,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAG3F,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAErE,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAGrE,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAGhE,YAAY,EACV,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,OAAO,EACP,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,YAAY,EACV,cAAc,EACd,2BAA2B,GAC5B,MAAM,6BAA6B,CAAC"}

package/dist/index.js

@@ -335,6 +335,15 @@ class HttpSessionTransport {
   getSessionId() {
     return this.sessionId;
   }
+  setHeader(key, value) {
+    this.headers[key] = value;
+  }
+  removeHeader(key) {
+    delete this.headers[key];
+  }
+  getHeaders() {
+    return { ...this.headers };
+  }
 }
 
 // src/protocol/messages.ts
@@ -361,6 +370,357 @@ function methodToToolName(methodName, pluginId) {
   return `${pluginId}_${snakeCaseMethod}`;
 }
 
+// src/oauth/pkce.ts
+function generateCodeVerifier() {
+  const array = new Uint8Array(32);
+  if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+    crypto.getRandomValues(array);
+  } else if (typeof globalThis !== "undefined" && globalThis.crypto) {
+    globalThis.crypto.getRandomValues(array);
+  } else {
+    throw new Error("crypto.getRandomValues is not available. Please use Node.js 19+ or a modern browser.");
+  }
+  return base64UrlEncode(array);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder;
+  const data = encoder.encode(verifier);
+  let hashBuffer;
+  if (typeof crypto !== "undefined" && crypto.subtle) {
+    hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  } else if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle) {
+    hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", data);
+  } else {
+    throw new Error("crypto.subtle.digest is not available. Please use Node.js 19+ or a modern browser.");
+  }
+  return base64UrlEncode(new Uint8Array(hashBuffer));
+}
+function generateState() {
+  const array = new Uint8Array(16);
+  if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+    crypto.getRandomValues(array);
+  } else if (typeof globalThis !== "undefined" && globalThis.crypto) {
+    globalThis.crypto.getRandomValues(array);
+  } else {
+    throw new Error("crypto.getRandomValues is not available. Please use Node.js 19+ or a modern browser.");
+  }
+  return base64UrlEncode(array);
+}
+function base64UrlEncode(array) {
+  let base64 = "";
+  if (typeof Buffer !== "undefined") {
+    base64 = Buffer.from(array).toString("base64");
+  } else {
+    const binary = String.fromCharCode(...array);
+    base64 = btoa(binary);
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+
+// src/oauth/window-manager.ts
+function isBrowser() {
+  return typeof window !== "undefined" && typeof window.document !== "undefined";
+}
+
+class OAuthWindowManager {
+  popupWindow = null;
+  popupCheckInterval = null;
+  openPopup(url, options) {
+    if (!isBrowser()) {
+      throw new Error("OAuthWindowManager.openPopup() can only be used in browser environments");
+    }
+    const width = options?.width || 600;
+    const height = options?.height || 700;
+    const left = window.screenX + (window.outerWidth - width) / 2;
+    const top = window.screenY + (window.outerHeight - height) / 2;
+    const features = [
+      `width=${width}`,
+      `height=${height}`,
+      `left=${left}`,
+      `top=${top}`,
+      "toolbar=no",
+      "location=no",
+      "directories=no",
+      "status=no",
+      "menubar=no",
+      "scrollbars=yes",
+      "resizable=yes",
+      "copyhistory=no"
+    ].join(",");
+    this.popupWindow = window.open(url, "oauth_popup", features);
+    if (!this.popupWindow) {
+      console.warn("Popup was blocked by the browser. Please allow popups for this site.");
+      return null;
+    }
+    this.popupWindow.focus();
+    return this.popupWindow;
+  }
