mcp-creatio 0.6.2 → 0.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +233 -164
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +22 -10
- package/dist/cli.js.map +1 -1
- package/dist/config-builder.d.ts +8 -0
- package/dist/config-builder.d.ts.map +1 -1
- package/dist/config-builder.js +147 -43
- package/dist/config-builder.js.map +1 -1
- package/dist/consts.d.ts.map +1 -1
- package/dist/consts.js +2 -1
- package/dist/consts.js.map +1 -1
- package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
- package/dist/creatio/auth/auth-manager.js +5 -2
- package/dist/creatio/auth/auth-manager.js.map +1 -1
- package/dist/creatio/auth/auth.d.ts +4 -31
- package/dist/creatio/auth/auth.d.ts.map +1 -1
- package/dist/creatio/auth/auth.js +20 -26
- package/dist/creatio/auth/auth.js.map +1 -1
- package/dist/creatio/auth/constants.d.ts +14 -0
- package/dist/creatio/auth/constants.d.ts.map +1 -0
- package/dist/creatio/auth/constants.js +20 -0
- package/dist/creatio/auth/constants.js.map +1 -0
- package/dist/creatio/auth/contracts.d.ts +15 -0
- package/dist/creatio/auth/contracts.d.ts.map +1 -0
- package/dist/creatio/auth/contracts.js +3 -0
- package/dist/creatio/auth/contracts.js.map +1 -0
- package/dist/creatio/auth/headers.d.ts +3 -0
- package/dist/creatio/auth/headers.d.ts.map +1 -0
- package/dist/creatio/auth/headers.js +15 -0
- package/dist/creatio/auth/headers.js.map +1 -0
- package/dist/creatio/auth/identity.d.ts +8 -0
- package/dist/creatio/auth/identity.d.ts.map +1 -0
- package/dist/creatio/auth/identity.js +18 -0
- package/dist/creatio/auth/identity.js.map +1 -0
- package/dist/creatio/auth/index.d.ts +4 -3
- package/dist/creatio/auth/index.d.ts.map +1 -1
- package/dist/creatio/auth/index.js +5 -3
- package/dist/creatio/auth/index.js.map +1 -1
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
- package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
- package/dist/creatio/auth/providers/base-provider.js +1 -1
- package/dist/creatio/auth/providers/base-provider.js.map +1 -1
- package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
- package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/broker-provider.js +72 -0
- package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
- package/dist/creatio/auth/providers/index.d.ts +3 -1
- package/dist/creatio/auth/providers/index.d.ts.map +1 -1
- package/dist/creatio/auth/providers/index.js +3 -1
- package/dist/creatio/auth/providers/index.js.map +1 -1
- package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
- package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
- package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
- package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
- package/dist/creatio/auth/providers/type.d.ts +20 -1
- package/dist/creatio/auth/providers/type.d.ts.map +1 -1
- package/dist/creatio/auth/providers/type.js +22 -2
- package/dist/creatio/auth/providers/type.js.map +1 -1
- package/dist/creatio/client-config.d.ts +26 -5
- package/dist/creatio/client-config.d.ts.map +1 -1
- package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
- package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
- package/dist/creatio/engines/admin-operation-engine.js +3 -3
- package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
- package/dist/creatio/engines/configuration-engine.d.ts +1 -1
- package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
- package/dist/creatio/engines/configuration-engine.js +3 -3
- package/dist/creatio/engines/configuration-engine.js.map +1 -1
- package/dist/creatio/engines/crud-engine.d.ts +1 -1
- package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
- package/dist/creatio/engines/crud-engine.js +4 -4
- package/dist/creatio/engines/crud-engine.js.map +1 -1
- package/dist/creatio/engines/engine-manager.d.ts +1 -2
- package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
- package/dist/creatio/engines/engine-manager.js +4 -10
- package/dist/creatio/engines/engine-manager.js.map +1 -1
- package/dist/creatio/engines/engine.d.ts.map +1 -1
- package/dist/creatio/engines/engine.js +12 -1
- package/dist/creatio/engines/engine.js.map +1 -1
- package/dist/creatio/engines/feature-engine.d.ts +1 -1
- package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
- package/dist/creatio/engines/feature-engine.js +3 -3
- package/dist/creatio/engines/feature-engine.js.map +1 -1
- package/dist/creatio/engines/process-engine.d.ts +1 -1
- package/dist/creatio/engines/process-engine.d.ts.map +1 -1
- package/dist/creatio/engines/process-engine.js +3 -3
- package/dist/creatio/engines/process-engine.js.map +1 -1
- package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
- package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
- package/dist/creatio/engines/sys-settings-engine.js +3 -3
- package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
- package/dist/creatio/engines/user-engine.d.ts +1 -1
- package/dist/creatio/engines/user-engine.d.ts.map +1 -1
- package/dist/creatio/engines/user-engine.js +3 -3
- package/dist/creatio/engines/user-engine.js.map +1 -1
- package/dist/creatio/services/creatio-service-context.d.ts +1 -1
- package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
- package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
- package/dist/creatio/services/crud-provider-factory.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +3 -3
- package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-crud-provider.js +5 -5
- package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
- package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-schema.d.ts +3 -3
- package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-schema.js +19 -17
- package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-transport.d.ts +1 -1
- package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-transport.js +3 -3
- package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
- package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
- package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
- package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
- package/dist/creatio/services/http-client.d.ts +13 -0
- package/dist/creatio/services/http-client.d.ts.map +1 -1
- package/dist/creatio/services/http-client.js +26 -2
- package/dist/creatio/services/http-client.js.map +1 -1
- package/dist/creatio/services/identifiers.d.ts +10 -0
- package/dist/creatio/services/identifiers.d.ts.map +1 -0
- package/dist/creatio/services/identifiers.js +20 -0
- package/dist/creatio/services/identifiers.js.map +1 -0
- package/dist/creatio/services/odata/metadata-store.d.ts +6 -2
- package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
- package/dist/creatio/services/odata/metadata-store.js +30 -34
- package/dist/creatio/services/odata/metadata-store.js.map +1 -1
- package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
- package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
- package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
- package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
- package/dist/creatio/services/odata/odata-query-translator.js +32 -20
- package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
- package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
- package/dist/creatio/services/user-info-provider.js +2 -2
- package/dist/creatio/services/user-info-provider.js.map +1 -1
- package/dist/index.js +30 -4
- package/dist/index.js.map +1 -1
- package/dist/log.d.ts +1 -1
- package/dist/log.d.ts.map +1 -1
- package/dist/log.js +2 -1
- package/dist/log.js.map +1 -1
- package/dist/server/bearer/base-url-guard.d.ts +20 -0
- package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
- package/dist/server/bearer/base-url-guard.js +55 -0
- package/dist/server/bearer/base-url-guard.js.map +1 -0
- package/dist/server/bearer/bearer-edge.d.ts +42 -0
- package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
- package/dist/server/bearer/bearer-edge.js +122 -0
- package/dist/server/bearer/bearer-edge.js.map +1 -0
- package/dist/server/bearer/bearer-token.d.ts +27 -0
- package/dist/server/bearer/bearer-token.d.ts.map +1 -0
