mcp-creatio 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/README.md +280 -156
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/cli.js +27 -10
  4. package/dist/cli.js.map +1 -1
  5. package/dist/config-builder.d.ts +8 -0
  6. package/dist/config-builder.d.ts.map +1 -1
  7. package/dist/config-builder.js +147 -43
  8. package/dist/config-builder.js.map +1 -1
  9. package/dist/consts.d.ts.map +1 -1
  10. package/dist/consts.js +2 -1
  11. package/dist/consts.js.map +1 -1
  12. package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
  13. package/dist/creatio/auth/auth-manager.js +5 -2
  14. package/dist/creatio/auth/auth-manager.js.map +1 -1
  15. package/dist/creatio/auth/auth.d.ts +4 -31
  16. package/dist/creatio/auth/auth.d.ts.map +1 -1
  17. package/dist/creatio/auth/auth.js +20 -26
  18. package/dist/creatio/auth/auth.js.map +1 -1
  19. package/dist/creatio/auth/constants.d.ts +14 -0
  20. package/dist/creatio/auth/constants.d.ts.map +1 -0
  21. package/dist/creatio/auth/constants.js +20 -0
  22. package/dist/creatio/auth/constants.js.map +1 -0
  23. package/dist/creatio/auth/contracts.d.ts +15 -0
  24. package/dist/creatio/auth/contracts.d.ts.map +1 -0
  25. package/dist/creatio/auth/contracts.js +3 -0
  26. package/dist/creatio/auth/contracts.js.map +1 -0
  27. package/dist/creatio/auth/headers.d.ts +3 -0
  28. package/dist/creatio/auth/headers.d.ts.map +1 -0
  29. package/dist/creatio/auth/headers.js +15 -0
  30. package/dist/creatio/auth/headers.js.map +1 -0
  31. package/dist/creatio/auth/identity.d.ts +8 -0
  32. package/dist/creatio/auth/identity.d.ts.map +1 -0
  33. package/dist/creatio/auth/identity.js +18 -0
  34. package/dist/creatio/auth/identity.js.map +1 -0
  35. package/dist/creatio/auth/index.d.ts +4 -3
  36. package/dist/creatio/auth/index.d.ts.map +1 -1
  37. package/dist/creatio/auth/index.js +5 -3
  38. package/dist/creatio/auth/index.js.map +1 -1
  39. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
  41. package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
  43. package/dist/creatio/auth/providers/base-provider.js +1 -1
  44. package/dist/creatio/auth/providers/base-provider.js.map +1 -1
  45. package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
  46. package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
  47. package/dist/creatio/auth/providers/broker-provider.js +72 -0
  48. package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
  49. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
  50. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
  51. package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
  52. package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
  53. package/dist/creatio/auth/providers/index.d.ts +3 -1
  54. package/dist/creatio/auth/providers/index.d.ts.map +1 -1
  55. package/dist/creatio/auth/providers/index.js +3 -1
  56. package/dist/creatio/auth/providers/index.js.map +1 -1
  57. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
  58. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
  59. package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
  60. package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
  62. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
  63. package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
  64. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
  65. package/dist/creatio/auth/providers/type.d.ts +20 -1
  66. package/dist/creatio/auth/providers/type.d.ts.map +1 -1
  67. package/dist/creatio/auth/providers/type.js +22 -2
  68. package/dist/creatio/auth/providers/type.js.map +1 -1
  69. package/dist/creatio/client-config.d.ts +26 -5
  70. package/dist/creatio/client-config.d.ts.map +1 -1
  71. package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
  72. package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
  73. package/dist/creatio/engines/admin-operation-engine.js +3 -3
  74. package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
  75. package/dist/creatio/engines/configuration-engine.d.ts +1 -1
  76. package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
  77. package/dist/creatio/engines/configuration-engine.js +3 -3
  78. package/dist/creatio/engines/configuration-engine.js.map +1 -1
  79. package/dist/creatio/engines/crud-engine.d.ts +1 -1
  80. package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
  81. package/dist/creatio/engines/crud-engine.js +4 -4
  82. package/dist/creatio/engines/crud-engine.js.map +1 -1
  83. package/dist/creatio/engines/engine-manager.d.ts +4 -2
  84. package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
  85. package/dist/creatio/engines/engine-manager.js +9 -10