+  openRedirect(url) {
+    if (!isBrowser()) {
+      throw new Error("OAuthWindowManager.openRedirect() can only be used in browser environments");
+    }
+    window.location.href = url;
+  }
+  listenForCallback(mode, timeoutMs = 5 * 60 * 1000) {
+    if (mode === "popup") {
+      return this.listenForPopupCallback(timeoutMs);
+    } else {
+      return this.listenForRedirectCallback();
+    }
+  }
+  listenForPopupCallback(timeoutMs) {
+    if (!isBrowser()) {
+      return Promise.reject(new Error("OAuth popup callback can only be used in browser environments"));
+    }
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.cleanup();
+        reject(new Error("OAuth authorization timed out"));
+      }, timeoutMs);
+      const messageHandler = (event) => {
+        if (event.data && event.data.type === "oauth_callback") {
+          clearTimeout(timeout);
+          window.removeEventListener("message", messageHandler);
+          const { code, state, error } = event.data;
+          if (error) {
+            this.cleanup();
+            reject(new Error(`OAuth error: ${error}`));
+            return;
+          }
+          if (!code || !state) {
+            this.cleanup();
+            reject(new Error("Invalid OAuth callback: missing code or state"));
+            return;
+          }
+          this.cleanup();
+          resolve({ code, state });
+        }
+      };
+      window.addEventListener("message", messageHandler);
+      this.popupCheckInterval = setInterval(() => {
+        if (this.popupWindow?.closed) {
+          clearTimeout(timeout);
+          clearInterval(this.popupCheckInterval);
+          window.removeEventListener("message", messageHandler);
+          this.cleanup();
+          reject(new Error("OAuth popup was closed by user"));
+        }
+      }, 500);
+    });
+  }
+  listenForRedirectCallback() {
+    if (!isBrowser()) {
+      return Promise.reject(new Error("OAuth redirect callback can only be used in browser environments"));
+    }
+    return new Promise((resolve, reject) => {
+      const params = new URLSearchParams(window.location.search);
+      const code = params.get("code");
+      const state = params.get("state");
+      const error = params.get("error");
+      const errorDescription = params.get("error_description");
+      if (error) {
+        const errorMsg = errorDescription || error;
+        reject(new Error(`OAuth error: ${errorMsg}`));
+        return;
+      }
+      if (!code || !state) {
+        reject(new Error("Invalid OAuth callback: missing code or state in URL"));
+        return;
+      }
+      resolve({ code, state });
+    });
+  }
+  cleanup() {
+    if (this.popupWindow && !this.popupWindow.closed) {
+      this.popupWindow.close();
+    }
+    this.popupWindow = null;
+    if (this.popupCheckInterval) {
+      clearInterval(this.popupCheckInterval);
+      this.popupCheckInterval = null;
+    }
+  }
+  close() {
+    this.cleanup();
+  }
+}
+function sendCallbackToOpener(params) {
+  if (!isBrowser()) {
+    console.error("sendCallbackToOpener() can only be used in browser environments");
+    return;
+  }
+  if (!window.opener) {
+    console.error("No opener window found. This function should only be called from a popup window.");
+    return;
+  }
+  window.opener.postMessage({
+    type: "oauth_callback",
+    code: params.code,
+    state: params.state,
+    error: params.error
+  }, "*");
+  window.close();
+}
+
+// src/oauth/manager.ts
+class OAuthManager {
+  pendingAuths = new Map;
+  sessionToken;
+  windowManager;
+  flowConfig;
+  serverUrl;
+  constructor(serverUrl, flowConfig) {
+    this.serverUrl = serverUrl;
+    this.windowManager = new OAuthWindowManager;
+    this.flowConfig = {
+      mode: flowConfig?.mode || "redirect",
+      popupOptions: flowConfig?.popupOptions,