- package/dist/server/bearer/bearer-token.js +50 -0
- package/dist/server/bearer/bearer-token.js.map +1 -0
- package/dist/server/bearer/index.d.ts +3 -0
- package/dist/server/bearer/index.d.ts.map +1 -0
- package/dist/server/bearer/index.js +19 -0
- package/dist/server/bearer/index.js.map +1 -0
- package/dist/server/http/auth-edge.d.ts +26 -0
- package/dist/server/http/auth-edge.d.ts.map +1 -0
- package/dist/server/http/auth-edge.js +75 -0
- package/dist/server/http/auth-edge.js.map +1 -0
- package/dist/server/http/broker-handlers.d.ts +45 -0
- package/dist/server/http/broker-handlers.d.ts.map +1 -0
- package/dist/server/http/broker-handlers.js +224 -0
- package/dist/server/http/broker-handlers.js.map +1 -0
- package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
- package/dist/server/http/http-server.d.ts.map +1 -0
- package/dist/server/http/{httpServer.js → http-server.js} +19 -53
- package/dist/server/http/http-server.js.map +1 -0
- package/dist/server/http/index.d.ts +1 -3
- package/dist/server/http/index.d.ts.map +1 -1
- package/dist/server/http/index.js +1 -3
- package/dist/server/http/index.js.map +1 -1
- package/dist/server/http/mcp-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-handlers.js +16 -3
- package/dist/server/http/mcp-handlers.js.map +1 -1
- package/dist/server/http/middleware.d.ts +3 -4
- package/dist/server/http/middleware.d.ts.map +1 -1
- package/dist/server/http/middleware.js +33 -23
- package/dist/server/http/middleware.js.map +1 -1
- package/dist/server/http/public-origin.d.ts +10 -0
- package/dist/server/http/public-origin.d.ts.map +1 -0
- package/dist/server/http/public-origin.js +19 -0
- package/dist/server/http/public-origin.js.map +1 -0
- package/dist/server/http/rate-limiter.d.ts +1 -1
- package/dist/server/http/rate-limiter.d.ts.map +1 -1
- package/dist/server/http/rate-limiter.js +11 -11
- package/dist/server/http/rate-limiter.js.map +1 -1
- package/dist/server/http-agent.d.ts +9 -0
- package/dist/server/http-agent.d.ts.map +1 -0
- package/dist/server/http-agent.js +35 -0
- package/dist/server/http-agent.js.map +1 -0
- package/dist/server/index.d.ts +2 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +2 -0
- package/dist/server/index.js.map +1 -1
- package/dist/server/keepalive.d.ts +26 -0
- package/dist/server/keepalive.d.ts.map +1 -0
- package/dist/server/keepalive.js +64 -0
- package/dist/server/keepalive.js.map +1 -0
- package/dist/server/mcp/creatio-rest.d.ts +6 -0
- package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
- package/dist/server/mcp/creatio-rest.js +21 -3
- package/dist/server/mcp/creatio-rest.js.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
- package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
- package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
- package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
- package/dist/server/mcp/filters.d.ts.map +1 -1
- package/dist/server/mcp/filters.js +4 -1
- package/dist/server/mcp/filters.js.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
- package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
- package/dist/server/mcp/server.d.ts +35 -8
- package/dist/server/mcp/server.d.ts.map +1 -1
- package/dist/server/mcp/server.js +104 -44
- package/dist/server/mcp/server.js.map +1 -1
- package/dist/server/mcp/tools-data.d.ts +2 -2
- package/dist/server/mcp/tools-data.d.ts.map +1 -1
- package/dist/server/mcp/tools-data.js +1 -1
- package/dist/server/mcp/tools-data.js.map +1 -1
- package/dist/server/oauth/oauth-server.d.ts +41 -10
- package/dist/server/oauth/oauth-server.d.ts.map +1 -1
- package/dist/server/oauth/oauth-server.js +82 -48
- package/dist/server/oauth/oauth-server.js.map +1 -1
- package/dist/server/oauth/storage.d.ts +42 -5
- package/dist/server/oauth/storage.d.ts.map +1 -1
- package/dist/server/oauth/storage.js +81 -18
- package/dist/server/oauth/storage.js.map +1 -1
- package/dist/server/oauth/token-manager.d.ts +21 -4
- package/dist/server/oauth/token-manager.d.ts.map +1 -1
- package/dist/server/oauth/token-manager.js +18 -19
- package/dist/server/oauth/token-manager.js.map +1 -1
- package/dist/server/oauth/types.d.ts +0 -12
- package/dist/server/oauth/types.d.ts.map +1 -1
- package/dist/server/oauth/validators.d.ts.map +1 -1
- package/dist/server/oauth/validators.js +14 -5
- package/dist/server/oauth/validators.js.map +1 -1
- package/dist/sessions/index.d.ts +1 -1
- package/dist/sessions/index.d.ts.map +1 -1
- package/dist/sessions/index.js +1 -1
- package/dist/sessions/index.js.map +1 -1
- package/dist/sessions/redis-token-store.d.ts +22 -0
- package/dist/sessions/redis-token-store.d.ts.map +1 -0
- package/dist/sessions/redis-token-store.js +70 -0
- package/dist/sessions/redis-token-store.js.map +1 -0
- package/dist/sessions/session-context.d.ts +21 -40
- package/dist/sessions/session-context.d.ts.map +1 -1
- package/dist/sessions/session-context.js +25 -105
- package/dist/sessions/session-context.js.map +1 -1
- package/dist/sessions/token-crypto.d.ts +8 -0
- package/dist/sessions/token-crypto.d.ts.map +1 -0
- package/dist/sessions/token-crypto.js +43 -0
- package/dist/sessions/token-crypto.js.map +1 -0
- package/dist/sessions/token-store.d.ts +42 -0
- package/dist/sessions/token-store.d.ts.map +1 -0
- package/dist/sessions/token-store.js +66 -0
- package/dist/sessions/token-store.js.map +1 -0
- package/dist/utils/context.d.ts +12 -0
- package/dist/utils/context.d.ts.map +1 -1
- package/dist/utils/context.js +16 -0
- package/dist/utils/context.js.map +1 -1
- package/dist/utils/env-aliases.d.ts +9 -0
- package/dist/utils/env-aliases.d.ts.map +1 -0
- package/dist/utils/env-aliases.js +61 -0
- package/dist/utils/env-aliases.js.map +1 -0
- package/dist/utils/env.d.ts +5 -0
- package/dist/utils/env.d.ts.map +1 -1
- package/dist/utils/env.js +10 -1
- package/dist/utils/env.js.map +1 -1
- package/package.json +78 -76
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
- package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
- package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
- package/dist/server/http/creatio-oauth-handlers.js +0 -160
- package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
- package/dist/server/http/httpServer.d.ts.map +0 -1
- package/dist/server/http/httpServer.js.map +0 -1
- package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
- package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
- package/dist/server/http/mcp-oauth-handlers.js +0 -118
- package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
- package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
- package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
- package/dist/sessions/token-refresh-scheduler.js +0 -66
- package/dist/sessions/token-refresh-scheduler.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,
|
|
1
|
+
{"version":3,"file":"base-oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,kFAAkF;AAClF,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;CACzB;AAED,8BAAsB,kBAAkB,CACvC,CAAC,SAAS,gBAAgB,GAAG,gBAAgB,CAC5C,SAAQ,YAAY,CAAC,CAAC,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAKlD,OAAO,CAAC,SAAS,CAA0C;IAE3D,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAE1C,SAAS,CAAC,mBAAmB,EAAE,MAAM,GAAG,SAAS,CAAC;IAElD,mFAAmF;IACnF,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAElE,OAAO,CAAC,QAAQ;YAMF,aAAa;IAY3B,SAAS,CAAC,eAAe,IAAI,MAAM;IAInC,SAAS,CAAC,iBAAiB,IAAI,IAAI;cAInB,iBAAiB,CAAC,KAAK,UAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAahE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAQ7E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAKrC"}
|
|
@@ -4,34 +4,44 @@ exports.BaseOAuth2Provider = void 0;
|
|
|
4
4
|
const auth_1 = require("../auth");
|
|
5
5
|
const base_provider_1 = require("./base-provider");
|
|
6
6
|
class BaseOAuth2Provider extends base_provider_1.BaseProvider {
|
|
7
|
+
// Single-flight: K concurrent callers that find the token expired (e.g. a burst of requests all
|
|
8
|
+
// 401ing at once) trigger ONE token fetch, not K — avoids a thundering herd against Creatio
|
|
9
|
+
// Identity on expiry. Mirrors the per-user dedup the broker provider already does.
