integrate-sdk 0.9.42-dev.0 → 0.9.44-dev.0

package/dist/index.js

@@ -1671,99 +1671,402 @@ class IndexedDBStorage {
 
 // src/oauth/email-fetcher.ts
 var logger3 = createLogger("EmailFetcher");
+var EMAIL_FETCHERS = {
+  github: fetchGitHubEmail,
+  gmail: fetchGoogleEmail,
+  google: fetchGoogleEmail,
+  gcal: fetchGoogleEmail,
+  gdrive: fetchGoogleEmail,
+  gdocs: fetchGoogleEmail,
+  gsheets: fetchGoogleEmail,
+  gslides: fetchGoogleEmail,
+  gcontacts: fetchGoogleEmail,
+  gmeet: fetchGoogleEmail,
+  gchat: fetchGoogleEmail,
+  gtasks: fetchGoogleEmail,
+  ga4: fetchGoogleEmail,
+  youtube: fetchGoogleEmail,
+  notion: fetchNotionEmail,
+  linear: fetchLinearEmail,
+  hubspot: fetchHubSpotEmail,
+  polar: fetchPolarEmail,
+  todoist: fetchTodoistEmail,
+  vercel: fetchVercelEmail,
+  slack: fetchSlackEmail,
+  intercom: fetchIntercomEmail,
+  jira: fetchAtlassianEmail,
+  zendesk: fetchZendeskEmail,
+  airtable: fetchAirtableEmail,
+  discord: fetchDiscordEmail,
+  dropbox: fetchDropboxEmail,
+  gitlab: fetchGitLabEmail,
+  reddit: fetchRedditEmail,
+  outlook: fetchMicrosoftEmail,
+  teams: fetchMicrosoftEmail,
+  onedrive: fetchMicrosoftEmail,
+  sharepoint: fetchMicrosoftEmail,
+  excel: fetchMicrosoftEmail,
+  word: fetchMicrosoftEmail,
+  powerpoint: fetchMicrosoftEmail,
+  planner: fetchMicrosoftEmail
+};
 async function fetchUserEmail(provider, tokenData) {
+  const fetcher = EMAIL_FETCHERS[provider.toLowerCase()];
+  if (!fetcher) {
+    return tokenData.email;
+  }
   try {
-    switch (provider.toLowerCase()) {
-      case "github":
-        return await fetchGitHubEmail(tokenData.accessToken);
-      case "gmail":
-      case "google":
-        return await fetchGoogleEmail(tokenData.accessToken);
-      case "notion":
-        return await fetchNotionEmail(tokenData.accessToken);
-      default:
-        return tokenData.email;
-    }
+    const email = await fetcher(tokenData);
+    return email ?? tokenData.email;
   } catch (error) {
     logger3.error(`Failed to fetch email for ${provider}:`, error);
-    return;
+    return tokenData.email;
   }
 }
-async function fetchGitHubEmail(accessToken) {
-  try {
-    const userResponse = await fetch("https://api.github.com/user", {
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        Accept: "application/vnd.github.v3+json"
-      }
-    });
-    if (!userResponse.ok) {
-      return;
-    }
-    const user = await userResponse.json();
-    if (user.email) {
-      return user.email;
-    }
-    const emailsResponse = await fetch("https://api.github.com/user/emails", {
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        Accept: "application/vnd.github.v3+json"
-      }
-    });
-    if (!emailsResponse.ok) {
-      return;
+async function fetchGitHubEmail(token) {
+  const headers = {
+    Authorization: `Bearer ${token.accessToken}`,
+    Accept: "application/vnd.github.v3+json"
+  };
+  const userResponse = await fetch("https://api.github.com/user", { headers });
+  if (!userResponse.ok)
+    return;
+  const user = await userResponse.json();
+  if (user.email)
+    return user.email;
+  const emailsResponse = await fetch("https://api.github.com/user/emails", { headers });
+  if (!emailsResponse.ok)
+    return;
+  const emails = await emailsResponse.json();
+  const primary = emails.find((e) => e.primary && e.verified);
+  if (primary)
+    return primary.email;
+  const verified = emails.find((e) => e.verified);
+  if (verified)
+    return verified.email;
+  return emails[0]?.email;
+}
+async function fetchGoogleEmail(token) {
+  const response = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const user = await response.json();
+  return user.email;
+}