+      onAuthCallback: flowConfig?.onAuthCallback
+    };
+  }
+  async initiateFlow(provider, config) {
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = await generateCodeChallenge(codeVerifier);
+    const state = generateState();
+    const pendingAuth = {
+      provider,
+      state,
+      codeVerifier,
+      codeChallenge,
+      scopes: config.scopes,
+      redirectUri: config.redirectUri,
+      initiatedAt: Date.now()
+    };
+    this.pendingAuths.set(state, pendingAuth);
+    const authUrl = await this.getAuthorizationUrl(provider, config, state, codeChallenge);
+    if (this.flowConfig.mode === "popup") {
+      this.windowManager.openPopup(authUrl, this.flowConfig.popupOptions);
+      try {
+        const callbackParams = await this.windowManager.listenForCallback("popup");
+        await this.handleCallback(callbackParams.code, callbackParams.state);
+      } catch (error) {
+        this.pendingAuths.delete(state);
+        throw error;
+      }
+    } else {
+      this.windowManager.openRedirect(authUrl);
+    }
+  }
+  async handleCallback(code, state) {
+    const pendingAuth = this.pendingAuths.get(state);
+    if (!pendingAuth) {
+      throw new Error("Invalid state parameter: no matching OAuth flow found");
+    }
+    const fiveMinutes = 5 * 60 * 1000;
+    if (Date.now() - pendingAuth.initiatedAt > fiveMinutes) {
+      this.pendingAuths.delete(state);
+      throw new Error("OAuth flow expired: please try again");
+    }
+    if (this.flowConfig.onAuthCallback) {
+      try {
+        await this.flowConfig.onAuthCallback(pendingAuth.provider, code, state);
+      } catch (error) {
+        console.error("Custom OAuth callback handler failed:", error);
+      }
+    }
+    try {
+      const response = await this.exchangeCodeForToken(pendingAuth.provider, code, pendingAuth.codeVerifier, state);
+      this.sessionToken = response.sessionToken;
+      this.pendingAuths.delete(state);
+      return response.sessionToken;
+    } catch (error) {
+      this.pendingAuths.delete(state);
+      throw error;
+    }
+  }
+  async checkAuthStatus(provider) {
+    if (!this.sessionToken) {
+      return {
+        authorized: false,
+        provider
+      };
+    }
+    try {
+      const url = new URL("/oauth/status", this.serverUrl);
+      url.searchParams.set("provider", provider);
+      const response = await fetch(url.toString(), {
+        method: "GET",
+        headers: {
+          "X-Session-Token": this.sessionToken
+        }
+      });
+      if (!response.ok) {
+        return {
+          authorized: false,
+          provider
+        };
+      }
+      const status = await response.json();
+      return status;
+    } catch (error) {
+      console.error("Failed to check auth status:", error);
+      return {
+        authorized: false,
+        provider
+      };
+    }
+  }
+  getSessionToken() {
+    return this.sessionToken;
+  }
+  setSessionToken(token) {
+    this.sessionToken = token;
+  }
+  clearSessionToken() {
+    this.sessionToken = undefined;
+  }
+  async getAuthorizationUrl(provider, config, state, codeChallenge) {
+    const url = new URL("/oauth/authorize", this.serverUrl);
+    url.searchParams.set("provider", provider);
+    url.searchParams.set("client_id", config.clientId || "");
+    url.searchParams.set("scope", config.scopes.join(","));
+    url.searchParams.set("state", state);
+    url.searchParams.set("code_challenge", codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    if (config.redirectUri) {
+      url.searchParams.set("redirect_uri", config.redirectUri);
+    }
+    const response = await fetch(url.toString(), {
+      method: "GET"
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Failed to get authorization URL: ${error}`);
+    }
+    const data = await response.json();
+    return data.authorizationUrl;