|
|
10
|
+
_inflight;
|
|
7
11
|
accessToken;
|
|
8
12
|
accessTokenExpiryMs;
|
|
9
|
-
|
|
10
|
-
return
|
|
13
|
+
_isFresh() {
|
|
14
|
+
return Boolean(this.accessToken && this.accessTokenExpiryMs && Date.now() < this.accessTokenExpiryMs);
|
|
11
15
|
}
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
return base;
|
|
19
|
-
}
|
|
20
|
-
let base = this.config.baseUrl.replace(/\/$/, '');
|
|
21
|
-
if (!/\/0$/.test(base)) {
|
|
22
|
-
base = base + '/0';
|
|
16
|
+
async _acquireToken() {
|
|
17
|
+
const fetched = await this.fetchToken();
|
|
18
|
+
if (!fetched) {
|
|
19
|
+
this.accessToken = undefined;
|
|
20
|
+
this.accessTokenExpiryMs = undefined;
|
|
21
|
+
return undefined;
|
|
23
22
|
}
|
|
24
|
-
|
|
23
|
+
this.accessToken = fetched.accessToken;
|
|
24
|
+
this.accessTokenExpiryMs = (0, auth_1.computeTokenExpiryMs)(fetched.expiresInSeconds);
|
|
25
|
+
return this.accessToken;
|
|
25
26
|
}
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
const kind = this.config?.auth?.kind ?? 'unknown';
|
|
29
|
-
const clientId = this.config?.auth?.clientId ?? 'noclient';
|
|
30
|
-
return `${kind}|${base}|${clientId}|${userKey}`;
|
|
27
|
+
getIdentityBase() {
|
|
28
|
+
return (0, auth_1.resolveIdentityBase)(this.config.baseUrl, this.authConfig.idBaseUrl);
|
|
31
29
|
}
|
|
32
30
|
throwNoTokenError() {
|
|
33
31
|
throw new Error(this.authErrorCode);
|
|
34
32
|
}
|
|
33
|
+
async ensureAccessToken(force = false) {
|
|
34
|
+
if (!force && this._isFresh()) {
|
|
35
|
+
return this.accessToken;
|
|
36
|
+
}
|
|
37
|
+
if (this._inflight) {
|
|
38
|
+
return this._inflight;
|
|
39
|
+
}
|
|
40
|
+
this._inflight = this._acquireToken().finally(() => {
|
|
41
|
+
this._inflight = undefined;
|
|
42
|
+
});
|
|
43
|
+
return this._inflight;
|
|
44
|
+
}
|
|
35
45
|
async getHeaders(accept, isJson) {
|
|
36
46
|
const token = await this.ensureAccessToken(false);
|
|
37
47
|
if (!token) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":";;;AACA,
|
|
1
|
+
{"version":3,"file":"base-oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":";;;AACA,kCAAkF;AAElF,mDAA+C;AAQ/C,MAAsB,kBAEpB,SAAQ,4BAAe;IAGxB,gGAAgG;IAChG,4FAA4F;IAC5F,mFAAmF;IAC3E,SAAS,CAA0C;IAEjD,WAAW,CAAqB;IAEhC,mBAAmB,CAAqB;IAK1C,QAAQ;QACf,OAAO,OAAO,CACb,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,mBAAmB,CACrF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;YAC7B,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;YACrC,OAAO,SAAS,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,mBAAmB,GAAG,IAAA,2BAAoB,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,WAAW,CAAC;IACzB,CAAC;IAES,eAAe;QACxB,OAAO,IAAA,0BAAmB,EAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC5E,CAAC;IAES,iBAAiB;QAC1B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACrC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,KAAK,GAAG,KAAK;QAC9C,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,SAAS,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACrC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;CACD;AArED,gDAqEC"}
|
|
@@ -13,7 +13,7 @@ class BaseProvider {
|
|
|
13
13
|
this.config = config;
|
|
14
14
|
}
|
|
15
15
|
cancelAllRefresh() {
|
|
16
|
-
// No background refresh timers
|
|
16
|
+
// No background refresh timers in any current provider; the hook stays for shutdown symmetry.