+async function fetchNotionEmail(token) {
+  const response = await fetch("https://api.notion.com/v1/users/me", {
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      "Notion-Version": "2022-06-28"
     }
-    const emails = await emailsResponse.json();
-    const primaryEmail = emails.find((e) => e.primary && e.verified);
-    if (primaryEmail) {
-      return primaryEmail.email;
+  });
+  if (!response.ok)
+    return;
+  const user = await response.json();
+  return user.person?.email ?? user.bot?.owner?.user?.person?.email;
+}
+async function fetchLinearEmail(token) {
+  const response = await fetch("https://api.linear.app/graphql", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ query: "{ viewer { email } }" })
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.data?.viewer?.email;
+}
+async function fetchHubSpotEmail(token) {
+  const url = `https://api.hubapi.com/oauth/v1/access-tokens/${encodeURIComponent(token.accessToken)}`;
+  const response = await fetch(url);
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.user;
+}
+async function fetchPolarEmail(token) {
+  const response = await fetch("https://api.polar.sh/v1/oauth2/userinfo", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchTodoistEmail(token) {
+  const response = await fetch("https://api.todoist.com/sync/v9/sync", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: 'sync_token=*&resource_types=["user"]'
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.user?.email;
+}
+async function fetchVercelEmail(token) {
+  const response = await fetch("https://api.vercel.com/v2/user", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.user?.email ?? body.email;
+}
+async function fetchSlackEmail(token) {
+  const response = await fetch("https://slack.com/api/users.identity", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  if (!body.ok)
+    return;
+  return body.user?.email;
+}
+async function fetchIntercomEmail(token) {
+  const response = await fetch("https://api.intercom.io/me", {
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      Accept: "application/json"
     }
-    const verifiedEmail = emails.find((e) => e.verified);
-    if (verifiedEmail) {
-      return verifiedEmail.email;
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchAtlassianEmail(token) {
+  const response = await fetch("https://api.atlassian.com/me", {
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      Accept: "application/json"
     }
-    if (emails.length > 0 && emails[0]?.email) {
-      return emails[0].email;
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchZendeskEmail(token) {
+  const subdomain = token.providerConfig?.subdomain?.trim();
+  if (!subdomain)
+    return;
+  const response = await fetch(`https://${subdomain}.zendesk.com/api/v2/users/me.json`, {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.user?.email;
+}
+async function fetchAirtableEmail(token) {
+  const response = await fetch("https://api.airtable.com/v0/meta/whoami", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchDiscordEmail(token) {
+  const response = await fetch("https://discord.com/api/users/@me", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchDropboxEmail(token) {
+  const response = await fetch("https://api.dropboxapi.com/2/users/get_current_account", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`
+    },
+    body: "null"
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchGitLabEmail(token) {
+  const response = await fetch("https://gitlab.com/api/v4/user", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
+    return;
+  const body = await response.json();
+  return body.email;
+}
+async function fetchRedditEmail(token) {