+  }
+  async exchangeCodeForToken(provider, code, codeVerifier, state) {
+    const url = new URL("/oauth/callback", this.serverUrl);
+    const response = await fetch(url.toString(), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        provider,
+        code,
+        code_verifier: codeVerifier,
+        state
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Failed to exchange code for token: ${error}`);
+    }
+    const data = await response.json();
+    return data;
+  }
+  close() {
+    this.windowManager.close();
+  }
+}
+
 // src/client.ts
 var MCP_SERVER_URL = "https://mcp.integrate.dev/api/v1/mcp";
 var clientCache = new Map;
@@ -379,6 +739,7 @@ class MCPClient {
   authState = new Map;
   connectionMode;
   connecting = null;
+  oauthManager;
   github;
   gmail;
   server;
@@ -396,6 +757,11 @@ class MCPClient {
     this.onReauthRequired = config.onReauthRequired;
     this.maxReauthRetries = config.maxReauthRetries ?? 1;
     this.connectionMode = config.connectionMode ?? "lazy";
+    this.oauthManager = new OAuthManager(MCP_SERVER_URL, config.oauthFlow);
+    if (config.sessionToken) {
+      this.oauthManager.setSessionToken(config.sessionToken);
+      this.transport.setHeader("X-Session-Token", config.sessionToken);
+    }
     for (const plugin of this.plugins) {
       for (const toolName of plugin.tools) {
         this.enabledToolNames.add(toolName);
@@ -631,6 +997,49 @@ class MCPClient {
   isProviderAuthenticated(provider) {
     return this.authState.get(provider)?.authenticated ?? false;
   }
+  async isAuthorized(provider) {
+    const status = await this.oauthManager.checkAuthStatus(provider);
+    return status.authorized;
+  }
+  async authorizedProviders() {
+    const authorized = [];
+    for (const plugin of this.plugins) {
+      if (plugin.oauth) {
+        const status = await this.oauthManager.checkAuthStatus(plugin.oauth.provider);
+        if (status.authorized) {
+          authorized.push(plugin.oauth.provider);
+        }
+      }
+    }
+    return authorized;
+  }
+  async getAuthorizationStatus(provider) {
+    return await this.oauthManager.checkAuthStatus(provider);
+  }
+  async authorize(provider) {
+    const plugin = this.plugins.find((p) => p.oauth?.provider === provider);
+    if (!plugin?.oauth) {
+      throw new Error(`No OAuth configuration found for provider: ${provider}`);
+    }
+    await this.oauthManager.initiateFlow(provider, plugin.oauth);
+    this.authState.set(provider, { authenticated: true });
+  }
+  async handleOAuthCallback(params) {
+    const sessionToken = await this.oauthManager.handleCallback(params.code, params.state);
+    this.transport.setHeader("X-Session-Token", sessionToken);
+    for (const plugin of this.plugins) {
+      if (plugin.oauth) {
+        this.authState.set(plugin.oauth.provider, { authenticated: true });
+      }
+    }
+  }
+  getSessionToken() {
+    return this.oauthManager.getSessionToken();
+  }
+  setSessionToken(token) {
+    this.oauthManager.setSessionToken(token);
+    this.transport.setHeader("X-Session-Token", token);
+  }
   async reauthenticate(provider) {
     const state = this.authState.get(provider);
     if (!state) {
@@ -880,6 +1289,7 @@ function getVercelAITools(client) {
   return convertMCPToolsToVercelAI(client);
 }
 export {
+  sendCallbackToOpener,
   parseServerError,
   isTokenExpiredError,
   isAuthorizationError,
@@ -888,6 +1298,9 @@ export {
   githubPlugin,
   getVercelAITools,
   genericOAuthPlugin,
+  generateState,
+  generateCodeVerifier,
+  generateCodeChallenge,
   createSimplePlugin,
   createMCPClient,
   convertMCPToolsToVercelAI,
@@ -895,6 +1308,8 @@ export {
   clearClientCache,
   ToolCallError,
   TokenExpiredError,
+  OAuthWindowManager,
+  OAuthManager,
   MCPMethod,
   MCPClient,
   IntegrateSDKError,