  86. package/dist/creatio/engines/engine-manager.js.map +1 -1
  87. package/dist/creatio/engines/engine.d.ts.map +1 -1
  88. package/dist/creatio/engines/engine.js +12 -1
  89. package/dist/creatio/engines/engine.js.map +1 -1
  90. package/dist/creatio/engines/feature-engine.d.ts +1 -1
  91. package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
  92. package/dist/creatio/engines/feature-engine.js +3 -3
  93. package/dist/creatio/engines/feature-engine.js.map +1 -1
  94. package/dist/creatio/engines/process-engine.d.ts +1 -1
  95. package/dist/creatio/engines/process-engine.d.ts.map +1 -1
  96. package/dist/creatio/engines/process-engine.js +3 -3
  97. package/dist/creatio/engines/process-engine.js.map +1 -1
  98. package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
  99. package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
  100. package/dist/creatio/engines/sys-settings-engine.js +3 -3
  101. package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
  102. package/dist/creatio/engines/user-engine.d.ts +1 -1
  103. package/dist/creatio/engines/user-engine.d.ts.map +1 -1
  104. package/dist/creatio/engines/user-engine.js +3 -3
  105. package/dist/creatio/engines/user-engine.js.map +1 -1
  106. package/dist/creatio/provider-context.d.ts +3 -0
  107. package/dist/creatio/provider-context.d.ts.map +1 -1
  108. package/dist/creatio/services/client-cache-hash-client.d.ts +22 -0
  109. package/dist/creatio/services/client-cache-hash-client.d.ts.map +1 -0
  110. package/dist/creatio/services/client-cache-hash-client.js +56 -0
  111. package/dist/creatio/services/client-cache-hash-client.js.map +1 -0
  112. package/dist/creatio/services/creatio-service-context.d.ts +6 -1
  113. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
  114. package/dist/creatio/services/creatio-service-context.js +15 -1
  115. package/dist/creatio/services/creatio-service-context.js.map +1 -1
  116. package/dist/creatio/services/crud-provider-factory.d.ts +4 -0
  117. package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
  118. package/dist/creatio/services/crud-provider-factory.js +1 -1
  119. package/dist/creatio/services/crud-provider-factory.js.map +1 -1
  120. package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
  121. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +5 -3
  122. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
  123. package/dist/creatio/services/dataservice/data-service-crud-provider.js +8 -6
  124. package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
  125. package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
  126. package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
  127. package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
  128. package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
  129. package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
  130. package/dist/creatio/services/dataservice/data-service-schema.d.ts +6 -4
  131. package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
  132. package/dist/creatio/services/dataservice/data-service-schema.js +29 -18
  133. package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
  134. package/dist/creatio/services/dataservice/data-service-transport.d.ts +4 -1
  135. package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
  136. package/dist/creatio/services/dataservice/data-service-transport.js +8 -3
  137. package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
  138. package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
  139. package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
  140. package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
  141. package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
  142. package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
  143. package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
  144. package/dist/creatio/services/http-client.d.ts +13 -0
  145. package/dist/creatio/services/http-client.d.ts.map +1 -1
  146. package/dist/creatio/services/http-client.js +26 -2
  147. package/dist/creatio/services/http-client.js.map +1 -1
  148. package/dist/creatio/services/identifiers.d.ts +10 -0
  149. package/dist/creatio/services/identifiers.d.ts.map +1 -0
  150. package/dist/creatio/services/identifiers.js +20 -0
  151. package/dist/creatio/services/identifiers.js.map +1 -0
  152. package/dist/creatio/services/index.d.ts +2 -0
  153. package/dist/creatio/services/index.d.ts.map +1 -1
  154. package/dist/creatio/services/index.js +2 -0
  155. package/dist/creatio/services/index.js.map +1 -1
  156. package/dist/creatio/services/odata/metadata-store.d.ts +16 -3