+  const response = await fetch("https://oauth.reddit.com/api/v1/me", {
+    headers: {
+      Authorization: `Bearer ${token.accessToken}`,
+      "User-Agent": "integrate-sdk"
     }
+  });
+  if (!response.ok)
     return;
-  } catch (error) {
-    logger3.error("Failed to fetch GitHub email:", error);
+  const body = await response.json();
+  return body.name;
+}
+async function fetchMicrosoftEmail(token) {
+  const response = await fetch("https://graph.microsoft.com/v1.0/me", {
+    headers: { Authorization: `Bearer ${token.accessToken}` }
+  });
+  if (!response.ok)
     return;
+  const body = await response.json();
+  return body.mail ?? body.userPrincipalName;
+}
+
+// src/oauth/refresh.ts
+class RefreshRejectedError extends Error {
+  provider;
+  constructor(provider, message) {
+    super(message ?? `OAuth refresh rejected (invalid_grant) for ${provider}`);
+    this.name = "RefreshRejectedError";
+    this.provider = provider;
   }
 }
-async function fetchGoogleEmail(accessToken) {
-  try {
-    const response = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
-      headers: {
-        Authorization: `Bearer ${accessToken}`
+
+class RefreshTransientError extends Error {
+  provider;
+  constructor(provider, message) {
+    super(message);
+    this.name = "RefreshTransientError";
+    this.provider = provider;
+  }
+}
+var DEFAULT_REFRESH_WINDOW_MS = 2 * 60 * 1000;
+function shouldRefreshToken(tokenData, windowMs = DEFAULT_REFRESH_WINDOW_MS) {
+  if (!tokenData || !tokenData.refreshToken || !tokenData.expiresAt) {
+    return false;
+  }
+  const expiresAtMs = Date.parse(tokenData.expiresAt);
+  if (Number.isNaN(expiresAtMs)) {
+    return false;
+  }
+  return expiresAtMs - Date.now() <= windowMs;
+}
+async function refreshViaMcp(opts) {
+  const url = new URL("/oauth/refresh", opts.serverUrl);
+  const body = {
+    provider: opts.provider,
+    refresh_token: opts.refreshToken,
+    client_id: opts.clientId
+  };
+  if (opts.clientSecret) {
+    body.client_secret = opts.clientSecret;
+  }
+  if (opts.subdomain) {
+    body.subdomain = opts.subdomain;
+  }
+  if (opts.extraConfig) {
+    for (const [key, value] of Object.entries(opts.extraConfig)) {
+      if (body[key] === undefined) {
+        body[key] = value;
       }
+    }
+  }
+  const headers = { "Content-Type": "application/json" };
+  if (opts.apiKey) {
+    headers["X-API-KEY"] = opts.apiKey;
+  }
+  let response;
+  try {
+    response = await fetch(url.toString(), {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body),
+      signal: opts.signal
     });
-    if (!response.ok) {
-      return;
+  } catch (err) {
+    throw new RefreshTransientError(opts.provider, `Network error refreshing ${opts.provider} token: ${err.message}`);
+  }
+  if (response.status === 401) {
+    let parsed = {};
+    try {
+      parsed = await response.json();
+    } catch {}
+    if (parsed.error === "invalid_grant") {
+      throw new RefreshRejectedError(opts.provider);
     }
-    const user = await response.json();
-    return user.email;
-  } catch (error) {
-    logger3.error("Failed to fetch Google email:", error);
-    return;
+    throw new RefreshTransientError(opts.provider, `Refresh endpoint returned 401`);
   }
+  if (!response.ok) {
+    let text = "";
+    try {
+      text = await response.text();
+    } catch {}
+    throw new RefreshTransientError(opts.provider, `Refresh endpoint returned ${response.status}: ${text || "<no body>"}`);
+  }
+  let result;
+  try {
+    result = await response.json();
+  } catch (err) {
+    throw new RefreshTransientError(opts.provider, `Malformed refresh response: ${err.message}`);
+  }
+  if (!result.accessToken) {