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
19
|
exports.BaseProvider = BaseProvider;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-provider.ts"],"names":[],"mappings":";;;AAKA,MAAsB,YAAY;IAGd,MAAM,CAAsB;IAE/C,IAAc,UAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAS,CAAC;IAC9B,CAAC;IAED,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,YAAY,MAA2B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IASM,gBAAgB;QACtB,
|
|
1
|
+
{"version":3,"file":"base-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-provider.ts"],"names":[],"mappings":";;;AAKA,MAAsB,YAAY;IAGd,MAAM,CAAsB;IAE/C,IAAc,UAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAS,CAAC;IAC9B,CAAC;IAED,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,YAAY,MAA2B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IASM,gBAAgB;QACtB,8FAA8F;IAC/F,CAAC;CACD;AA3BD,oCA2BC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { BrokerAuthConfig, CreatioClientConfig } from '../../client-config';
|
|
2
|
+
import { BaseProvider } from './base-provider';
|
|
3
|
+
/**
|
|
4
|
+
* Runtime auth provider for `broker` mode. The broker handler has already brokered the user's
|
|
5
|
+
* Creatio login and stored their tokens per `userKey`; this provider only SERVES them: it reads the
|
|
6
|
+
* current request's user tokens, refreshes on demand when expired, and attaches the Bearer. Token
|
|
7
|
+
* acquisition lives in the broker handler — this side never drives the interactive flow (SRP).
|
|
8
|
+
*/
|
|
9
|
+
export declare class BrokerProvider extends BaseProvider<BrokerAuthConfig> {
|
|
10
|
+
private readonly _session;
|
|
11
|
+
private readonly _creatio;
|
|
12
|
+
private readonly _inflightRefresh;
|
|
13
|
+
constructor(config: CreatioClientConfig);
|
|
14
|
+
private _ensureAccessToken;
|
|
15
|
+
private _refreshDeduped;
|
|
16
|
+
getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
|
|
17
|
+
/** Forces a refresh for the current user (called by the HTTP client on a 401, then it retries). */
|
|
18
|
+
refresh(): Promise<void>;
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=broker-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"broker-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/broker-provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C;;;;;GAKG;AACH,qBAAa,cAAe,SAAQ,YAAY,CAAC,gBAAgB,CAAC;IACjE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;IACpD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAqB;IAG9C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA0C;gBAE/D,MAAM,EAAE,mBAAmB;YAKzB,kBAAkB;IAehC,OAAO,CAAC,eAAe;IAcV,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAQ1F,mGAAmG;IACtF,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAUrC"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BrokerProvider = void 0;
|
|
4
|
+
const sessions_1 = require("../../../sessions");
|
|
5
|
+
const utils_1 = require("../../../utils");
|
|
6
|
+
const auth_1 = require("../auth");
|
|
7
|
+
const base_provider_1 = require("./base-provider");
|
|
8
|
+
const creatio_oauth_client_1 = require("./creatio-oauth-client");
|
|
9
|
+
/**
|
|
10
|
+
* Runtime auth provider for `broker` mode. The broker handler has already brokered the user's
|
|
11
|
+
* Creatio login and stored their tokens per `userKey`; this provider only SERVES them: it reads the
|
|
12
|
+
* current request's user tokens, refreshes on demand when expired, and attaches the Bearer. Token
|
|
13
|
+
* acquisition lives in the broker handler — this side never drives the interactive flow (SRP).
|
|
14
|
+
*/
|
|
15
|
+
class BrokerProvider extends base_provider_1.BaseProvider {
|
|
16
|
+
_session = sessions_1.SessionContext.instance;
|
|
17
|
+
_creatio;
|
|
18
|
+
// Deduplicates concurrent refreshes per user so K parallel requests trigger one refresh, not K
|
|
19
|
+
// (avoids the thundering herd + rotating-refresh-token races).
|
|
20
|
+
_inflightRefresh = new Map();
|
|
21
|
+
constructor(config) {
|
|
22
|
+
super(config);
|
|
23
|
+
this._creatio = new creatio_oauth_client_1.CreatioOAuthClient(config.baseUrl, this.authConfig);
|
|
24
|
+
}
|
|
25
|
+
async _ensureAccessToken(userKey) {
|
|
26
|
+
const saved = await this._session.getTokensForUser(userKey);
|
|
27
|
+
if (!saved) {
|
|
28
|
+
throw new Error('broker_not_authorized');
|
|
29
|
+
}
|
|
30
|
+
if (Date.now() < saved.accessTokenExpiryMs) {
|
|
31
|
+
return saved.accessToken;
|
|
32
|
+
}
|
|
33
|
+
if (!saved.refreshToken) {
|
|
34
|
+
await this._session.deleteTokensForUser(userKey);
|
|
35
|
+
throw new Error('broker_token_expired');
|
|
36
|
+
}
|
|
37
|
+
return (await this._refreshDeduped(userKey, saved.refreshToken)).accessToken;
|
|
38
|
+
}
|
|
39
|
+
_refreshDeduped(userKey, refreshToken) {
|
|
40
|
+
const existing = this._inflightRefresh.get(userKey);
|
|
41
|
+
if (existing) {
|
|
42
|
+
return existing;
|
|
43
|
+
}
|
|
44
|
+
const promise = (async () => {
|
|
45
|
+
const updated = await this._creatio.refresh(refreshToken);
|
|
46
|
+
await this._session.setTokensForUser(userKey, updated);
|
|
47
|
+
return updated;
|
|
48
|
+
})().finally(() => this._inflightRefresh.delete(userKey));
|
|
49
|
+
this._inflightRefresh.set(userKey, promise);
|
|
50
|
+
return promise;
|
|
51
|
+
}
|
|
52
|
+
async getHeaders(accept, isJson) {
|
|
53
|
+
const userKey = (0, utils_1.getEffectiveUserKey)();
|
|
54
|
+
if (!userKey) {
|
|
55
|
+
throw new Error('broker_no_user');
|
|
56
|
+
}
|
|
57
|
+
return (0, auth_1.buildHeaders)(accept, Boolean(isJson), await this._ensureAccessToken(userKey));
|
|
58
|
+
}
|
|
59
|
+
/** Forces a refresh for the current user (called by the HTTP client on a 401, then it retries). */
|
|
60
|
+
async refresh() {
|
|
61
|
+
const userKey = (0, utils_1.getEffectiveUserKey)();
|
|
62
|
+
if (!userKey) {
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
const saved = await this._session.getTokensForUser(userKey);
|
|
66
|
+
if (saved?.refreshToken) {
|
|
67
|
+
await this._refreshDeduped(userKey, saved.refreshToken);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
exports.BrokerProvider = BrokerProvider;
|
|
72
|
+
//# sourceMappingURL=broker-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"broker-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/broker-provider.ts"],"names":[],"mappings":";;;AAAA,gDAA+D;AAC/D,0CAAqD;AAErD,kCAAuC;AAEvC,mDAA+C;AAC/C,iEAA4D;AAE5D;;;;;GAKG;AACH,MAAa,cAAe,SAAQ,4BAA8B;IAChD,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC;IACnC,QAAQ,CAAqB;IAC9C,+FAA+F;IAC/F,+DAA+D;IAC9C,gBAAgB,GAAG,IAAI,GAAG,EAA+B,CAAC;IAE3E,YAAY,MAA2B;QACtC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,QAAQ,GAAG,IAAI,yCAAkB,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACzE,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC/C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,WAAW,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC;IAC9E,CAAC;IAEO,eAAe,CAAC,OAAe,EAAE,YAAoB;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,QAAQ,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC;QACjB,CAAC;QACD,MAAM,OAAO,GAAG,CAAC,KAAK,IAAI,EAAE;YAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC1D,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACvD,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,OAAO,GAAG,IAAA,2BAAmB,GAAE,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,mGAAmG;IAC5F,KAAK,CAAC,OAAO;QACnB,MAAM,OAAO,GAAG,IAAA,2BAAmB,GAAE,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;QACR,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,KAAK,EAAE,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;CACD;AA5DD,wCA4DC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import { UserTokens } from '../../../sessions';
|
|
2
|
+
import { BrokerAuthConfig } from '../../client-config';
|
|
3
|
+
/**
|
|
4
|
+
* Thin client for the Creatio Identity authorization-code endpoints — the "Creatio leg" of the
|
|
5
|
+
* broker. One place owns every call to Creatio's `/connect/authorize` and `/connect/token` (build
|
|
6
|
+
* the consent URL, exchange a code, refresh), so the broker handler and the runtime provider never
|
|
7
|
+
* duplicate token-endpoint logic (DRY). It is stateless: callers own where tokens are stored.