package/dist/oauth/manager.d.ts

@@ -0,0 +1,91 @@
+/**
+ * OAuth Manager
+ * Orchestrates OAuth 2.0 Authorization Code Flow with PKCE
+ */
+import type { OAuthConfig } from "../plugins/types.js";
+import type { OAuthFlowConfig, AuthStatus } from "./types.js";
+/**
+ * OAuth Manager
+ * Handles OAuth authorization flows and token management
+ */
+export declare class OAuthManager {
+    private pendingAuths;
+    private sessionToken?;
+    private windowManager;
+    private flowConfig;
+    private serverUrl;
+    constructor(serverUrl: string, flowConfig?: Partial<OAuthFlowConfig>);
+    /**
+     * Initiate OAuth authorization flow
+     *
+     * @param provider - OAuth provider (github, gmail, etc.)
+     * @param config - OAuth configuration
+     * @returns Promise that resolves when authorization is complete
+     *
+     * @example
+     * ```typescript
+     * await oauthManager.initiateFlow('github', {
+     *   provider: 'github',
+     *   clientId: 'abc123',
+     *   clientSecret: 'secret',
+     *   scopes: ['repo', 'user']
+     * });
+     * ```
+     */
+    initiateFlow(provider: string, config: OAuthConfig): Promise<void>;
+    /**
+     * Handle OAuth callback
+     * Call this after user authorizes (from your callback page)
+     *
+     * @param code - Authorization code from OAuth provider
+     * @param state - State parameter for verification
+     * @returns Session token for authenticated requests
+     *
+     * @example
+     * ```typescript
+     * // In your callback route
+     * const sessionToken = await oauthManager.handleCallback(code, state);
+     * ```
+     */
+    handleCallback(code: string, state: string): Promise<string>;
+    /**
+     * Check authorization status for a provider
+     *
+     * @param provider - OAuth provider to check
+     * @returns Authorization status
+     *
+     * @example
+     * ```typescript
+     * const status = await oauthManager.checkAuthStatus('github');
+     * if (status.authorized) {
+     *   console.log('GitHub is authorized');
+     * }
+     * ```
+     */
+    checkAuthStatus(provider: string): Promise<AuthStatus>;
+    /**
+     * Get session token
+     */
+    getSessionToken(): string | undefined;
+    /**
+     * Set session token (for manual token management)
+     */
+    setSessionToken(token: string): void;
+    /**
+     * Clear session token
+     */
+    clearSessionToken(): void;
+    /**
+     * Request authorization URL from MCP server
+     */
+    private getAuthorizationUrl;
+    /**
+     * Exchange authorization code for session token
+     */
+    private exchangeCodeForToken;
+    /**
+     * Close any open OAuth windows
+     */
+    close(): void;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/oauth/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/oauth/manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EACV,eAAe,EAEf,UAAU,EAGX,MAAM,YAAY,CAAC;AAIpB;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,YAAY,CAAuC;IAC3D,OAAO,CAAC,YAAY,CAAC,CAAS;IAC9B,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,SAAS,CAAS;gBAGxB,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC;IAWvC;;;;;;;;;;;;;;;;OAgBG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAwCxE;;;;;;;;;;;;;OAaG;IACG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA8ClE;;;;;;;;;;;;;OAaG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAqC5D;;OAEG;IACH,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,iBAAiB,IAAI,IAAI;IAIzB;;OAEG;YACW,mBAAmB;IA+BjC;;OAEG;YACW,oBAAoB;IA8BlC;;OAEG;IACH,KAAK,IAAI,IAAI;CAGd"}