+    throw new RefreshTransientError(opts.provider, `Refresh response missing access_token`);
+  }
+  if (!result.refreshToken) {
+    result.refreshToken = opts.refreshToken;
+  }
+  return result;
 }
-async function fetchNotionEmail(accessToken) {
+async function resolveAccessToken(opts) {
+  const { provider, currentTokens, force = false } = opts;
+  const needsRefresh = force || shouldRefreshToken(currentTokens, opts.windowMs);
+  if (!needsRefresh || !currentTokens.refreshToken) {
+    return currentTokens.accessToken;
+  }
   try {
-    const response = await fetch("https://api.notion.com/v1/users/me", {
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        "Notion-Version": "2022-06-28"
-      }
+    const refreshed = await refreshViaMcp({
+      provider,
+      refreshToken: currentTokens.refreshToken,
+      clientId: opts.providerOAuth.clientId,
+      clientSecret: opts.providerOAuth.clientSecret,
+      subdomain: opts.providerOAuth.subdomain,
+      extraConfig: opts.providerOAuth.extraConfig,
+      serverUrl: opts.serverUrl,
+      apiKey: opts.apiKey
     });
-    if (!response.ok) {
-      return;
+    const updated = {
+      ...currentTokens,
+      accessToken: refreshed.accessToken,
+      refreshToken: refreshed.refreshToken ?? currentTokens.refreshToken,
+      tokenType: refreshed.tokenType || currentTokens.tokenType,
+      expiresIn: refreshed.expiresIn ?? currentTokens.expiresIn,
+      expiresAt: refreshed.expiresAt ?? currentTokens.expiresAt,
+      scopes: refreshed.scopes && refreshed.scopes.length > 0 ? refreshed.scopes : currentTokens.scopes
+    };
+    if (opts.setProviderToken) {
+      try {
+        await opts.setProviderToken(provider, updated, updated.email, opts.context);
+      } catch {}
     }
-    const user = await response.json();
-    return user.person?.email;
-  } catch (error) {
-    logger3.error("Failed to fetch Notion email:", error);
-    return;
+    return updated.accessToken;
+  } catch (err) {
+    if (err instanceof RefreshRejectedError) {
+      if (opts.setProviderToken) {
+        try {
+          await opts.setProviderToken(provider, null, currentTokens.email, opts.context);
+        } catch {}
+      }
+      throw err;
+    }
+    return currentTokens.accessToken;
   }
 }
 
@@ -1782,7 +2085,10 @@ class OAuthManager {
   removeTokenCallback;
   indexedDBStorage;
   skipLocalStorage = false;
-  constructor(oauthApiBase, flowConfig, apiBaseUrl, tokenCallbacks) {
+  providerOAuth = {};
+  mcpServerUrl;
+  mcpApiKey;
+  constructor(oauthApiBase, flowConfig, apiBaseUrl, tokenCallbacks, refreshConfig) {
     this.oauthApiBase = oauthApiBase;
     this.apiBaseUrl = apiBaseUrl;
     this.windowManager = new OAuthWindowManager;
@@ -1794,6 +2100,9 @@ class OAuthManager {
     this.getTokenCallback = tokenCallbacks?.getProviderToken;
     this.setTokenCallback = tokenCallbacks?.setProviderToken;
     this.removeTokenCallback = tokenCallbacks?.removeProviderToken;
+    this.providerOAuth = refreshConfig?.providers ?? {};
+    this.mcpServerUrl = refreshConfig?.mcpServerUrl;
+    this.mcpApiKey = refreshConfig?.apiKey;
     this.indexedDBStorage = new IndexedDBStorage;
     this.cleanupExpiredPendingAuths();
   }
@@ -2003,7 +2312,9 @@ class OAuthManager {
       try {
         const tokenData = await this.getTokenCallback(provider, email, context);
         if (tokenData) {
-          this.providerTokens.set(provider, tokenData);
+          const refreshed = await this.maybeRefreshTokenData(provider, tokenData, context);
+          this.providerTokens.set(provider, refreshed);
+          return refreshed;
         }
         return tokenData;
       } catch (error) {
@@ -2043,6 +2354,59 @@ class OAuthManager {
     }