|
|
8
|
+
*/
|
|
9
|
+
export declare class CreatioOAuthClient {
|
|
10
|
+
private readonly _baseUrl;
|
|
11
|
+
private readonly _auth;
|
|
12
|
+
private get _identityBase();
|
|
13
|
+
private get _scope();
|
|
14
|
+
constructor(baseUrl: string, auth: BrokerAuthConfig);
|
|
15
|
+
private _baseBody;
|
|
16
|
+
private _postToken;
|
|
17
|
+
/** Builds the Creatio consent URL for the brokered login (always with S256 PKCE). */
|
|
18
|
+
buildAuthorizeUrl(redirectUri: string, state: string, codeChallenge: string): string;
|
|
19
|
+
/** Exchanges a Creatio authorization code (+ our PKCE verifier) for the user's Creatio tokens. */
|
|
20
|
+
exchangeCode(code: string, redirectUri: string, codeVerifier: string): Promise<UserTokens>;
|
|
21
|
+
/** Refreshes the user's Creatio tokens using a stored refresh token. */
|
|
22
|
+
refresh(refreshToken: string): Promise<UserTokens>;
|
|
23
|
+
/** Revoke a user's Creatio token (RFC 7009) on logout. Best-effort: a failure must not block the
|
|
24
|
+
* local logout (we still purge our own state), so this never throws. */
|
|
25
|
+
revoke(token: string): Promise<void>;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=creatio-oauth-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"creatio-oauth-client.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/creatio-oauth-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAYvD;;;;;GAKG;AACH,qBAAa,kBAAkB;IAC9B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAmB;IAEzC,OAAO,KAAK,aAAa,GAExB;IAED,OAAO,KAAK,MAAM,GAEjB;gBAEW,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB;IAKnD,OAAO,CAAC,SAAS;YAUH,UAAU;IAmCxB,qFAAqF;IAC9E,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM;IAY3F,kGAAkG;IACrF,YAAY,CACxB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GAClB,OAAO,CAAC,UAAU,CAAC;IAStB,wEAAwE;IAC3D,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAU/D;6EACyE;IAC5D,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgBjD"}
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.CreatioOAuthClient = void 0;
|
|
7
|
+
const log_1 = __importDefault(require("../../../log"));
|
|
8
|
+
const auth_1 = require("../auth");
|
|
9
|
+
const DEFAULT_TOKEN_LIFETIME_SECONDS = 180;
|
|
10
|
+
/**
|
|
11
|
+
* Thin client for the Creatio Identity authorization-code endpoints — the "Creatio leg" of the
|
|
12
|
+
* broker. One place owns every call to Creatio's `/connect/authorize` and `/connect/token` (build
|
|
13
|
+
* the consent URL, exchange a code, refresh), so the broker handler and the runtime provider never
|
|
14
|
+
* duplicate token-endpoint logic (DRY). It is stateless: callers own where tokens are stored.
|
|
15
|
+
*/
|
|
16
|
+
class CreatioOAuthClient {
|
|
17
|
+
_baseUrl;
|
|
18
|
+
_auth;
|
|
19
|
+
get _identityBase() {
|
|
20
|
+
return (0, auth_1.resolveIdentityBase)(this._baseUrl, this._auth.idBaseUrl);
|
|
21
|
+
}
|
|
22
|
+
get _scope() {
|
|
23
|
+
return this._auth.scope || 'offline_access';
|
|
24
|
+
}
|
|
25
|
+
constructor(baseUrl, auth) {
|
|
26
|
+
this._baseUrl = baseUrl;
|
|
27
|
+
this._auth = auth;
|
|
28
|
+
}
|
|
29
|
+
_baseBody() {
|
|
30
|
+
const body = new URLSearchParams();
|
|
31
|
+
body.set('client_id', this._auth.clientId);
|
|
32
|
+
// Confidential clients send a secret; public clients (PKCE) send none.
|
|
33
|
+
if (this._auth.clientSecret) {
|
|
34
|
+
body.set('client_secret', this._auth.clientSecret);
|
|
35
|
+
}
|
|
36
|
+
return body;
|
|
37
|
+
}
|
|
38
|
+
async _postToken(body, op) {
|
|
39
|
+
const url = this._identityBase + auth_1.TOKEN_ENDPOINT;
|
|
40
|
+
const res = await fetch(url, {
|
|
41
|
+
method: 'POST',
|
|
42
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
43
|
+
body: body.toString(),
|
|
44
|
+
});
|
|
45
|
+
const text = await res.text().catch(() => '');
|
|
46
|
+
if (!res.ok || !text) {
|
|
47
|
+
log_1.default.error(`broker.creatio.${op}_failed`, {
|
|
48
|
+
status: res.status,
|
|
49
|
+
body: text.slice(0, 200),
|
|
50
|
+
});
|
|
51
|
+
throw new Error(`creatio_oauth_${op}_error:${res.status}`);
|
|
52
|
+
}
|
|
53
|
+
let json;
|
|
54
|
+
try {
|
|
55
|
+
json = JSON.parse(text);
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
throw new Error(`creatio_oauth_${op}_parse_failed`);
|
|
59
|
+
}
|
|
60
|
+
if (!json.access_token) {
|
|
61
|
+
throw new Error(`creatio_oauth_${op}_no_access_token`);
|
|
62
|
+
}
|
|
63
|
+
const lifetime = Number(json.expires_in) || DEFAULT_TOKEN_LIFETIME_SECONDS;
|
|
64
|
+
return {
|
|
65
|
+
accessToken: String(json.access_token),
|
|
66
|
+
accessTokenExpiryMs: (0, auth_1.computeTokenExpiryMs)(lifetime),
|
|
67
|
+
...(json.refresh_token ? { refreshToken: String(json.refresh_token) } : {}),
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
/** Builds the Creatio consent URL for the brokered login (always with S256 PKCE). */
|
|
71
|
+
buildAuthorizeUrl(redirectUri, state, codeChallenge) {
|
|
72
|
+
const url = new URL(this._identityBase + auth_1.AUTHORIZE_ENDPOINT);
|
|
73
|
+
url.searchParams.set('client_id', this._auth.clientId);
|
|
74
|
+
url.searchParams.set('redirect_uri', redirectUri);
|
|
75
|
+
url.searchParams.set('response_type', 'code');
|
|
76
|
+
url.searchParams.set('state', state);
|
|
77
|
+
url.searchParams.set('code_challenge', codeChallenge);
|
|
78
|
+
url.searchParams.set('code_challenge_method', auth_1.PKCE_S256);
|
|
79
|
+
url.searchParams.set('scope', this._scope);
|
|
80
|
+
return url.toString();
|
|
81
|
+
}
|
|
82
|
+
/** Exchanges a Creatio authorization code (+ our PKCE verifier) for the user's Creatio tokens. */
|
|
83
|
+
async exchangeCode(code, redirectUri, codeVerifier) {
|
|
84
|
+
const body = this._baseBody();
|
|
85
|
+
body.set('grant_type', 'authorization_code');
|
|
86
|
+
body.set('code', code);
|
|
87
|
+
body.set('redirect_uri', redirectUri);
|
|
88
|
+
body.set('code_verifier', codeVerifier);
|
|
89
|
+
return this._postToken(body, 'exchange');
|
|
90
|
+
}
|
|
91
|
+
/** Refreshes the user's Creatio tokens using a stored refresh token. */
|
|
92
|
+
async refresh(refreshToken) {
|
|
93
|
+
const body = this._baseBody();
|
|
94
|
+
body.set('grant_type', 'refresh_token');
|
|
95
|
+
body.set('refresh_token', refreshToken);
|
|
96
|
+
body.set('scope', this._scope);
|
|
97
|
+
const tokens = await this._postToken(body, 'refresh');
|
|
98
|
+
// Rotating refresh tokens: keep the previous one if Creatio did not return a new one.