package/dist/oauth/pkce.d.ts

@@ -0,0 +1,47 @@
+/**
+ * PKCE Utilities
+ * Proof Key for Code Exchange (RFC 7636) implementation
+ *
+ * PKCE enhances OAuth 2.0 security by preventing authorization code interception attacks.
+ * It's especially important for public clients (browser/mobile apps).
+ */
+/**
+ * Generate a cryptographically secure random code verifier
+ * Must be 43-128 characters long, using [A-Z] [a-z] [0-9] - . _ ~
+ *
+ * @returns A random code verifier string
+ *
+ * @example
+ * ```typescript
+ * const verifier = generateCodeVerifier();
+ * // Returns: "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
+ * ```
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * Generate code challenge from verifier using SHA-256
+ *
+ * @param verifier - The code verifier to hash
+ * @returns A Promise resolving to the base64url-encoded SHA-256 hash
+ *
+ * @example
+ * ```typescript
+ * const verifier = generateCodeVerifier();
+ * const challenge = await generateCodeChallenge(verifier);
+ * // Returns: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
+ * ```
+ */
+export declare function generateCodeChallenge(verifier: string): Promise<string>;
+/**
+ * Generate a random state parameter for CSRF protection
+ *
+ * @returns A random state string
+ *
+ * @example
+ * ```typescript
+ * const state = generateState();
+ * // Returns: "xyzABC123"
+ * ```
+ */
+export declare function generateState(): string;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/oauth/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/oauth/pkce.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAgB7C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAqB7E;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAatC"}

package/dist/oauth/types.d.ts

@@ -0,0 +1,84 @@
+/**
+ * OAuth Flow Types
+ * Type definitions for OAuth 2.0 Authorization Code Flow with PKCE
+ */
+/**
+ * Popup window options for OAuth flow
+ */
+export interface PopupOptions {
+    /** Window width in pixels (default: 600) */
+    width?: number;
+    /** Window height in pixels (default: 700) */
+    height?: number;
+}
+/**
+ * OAuth flow configuration
+ */
+export interface OAuthFlowConfig {
+    /** How to display OAuth authorization */
+    mode: 'popup' | 'redirect';
+    /** Popup window dimensions (only for popup mode) */
+    popupOptions?: PopupOptions;
+    /** Custom callback handler for receiving auth code */
+    onAuthCallback?: (provider: string, code: string, state: string) => Promise<void>;
+}
+/**
+ * Authorization status for a provider
+ */
+export interface AuthStatus {
+    /** Whether the provider is authorized */
+    authorized: boolean;
+    /** The provider name */
+    provider: string;
+    /** Authorized scopes */
+    scopes?: string[];
+    /** Token expiration time */
+    expiresAt?: string;
+}
+/**
+ * Pending OAuth authorization
+ * Tracks in-progress OAuth flows
+ */
+export interface PendingAuth {
+    /** OAuth provider (github, gmail, etc.) */
+    provider: string;
+    /** CSRF protection state */
+    state: string;
+    /** PKCE code verifier */
+    codeVerifier: string;
+    /** PKCE code challenge */
+    codeChallenge: string;
+    /** OAuth scopes being requested */
+    scopes: string[];
+    /** Redirect URI */
+    redirectUri?: string;
+    /** Timestamp when auth was initiated */
+    initiatedAt: number;
+}
+/**
+ * OAuth authorization URL response from server
+ */
+export interface AuthorizationUrlResponse {
+    /** The full authorization URL to redirect user to */
+    authorizationUrl: string;
+}
+/**
+ * OAuth callback response from server
+ * Contains session token after successful authorization
+ */
+export interface OAuthCallbackResponse {
+    /** Session token for authenticated requests */
+    sessionToken: string;
+    /** Token expiration time */
+    expiresAt?: string;
+}
+/**
+ * Parameters for OAuth callback
+ */
+export interface OAuthCallbackParams {
+    /** Authorization code from OAuth provider */
+    code: string;
+    /** State parameter for CSRF protection */
+    state: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/oauth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/oauth/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,yCAAyC;IACzC,IAAI,EAAE,OAAO,GAAG,UAAU,CAAC;IAC3B,oDAAoD;IACpD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,sDAAsD;IACtD,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACnF;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yCAAyC;IACzC,UAAU,EAAE,OAAO,CAAC;IACpB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,4BAA4B;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,mCAAmC;IACnC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,mBAAmB;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,qDAAqD;IACrD,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,4BAA4B;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;CACf"}