     await this.saveProviderToken(provider, tokenData, tokenEmail, context);
   }
+  configureTokenRefresh(refreshConfig) {
+    if (refreshConfig.providers) {
+      this.providerOAuth = refreshConfig.providers;
+    }
+    if (refreshConfig.mcpServerUrl !== undefined) {
+      this.mcpServerUrl = refreshConfig.mcpServerUrl;
+    }
+    if (refreshConfig.apiKey !== undefined) {
+      this.mcpApiKey = refreshConfig.apiKey;
+    }
+  }
+  async maybeRefreshTokenData(provider, tokenData, context) {
+    const credentials = this.providerOAuth[provider];
+    const serverUrl = this.mcpServerUrl;
+    if (!credentials || !serverUrl) {
+      return tokenData;
+    }
+    if (!shouldRefreshToken(tokenData)) {
+      return tokenData;
+    }
+    try {
+      const newAccessToken = await resolveAccessToken({
+        provider,
+        currentTokens: tokenData,
+        providerOAuth: {
+          clientId: credentials.clientId,
+          clientSecret: credentials.clientSecret,
+          subdomain: credentials.config?.subdomain
+        },
+        serverUrl,
+        apiKey: this.mcpApiKey,
+        setProviderToken: this.setTokenCallback,
+        context
+      });
+      if (newAccessToken === tokenData.accessToken) {
+        return tokenData;
+      }
+      if (this.getTokenCallback) {
+        try {
+          const reloaded = await this.getTokenCallback(provider, tokenData.email, context);
+          if (reloaded) {
+            return reloaded;
+          }
+        } catch {}
+      }
+      return { ...tokenData, accessToken: newAccessToken };
+    } catch (err) {
+      if (err instanceof RefreshRejectedError) {
+        throw err;
+      }
+      return tokenData;
+    }
+  }
   clearProviderToken(provider) {
     this.providerTokens.delete(provider);
     if (!this.setTokenCallback && !this.removeTokenCallback && !this.skipLocalStorage) {
@@ -2501,10 +2865,26 @@ class MCPClientBase {
     };
     this.onReauthRequired = config.onReauthRequired;
     this.maxReauthRetries = config.maxReauthRetries ?? 1;
+    const refreshProviders = {};
+    for (const integration of this.integrations) {
+      const oauth = integration?.oauth;
+      if (oauth?.clientId && oauth?.provider) {
+        refreshProviders[oauth.provider] = {
+          clientId: oauth.clientId,
+          clientSecret: oauth.clientSecret,
+          config: oauth.config
+        };
+      }
+    }
+    const mcpServerUrl = config.serverUrl;
     this.oauthManager = new OAuthManager(oauthApiBase, config.oauthFlow, this.apiBaseUrl, {
       getProviderToken: config.getProviderToken,
       setProviderToken: config.setProviderToken,
       removeProviderToken: config.removeProviderToken
+    }, {
+      providers: refreshProviders,
+      mcpServerUrl,
+      apiKey: config.apiKey
     });
     this.setSessionToken(config.sessionToken || this.loadSessionTokenFromStorage());
     for (const integration of this.integrations) {
@@ -9041,12 +9421,15 @@ export {
   supabaseIntegration,
   stripeIntegration,
   slackIntegration,
+  shouldRefreshToken,
   shopifyIntegration,
   sharepointIntegration,
   sentryIntegration,
   sendCallbackToOpener,
   salesforceIntegration,
+  resolveAccessToken,
   resendIntegration,
+  refreshViaMcp,
   redisIntegration,
   redditIntegration,
   rampIntegration,
@@ -9135,6 +9518,8 @@ export {
   TriggerClient,
   ToolCallError,
   TokenExpiredError,
+  RefreshTransientError,
+  RefreshRejectedError,
   OAuthWindowManager,
   OAuthManager,
   OAuthHandler,
@@ -9144,6 +9529,7 @@ export {
   IntegrateSDKError,
   INTEGRATION_CATEGORY_ORDER,
   HttpSessionTransport,
+  DEFAULT_REFRESH_WINDOW_MS,
   ConnectionError,
   AuthorizationError,
   AuthenticationError