|
|
99
|
+
return tokens.refreshToken ? tokens : { ...tokens, refreshToken };
|
|
100
|
+
}
|
|
101
|
+
/** Revoke a user's Creatio token (RFC 7009) on logout. Best-effort: a failure must not block the
|
|
102
|
+
* local logout (we still purge our own state), so this never throws. */
|
|
103
|
+
async revoke(token) {
|
|
104
|
+
const body = this._baseBody();
|
|
105
|
+
body.set('token', token);
|
|
106
|
+
try {
|
|
107
|
+
const res = await fetch(this._identityBase + auth_1.REVOCATION_ENDPOINT, {
|
|
108
|
+
method: 'POST',
|
|
109
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
110
|
+
body: body.toString(),
|
|
111
|
+
});
|
|
112
|
+
if (!res.ok) {
|
|
113
|
+
log_1.default.warn('broker.creatio.revoke_failed', { status: res.status });
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
catch (err) {
|
|
117
|
+
log_1.default.warn('broker.creatio.revoke_error', { error: String(err) });
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
exports.CreatioOAuthClient = CreatioOAuthClient;
|
|
122
|
+
//# sourceMappingURL=creatio-oauth-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"creatio-oauth-client.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/creatio-oauth-client.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAG/B,kCAOiB;AAEjB,MAAM,8BAA8B,GAAG,GAAG,CAAC;AAE3C;;;;;GAKG;AACH,MAAa,kBAAkB;IACb,QAAQ,CAAS;IACjB,KAAK,CAAmB;IAEzC,IAAY,aAAa;QACxB,OAAO,IAAA,0BAAmB,EAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IAED,IAAY,MAAM;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,gBAAgB,CAAC;IAC7C,CAAC;IAED,YAAY,OAAe,EAAE,IAAsB;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACnB,CAAC;IAEO,SAAS;QAChB,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC3C,uEAAuE;QACvE,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEO,KAAK,CAAC,UAAU,CACvB,IAAqB,EACrB,EAA0B;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,GAAG,qBAAc,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;YACtB,aAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,SAAS,EAAE;gBACxC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACxB,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,IAA4E,CAAC;QACjF,IAAI,CAAC;YACJ,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,8BAA8B,CAAC;QAC3E,OAAO;YACN,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;YACtC,mBAAmB,EAAE,IAAA,2BAAoB,EAAC,QAAQ,CAAC;YACnD,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3E,CAAC;IACH,CAAC;IAED,qFAAqF;IAC9E,iBAAiB,CAAC,WAAmB,EAAE,KAAa,EAAE,aAAqB;QACjF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,yBAAkB,CAAC,CAAC;QAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,gBAAS,CAAC,CAAC;QACzD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC;IAED,kGAAkG;IAC3F,KAAK,CAAC,YAAY,CACxB,IAAY,EACZ,WAAmB,EACnB,YAAoB;QAEpB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,wEAAwE;IACjE,KAAK,CAAC,OAAO,CAAC,YAAoB;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACtD,sFAAsF;QACtF,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,CAAC;IACnE,CAAC;IAED;6EACyE;IAClE,KAAK,CAAC,MAAM,CAAC,KAAa;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACzB,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,0BAAmB,EAAE;gBACjE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;aACrB,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACb,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjE,CAAC;IACF,CAAC;CACD;AAtHD,gDAsHC"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export * from './legacy-provider';
|
|
2
2
|
export * from './oauth2-provider';
|
|
3
|
-
export * from './oauth2-
|
|
3
|
+
export * from './oauth2-bearer-provider';
|
|
4
|
+
export * from './broker-provider';
|
|
5
|
+
export * from './creatio-oauth-client';
|
|
4
6
|
export * from './type';
|
|
5
7
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,QAAQ,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,QAAQ,CAAC"}
|
|
@@ -16,6 +16,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./legacy-provider"), exports);
|
|
18
18
|
__exportStar(require("./oauth2-provider"), exports);
|
|
19
|
-
__exportStar(require("./oauth2-
|
|
19
|
+
__exportStar(require("./oauth2-bearer-provider"), exports);
|
|
20
|
+
__exportStar(require("./broker-provider"), exports);
|
|
21
|
+
__exportStar(require("./creatio-oauth-client"), exports);
|
|
20
22
|
__exportStar(require("./type"), exports);
|
|
21
23
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,yDAAuC;AACvC,yCAAuB"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,2DAAyC;AACzC,oDAAkC;AAClC,yDAAuC;AACvC,yCAAuB"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { BearerAuthConfig } from '../../client-config';
|
|
2
|
+
import { BaseProvider } from './base-provider';
|
|
3
|
+
/**
|
|
4
|
+
* Stateless per-request Bearer passthrough provider.
|
|
5
|
+
*
|
|
6
|
+
* The MCP issues and stores no tokens: every request already carries a Creatio access token
|
|
7
|
+
* (obtained by the client from Creatio Identity in `delegated` mode, or injected by a trusted
|
|
8
|
+
* Control-Plane in `gateway` mode). This provider simply attaches that token — read from the
|
|
9
|
+
* per-request {@link getBearerToken} context — to outgoing Creatio calls. Token acquisition and
|
|
10
|
+
* refresh are the client's / gateway's responsibility, which is why there is nothing to refresh
|
|
11
|
+
* here and no server-side token store.