package/dist/oauth/window-manager.d.ts

@@ -0,0 +1,103 @@
+/**
+ * OAuth Window Manager
+ * Handles OAuth authorization UI (popup windows and redirects)
+ */
+import type { PopupOptions, OAuthCallbackParams } from "./types.js";
+/**
+ * OAuth Window Manager
+ * Manages popup windows and redirect flows for OAuth authorization
+ *
+ * Note: This class should only be used in browser environments.
+ * Server-side usage will throw errors.
+ */
+export declare class OAuthWindowManager {
+    private popupWindow;
+    private popupCheckInterval;
+    /**
+     * Open OAuth authorization in a popup window
+     *
+     * @param url - The authorization URL to open
+     * @param options - Popup window dimensions
+     * @returns The opened popup window or null if blocked
+     *
+     * @example
+     * ```typescript
+     * const manager = new OAuthWindowManager();
+     * const popup = manager.openPopup(authUrl, { width: 600, height: 700 });
+     * ```
+     */
+    openPopup(url: string, options?: PopupOptions): Window | null;
+    /**
+     * Redirect current window to OAuth authorization URL
+     *
+     * @param url - The authorization URL to redirect to
+     *
+     * @example
+     * ```typescript
+     * const manager = new OAuthWindowManager();
+     * manager.openRedirect(authUrl);
+     * ```
+     */
+    openRedirect(url: string): void;
+    /**
+     * Listen for OAuth callback
+     * For popup: listens for postMessage from callback page
+     * For redirect: parses URL parameters after redirect back
+     *
+     * @param mode - The OAuth flow mode ('popup' or 'redirect')
+     * @param timeoutMs - Timeout in milliseconds (default: 5 minutes)
+     * @returns Promise resolving to callback parameters (code and state)
+     *
+     * @example
+     * ```typescript
+     * // For popup flow
+     * const params = await manager.listenForCallback('popup');
+     *
+     * // For redirect flow (after redirect back)
+     * const params = await manager.listenForCallback('redirect');
+     * ```
+     */
+    listenForCallback(mode: 'popup' | 'redirect', timeoutMs?: number): Promise<OAuthCallbackParams>;
+    /**
+     * Listen for callback from popup window via postMessage
+     */
+    private listenForPopupCallback;
+    /**
+     * Parse callback parameters from current URL (for redirect flow)
+     */
+    private listenForRedirectCallback;
+    /**
+     * Clean up popup window and intervals
+     */
+    private cleanup;
+    /**
+     * Close any open popup windows
+     * Call this when aborting the OAuth flow
+     */
+    close(): void;
+}
+/**
+ * Helper function to send callback data from callback page to opener window
+ * Call this in your OAuth callback page
+ *
+ * @param params - The callback parameters from URL
+ *
+ * @example
+ * ```typescript
+ * // In your callback page (e.g., /oauth/callback.html)
+ * import { sendCallbackToOpener } from '@integrate/sdk';
+ *
+ * const params = new URLSearchParams(window.location.search);
+ * sendCallbackToOpener({
+ *   code: params.get('code'),
+ *   state: params.get('state'),
+ *   error: params.get('error')
+ * });
+ * ```
+ */
+export declare function sendCallbackToOpener(params: {
+    code: string | null;
+    state: string | null;
+    error?: string | null;
+}): void;
+//# sourceMappingURL=window-manager.d.ts.map

package/dist/oauth/window-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"window-manager.d.ts","sourceRoot":"","sources":["../../src/oauth/window-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AASpE;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,kBAAkB,CAA+C;IAEzE;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,MAAM,GAAG,IAAI;IAwC7D;;;;;;;;;;OAUG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAQ/B;;;;;;;;;;;;;;;;;OAiBG;IACH,iBAAiB,CACf,IAAI,EAAE,OAAO,GAAG,UAAU,EAC1B,SAAS,GAAE,MAAsB,GAChC,OAAO,CAAC,mBAAmB,CAAC;IAQ/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuD9B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA4BjC;;OAEG;IACH,OAAO,CAAC,OAAO;IAYf;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE;IAC3C,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,GAAG,IAAI,CAwBP"}