  157. package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
  158. package/dist/creatio/services/odata/metadata-store.js +65 -38
  159. package/dist/creatio/services/odata/metadata-store.js.map +1 -1
  160. package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
  161. package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
  162. package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
  163. package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
  164. package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
  165. package/dist/creatio/services/odata/odata-query-translator.js +32 -20
  166. package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
  167. package/dist/creatio/services/schema-freshness-gate.d.ts +26 -0
  168. package/dist/creatio/services/schema-freshness-gate.d.ts.map +1 -0
  169. package/dist/creatio/services/schema-freshness-gate.js +58 -0
  170. package/dist/creatio/services/schema-freshness-gate.js.map +1 -0
  171. package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
  172. package/dist/creatio/services/user-info-provider.js +2 -2
  173. package/dist/creatio/services/user-info-provider.js.map +1 -1
  174. package/dist/index.js +35 -4
  175. package/dist/index.js.map +1 -1
  176. package/dist/log.d.ts +1 -1
  177. package/dist/log.d.ts.map +1 -1
  178. package/dist/log.js +6 -2
  179. package/dist/log.js.map +1 -1
  180. package/dist/server/bearer/base-url-guard.d.ts +20 -0
  181. package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
  182. package/dist/server/bearer/base-url-guard.js +55 -0
  183. package/dist/server/bearer/base-url-guard.js.map +1 -0
  184. package/dist/server/bearer/bearer-edge.d.ts +42 -0
  185. package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
  186. package/dist/server/bearer/bearer-edge.js +122 -0
  187. package/dist/server/bearer/bearer-edge.js.map +1 -0
  188. package/dist/server/bearer/bearer-token.d.ts +27 -0
  189. package/dist/server/bearer/bearer-token.d.ts.map +1 -0
  190. package/dist/server/bearer/bearer-token.js +50 -0
  191. package/dist/server/bearer/bearer-token.js.map +1 -0
  192. package/dist/server/bearer/index.d.ts +3 -0
  193. package/dist/server/bearer/index.d.ts.map +1 -0
  194. package/dist/server/bearer/index.js +19 -0
  195. package/dist/server/bearer/index.js.map +1 -0
  196. package/dist/server/http/auth-edge.d.ts +26 -0
  197. package/dist/server/http/auth-edge.d.ts.map +1 -0
  198. package/dist/server/http/auth-edge.js +75 -0
  199. package/dist/server/http/auth-edge.js.map +1 -0
  200. package/dist/server/http/broker-handlers.d.ts +45 -0
  201. package/dist/server/http/broker-handlers.d.ts.map +1 -0
  202. package/dist/server/http/broker-handlers.js +224 -0
  203. package/dist/server/http/broker-handlers.js.map +1 -0
  204. package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
  205. package/dist/server/http/http-server.d.ts.map +1 -0
  206. package/dist/server/http/{httpServer.js → http-server.js} +19 -53
  207. package/dist/server/http/http-server.js.map +1 -0
  208. package/dist/server/http/index.d.ts +1 -3
  209. package/dist/server/http/index.d.ts.map +1 -1
  210. package/dist/server/http/index.js +1 -3
  211. package/dist/server/http/index.js.map +1 -1
  212. package/dist/server/http/mcp-handlers.d.ts.map +1 -1
  213. package/dist/server/http/mcp-handlers.js +16 -3
  214. package/dist/server/http/mcp-handlers.js.map +1 -1
  215. package/dist/server/http/middleware.d.ts +3 -4
  216. package/dist/server/http/middleware.d.ts.map +1 -1
  217. package/dist/server/http/middleware.js +33 -23
  218. package/dist/server/http/middleware.js.map +1 -1
  219. package/dist/server/http/public-origin.d.ts +10 -0
  220. package/dist/server/http/public-origin.d.ts.map +1 -0
  221. package/dist/server/http/public-origin.js +19 -0
  222. package/dist/server/http/public-origin.js.map +1 -0
  223. package/dist/server/http/rate-limiter.d.ts +1 -1
  224. package/dist/server/http/rate-limiter.d.ts.map +1 -1
  225. package/dist/server/http/rate-limiter.js +11 -11
  226. package/dist/server/http/rate-limiter.js.map +1 -1
  227. package/dist/server/http-agent.d.ts +9 -0
  228. package/dist/server/http-agent.d.ts.map +1 -0
  229. package/dist/server/http-agent.js +35 -0
  230. package/dist/server/http-agent.js.map +1 -0
  231. package/dist/server/index.d.ts +2 -0
  232. package/dist/server/index.d.ts.map +1 -1
  233. package/dist/server/index.js +2 -0
  234. package/dist/server/index.js.map +1 -1
  235. package/dist/server/keepalive.d.ts +26 -0
  236. package/dist/server/keepalive.d.ts.map +1 -0
  237. package/dist/server/keepalive.js +64 -0
  238. package/dist/server/keepalive.js.map +1 -0