|
|
12
|
+
*/
|
|
13
|
+
export declare class OAuth2BearerProvider extends BaseProvider<BearerAuthConfig> {
|
|
14
|
+
getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
|
|
15
|
+
refresh(): Promise<void>;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=oauth2-bearer-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth2-bearer-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-bearer-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C;;;;;;;;;GASG;AACH,qBAAa,oBAAqB,SAAQ,YAAY,CAAC,gBAAgB,CAAC;IAC1D,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAU7E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAIrC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OAuth2BearerProvider = void 0;
|
|
4
|
+
const utils_1 = require("../../../utils");
|
|
5
|
+
const auth_1 = require("../auth");
|
|
6
|
+
const base_provider_1 = require("./base-provider");
|
|
7
|
+
/**
|
|
8
|
+
* Stateless per-request Bearer passthrough provider.
|
|
9
|
+
*
|
|
10
|
+
* The MCP issues and stores no tokens: every request already carries a Creatio access token
|
|
11
|
+
* (obtained by the client from Creatio Identity in `delegated` mode, or injected by a trusted
|
|
12
|
+
* Control-Plane in `gateway` mode). This provider simply attaches that token — read from the
|
|
13
|
+
* per-request {@link getBearerToken} context — to outgoing Creatio calls. Token acquisition and
|
|
14
|
+
* refresh are the client's / gateway's responsibility, which is why there is nothing to refresh
|
|
15
|
+
* here and no server-side token store.
|
|
16
|
+
*/
|
|
17
|
+
class OAuth2BearerProvider extends base_provider_1.BaseProvider {
|
|
18
|
+
async getHeaders(accept, isJson) {
|
|
19
|
+
const token = (0, utils_1.getBearerToken)();
|
|
20
|
+
if (!token) {
|
|
21
|
+
// No token in context ⇒ unauthenticated request. The HTTP edge turns this into a 401
|
|
22
|
+
// (delegated: with a WWW-Authenticate challenge; gateway: a plain rejection).
|
|
23
|
+
throw new Error('bearer_token_required');
|
|
24
|
+
}
|
|
25
|
+
return (0, auth_1.buildHeaders)(accept, Boolean(isJson), token);
|
|
26
|
+
}
|
|
27
|
+
async refresh() {
|
|
28
|
+
// Nothing to refresh: the client (delegated) or gateway owns the token lifecycle. A stale
|
|
29
|
+
// token surfaces as a 401 from Creatio, which the caller resolves by presenting a fresh one.
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
exports.OAuth2BearerProvider = OAuth2BearerProvider;
|
|
33
|
+
//# sourceMappingURL=oauth2-bearer-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth2-bearer-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-bearer-provider.ts"],"names":[],"mappings":";;;AAAA,0CAAgD;AAEhD,kCAAuC;AAEvC,mDAA+C;AAE/C;;;;;;;;;GASG;AACH,MAAa,oBAAqB,SAAQ,4BAA8B;IAChE,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,KAAK,GAAG,IAAA,sBAAc,GAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,qFAAqF;YACrF,8EAA8E;YAC9E,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,0FAA0F;QAC1F,6FAA6F;IAC9F,CAAC;CACD;AAfD,oDAeC"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { CreatioClientConfig, OAuth2AuthConfig } from '../../client-config';
|
|
2
|
-
import { BaseOAuth2Provider } from './base-oauth2-provider';
|
|
2
|
+
import { BaseOAuth2Provider, FetchedToken } from './base-oauth2-provider';
|
|
3
3
|
export declare class OAuth2Provider extends BaseOAuth2Provider<OAuth2AuthConfig> {
|
|
4
4
|
private readonly _config;
|
|
5
5
|
protected readonly authErrorCode = "oauth2_auth_failed";
|
|
6
6
|
constructor(config: CreatioClientConfig);
|
|
7
|
-
protected
|
|
7
|
+
protected fetchToken(): Promise<FetchedToken | undefined>;
|
|
8
8
|
}
|
|
9
9
|
//# sourceMappingURL=oauth2-provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE1E,qBAAa,cAAe,SAAQ,kBAAkB,CAAC,gBAAgB,CAAC;IACvE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAE9C,SAAS,CAAC,QAAQ,CAAC,aAAa,wBAAwB;gBAE5C,MAAM,EAAE,mBAAmB;cAKvB,UAAU,IAAI,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;CAqE/D"}
|
|
@@ -14,11 +14,7 @@ class OAuth2Provider extends base_oauth2_provider_1.BaseOAuth2Provider {
|
|
|
14
14
|
super(config);
|
|
15
15
|
this._config = config;
|
|
16
16
|
}
|
|
17
|
-
async
|
|
18
|
-
const now = Date.now();
|
|
19
|
-
if (this.accessToken && this.accessTokenExpiryMs && now < this.accessTokenExpiryMs) {
|
|
20
|
-
return this.accessToken;
|
|
21
|
-
}
|
|
17
|
+
async fetchToken() {
|
|
22
18
|
const url = `${this.getIdentityBase()}${auth_1.TOKEN_ENDPOINT}`;
|
|
23
19
|
const body = new URLSearchParams();
|
|
24
20
|
body.set('grant_type', 'client_credentials');
|
|
@@ -69,11 +65,10 @@ class OAuth2Provider extends base_oauth2_provider_1.BaseOAuth2Provider {
|
|
|
69
65
|
log_1.default.creatioAuthFailed(this._config.baseUrl, 'no_access_token_in_response', 'oauth2');
|
|
70
66
|
throw new Error('oauth2_no_access_token');
|
|
71
67
|
}
|
|
72
|
-
|
|
73
|
-
const
|
|
74
|
-
this.accessTokenExpiryMs = this.computeExpiryMs(expiresIn, 1);
|
|
68
|
+
const accessToken = String(tokenResponse.access_token);
|
|
69
|
+
const expiresInSeconds = Number(tokenResponse.expires_in) || 3600;
|
|
75
70
|
log_1.default.creatioAuthOk(this._config.baseUrl, 'oauth2');
|
|
76
|
-
return
|
|
71
|
+
return { accessToken, expiresInSeconds };
|
|
77
72
|
}
|
|
78
73
|
catch (e) {
|
|
79
74
|
log_1.default.error('oauth.token.exception', { error: String(e?.message ?? e) });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAE/B,kCAAiE;AAEjE,
|
|
1
|
+
{"version":3,"file":"oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAE/B,kCAAiE;AAEjE,iEAA0E;AAE1E,MAAa,cAAe,SAAQ,yCAAoC;IACtD,OAAO,CAAsB;IAE3B,aAAa,GAAG,oBAAoB,CAAC;IAExD,YAAY,MAA2B;QACtC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAES,KAAK,CAAC,UAAU;QACzB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,EAAE,GAAG,qBAAc,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACJ,aAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;aACrB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC3D,MAAM,WAAW,GAAI,QAAQ,CAAC,OAAe,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC3E,MAAM,WAAW,GAChB,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,6BAAsB;gBAC3D,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,6BAAsB,CAAC,GAAG,mBAAmB;gBACrE,CAAC,CAAC,YAAY,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,aAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE;oBAC9B,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,eAAe,QAAQ,CAAC,MAAM,EAAE,EAChC,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,aAAG,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;gBACnF,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;gBAC7E,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,aAAa,GAAQ,IAAI,CAAC;YAC9B,IAAI,CAAC;gBACJ,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE;oBACrC,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;gBACnD,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,6BAA6B,EAC7B,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC3C,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACvD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YAClE,aAAG,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;QAC1C,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACjB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YACvE,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC/E,OAAO,SAAS,CAAC;QAClB,CAAC;IACF,CAAC;CACD;AA/ED,wCA+EC"}
|
|
@@ -1,6 +1,25 @@
|
|
|
1
1
|
export declare enum AuthProviderType {
|
|
2
2
|
Legacy = "legacy",
|
|
3
3
|
OAuth2 = "oauth2",
|
|
4
|
-
|
|
4
|
+
/**
|
|
5
|
+
* Stateless per-request Bearer passthrough: the incoming request carries a Creatio access token
|
|
6
|
+
* (obtained by the client directly from Creatio Identity in `delegated` mode, or injected by a
|
|
7
|
+
* fronting Control-Plane in `gateway` mode). The MCP issues no tokens and stores none.