package/dist/transport/http-session.d.ts

@@ -63,5 +63,28 @@ export declare class HttpSessionTransport {
      * Get current session ID
      */
     getSessionId(): string | undefined;
+    /**
+     * Set a custom header for all requests
+     * Used for session tokens and other auth headers
+     *
+     * @param key - Header name
+     * @param value - Header value
+     *
+     * @example
+     * ```typescript
+     * transport.setHeader('X-Session-Token', 'abc123');
+     * ```
+     */
+    setHeader(key: string, value: string): void;
+    /**
+     * Remove a custom header
+     *
+     * @param key - Header name to remove
+     */
+    removeHeader(key: string): void;
+    /**
+     * Get all current headers
+     */
+    getHeaders(): Record<string, string>;
 }
 //# sourceMappingURL=http-session.d.ts.map

package/dist/transport/http-session.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http-session.d.ts","sourceRoot":"","sources":["../../src/transport/http-session.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAEV,eAAe,EACf,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AAGjC,MAAM,MAAM,cAAc,GAAG,CAC3B,OAAO,EAAE,eAAe,GAAG,mBAAmB,KAC3C,IAAI,CAAC;AAEV,MAAM,WAAW,2BAA2B;IAC1C,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAAkC;IACzD,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAC,CAAkB;IACxC,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,EAAE,2BAA2B;IAMhD;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAS9B;;OAEG;IACG,WAAW,CAAC,CAAC,GAAG,OAAO,EAC3B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC,CAAC,CAAC;IAsFb;;OAEG;YACW,gBAAgB;IAiC9B;;OAEG;YACW,gBAAgB;IAiC9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiB1B;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,IAAI;IAS9C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;CAGnC"}
+{"version":3,"file":"http-session.d.ts","sourceRoot":"","sources":["../../src/transport/http-session.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAEV,eAAe,EACf,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AAGjC,MAAM,MAAM,cAAc,GAAG,CAC3B,OAAO,EAAE,eAAe,GAAG,mBAAmB,KAC3C,IAAI,CAAC;AAEV,MAAM,WAAW,2BAA2B;IAC1C,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAAkC;IACzD,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAC,CAAkB;IACxC,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,EAAE,2BAA2B;IAMhD;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAS9B;;OAEG;IACG,WAAW,CAAC,CAAC,GAAG,OAAO,EAC3B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC,CAAC,CAAC;IAsFb;;OAEG;YACW,gBAAgB;IAiC9B;;OAEG;YACW,gBAAgB;IAiC9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiB1B;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,IAAI;IAS9C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAI3C;;;;OAIG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,UAAU,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CAGrC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "integrate-sdk",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Type-safe TypeScript SDK for MCP Client with plugin-based OAuth provider configuration",
   "type": "module",
   "main": "./dist/index.js",
@@ -28,11 +28,11 @@
     "build:types": "tsc --emitDeclarationOnly --declaration --declarationMap",
     "dev": "bun --watch src/index.ts",
     "type-check": "tsc --noEmit",
-    "test": "bun test tests/protocol tests/plugins tests/client tests/integrations tests/integration/simple-integration.test.ts",
-    "test:watch": "bun test --watch tests/protocol tests/plugins tests/client tests/integrations tests/integration/simple-integration.test.ts",
-    "test:unit": "bun test tests/protocol tests/plugins tests/client tests/integrations",
+    "test": "bun test tests/",
+    "test:watch": "bun test --watch tests/",
+    "test:unit": "bun test tests/protocol tests/plugins tests/client tests/integrations tests/oauth tests/transport tests/utils tests/errors",
     "test:integration": "bun test tests/integration/simple-integration.test.ts",
-    "test:coverage": "bun test --coverage tests/protocol tests/plugins tests/client tests/integrations tests/integration/simple-integration.test.ts",
+    "test:coverage": "bun test --coverage tests/",
     "prepare": "simple-git-hooks"
   },
   "keywords": [