|
|
8
|
+
*/
|
|
9
|
+
OAuth2Bearer = "oauth2_bearer",
|
|
10
|
+
/**
|
|
11
|
+
* Broker: the MCP is its own OAuth 2.1 authorization server for clients (DCR + /authorize +
|
|
12
|
+
* /token), brokering the user login to Creatio via authorization_code + PKCE and holding the
|
|
13
|
+
* user's Creatio tokens server-side. The "connect → authorize → work as me" UX for standalone
|
|
14
|
+
* direct clients (Claude Desktop / ChatGPT) where Creatio offers no dynamic client registration.
|
|
15
|
+
*/
|
|
16
|
+
Broker = "broker"
|
|
17
|
+
}
|
|
18
|
+
/** Where the per-request Bearer comes from / how strictly the MCP treats it. */
|
|
19
|
+
export declare enum BearerAuthMode {
|
|
20
|
+
/** Client authenticates directly against Creatio Identity; MCP advertises it (RFC 9728) + validates. */
|
|
21
|
+
Delegated = "delegated",
|
|
22
|
+
/** A trusted fronting gateway (Creatio.ai Control-Plane) injects the Bearer; MCP trusts it. */
|
|
23
|
+
Gateway = "gateway"
|
|
5
24
|
}
|
|
6
25
|
//# sourceMappingURL=type.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"type.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/type.ts"],"names":[],"mappings":"AAAA,oBAAY,gBAAgB;IAC3B,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,
|
|
1
|
+
{"version":3,"file":"type.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/type.ts"],"names":[],"mappings":"AAAA,oBAAY,gBAAgB;IAC3B,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB;;;;OAIG;IACH,YAAY,kBAAkB;IAC9B;;;;;OAKG;IACH,MAAM,WAAW;CACjB;AAED,gFAAgF;AAChF,oBAAY,cAAc;IACzB,wGAAwG;IACxG,SAAS,cAAc;IACvB,+FAA+F;IAC/F,OAAO,YAAY;CACnB"}
|
|
@@ -1,10 +1,30 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AuthProviderType = void 0;
|
|
3
|
+
exports.BearerAuthMode = exports.AuthProviderType = void 0;
|
|
4
4
|
var AuthProviderType;
|
|
5
5
|
(function (AuthProviderType) {
|
|
6
6
|
AuthProviderType["Legacy"] = "legacy";
|
|
7
7
|
AuthProviderType["OAuth2"] = "oauth2";
|
|
8
|
-
|
|
8
|
+
/**
|
|
9
|
+
* Stateless per-request Bearer passthrough: the incoming request carries a Creatio access token
|
|
10
|
+
* (obtained by the client directly from Creatio Identity in `delegated` mode, or injected by a
|
|
11
|
+
* fronting Control-Plane in `gateway` mode). The MCP issues no tokens and stores none.
|
|
12
|
+
*/
|
|
13
|
+
AuthProviderType["OAuth2Bearer"] = "oauth2_bearer";
|
|
14
|
+
/**
|
|
15
|
+
* Broker: the MCP is its own OAuth 2.1 authorization server for clients (DCR + /authorize +
|
|
16
|
+
* /token), brokering the user login to Creatio via authorization_code + PKCE and holding the
|
|
17
|
+
* user's Creatio tokens server-side. The "connect → authorize → work as me" UX for standalone
|
|
18
|
+
* direct clients (Claude Desktop / ChatGPT) where Creatio offers no dynamic client registration.
|
|
19
|
+
*/
|
|
20
|
+
AuthProviderType["Broker"] = "broker";
|
|
9
21
|
})(AuthProviderType || (exports.AuthProviderType = AuthProviderType = {}));
|
|
22
|
+
/** Where the per-request Bearer comes from / how strictly the MCP treats it. */
|
|
23
|
+
var BearerAuthMode;
|
|
24
|
+
(function (BearerAuthMode) {
|
|
25
|
+
/** Client authenticates directly against Creatio Identity; MCP advertises it (RFC 9728) + validates. */
|
|
26
|
+
BearerAuthMode["Delegated"] = "delegated";
|
|
27
|
+
/** A trusted fronting gateway (Creatio.ai Control-Plane) injects the Bearer; MCP trusts it. */
|
|
28
|
+
BearerAuthMode["Gateway"] = "gateway";
|
|
29
|
+
})(BearerAuthMode || (exports.BearerAuthMode = BearerAuthMode = {}));
|
|
10
30
|
//# sourceMappingURL=type.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/type.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/type.ts"],"names":[],"mappings":";;;AAAA,IAAY,gBAgBX;AAhBD,WAAY,gBAAgB;IAC3B,qCAAiB,CAAA;IACjB,qCAAiB,CAAA;IACjB;;;;OAIG;IACH,kDAA8B,CAAA;IAC9B;;;;;OAKG;IACH,qCAAiB,CAAA;AAClB,CAAC,EAhBW,gBAAgB,gCAAhB,gBAAgB,QAgB3B;AAED,gFAAgF;AAChF,IAAY,cAKX;AALD,WAAY,cAAc;IACzB,wGAAwG;IACxG,yCAAuB,CAAA;IACvB,+FAA+F;IAC/F,qCAAmB,CAAA;AACpB,CAAC,EALW,cAAc,8BAAd,cAAc,QAKzB"}
|