  239. package/dist/server/mcp/creatio-rest.d.ts +6 -0
  240. package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
  241. package/dist/server/mcp/creatio-rest.js +21 -3
  242. package/dist/server/mcp/creatio-rest.js.map +1 -1
  243. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
  244. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
  245. package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
  246. package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
  247. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
  248. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
  249. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
  250. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
  251. package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
  252. package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
  253. package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
  254. package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
  255. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
  256. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
  257. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
  258. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
  259. package/dist/server/mcp/filters.d.ts.map +1 -1
  260. package/dist/server/mcp/filters.js +4 -1
  261. package/dist/server/mcp/filters.js.map +1 -1
  262. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
  263. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
  264. package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
  265. package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
  266. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
  267. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
  268. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
  269. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
  270. package/dist/server/mcp/server.d.ts +35 -8
  271. package/dist/server/mcp/server.d.ts.map +1 -1
  272. package/dist/server/mcp/server.js +113 -45
  273. package/dist/server/mcp/server.js.map +1 -1
  274. package/dist/server/mcp/tools-data.d.ts +2 -2
  275. package/dist/server/mcp/tools-data.d.ts.map +1 -1
  276. package/dist/server/mcp/tools-data.js +1 -1
  277. package/dist/server/mcp/tools-data.js.map +1 -1
  278. package/dist/server/oauth/oauth-server.d.ts +41 -10
  279. package/dist/server/oauth/oauth-server.d.ts.map +1 -1
  280. package/dist/server/oauth/oauth-server.js +82 -48
  281. package/dist/server/oauth/oauth-server.js.map +1 -1
  282. package/dist/server/oauth/storage.d.ts +42 -5
  283. package/dist/server/oauth/storage.d.ts.map +1 -1
  284. package/dist/server/oauth/storage.js +81 -18
  285. package/dist/server/oauth/storage.js.map +1 -1
  286. package/dist/server/oauth/token-manager.d.ts +21 -4
  287. package/dist/server/oauth/token-manager.d.ts.map +1 -1
  288. package/dist/server/oauth/token-manager.js +18 -19
  289. package/dist/server/oauth/token-manager.js.map +1 -1
  290. package/dist/server/oauth/types.d.ts +0 -12
  291. package/dist/server/oauth/types.d.ts.map +1 -1
  292. package/dist/server/oauth/validators.d.ts.map +1 -1
  293. package/dist/server/oauth/validators.js +14 -5
  294. package/dist/server/oauth/validators.js.map +1 -1
  295. package/dist/sessions/index.d.ts +1 -1
  296. package/dist/sessions/index.d.ts.map +1 -1
  297. package/dist/sessions/index.js +1 -1
  298. package/dist/sessions/index.js.map +1 -1
  299. package/dist/sessions/redis-token-store.d.ts +22 -0
  300. package/dist/sessions/redis-token-store.d.ts.map +1 -0
  301. package/dist/sessions/redis-token-store.js +70 -0
  302. package/dist/sessions/redis-token-store.js.map +1 -0
  303. package/dist/sessions/session-context.d.ts +21 -40
  304. package/dist/sessions/session-context.d.ts.map +1 -1
  305. package/dist/sessions/session-context.js +25 -105
  306. package/dist/sessions/session-context.js.map +1 -1
  307. package/dist/sessions/token-crypto.d.ts +8 -0
  308. package/dist/sessions/token-crypto.d.ts.map +1 -0
  309. package/dist/sessions/token-crypto.js +43 -0
  310. package/dist/sessions/token-crypto.js.map +1 -0
  311. package/dist/sessions/token-store.d.ts +42 -0
  312. package/dist/sessions/token-store.d.ts.map +1 -0
  313. package/dist/sessions/token-store.js +66 -0
  314. package/dist/sessions/token-store.js.map +1 -0
  315. package/dist/utils/context.d.ts +12 -0
  316. package/dist/utils/context.d.ts.map +1 -1
  317. package/dist/utils/context.js +16 -0
  318. package/dist/utils/context.js.map +1 -1
  319. package/dist/utils/env-aliases.d.ts +9 -0
  320. package/dist/utils/env-aliases.d.ts.map +1 -0
  321. package/dist/utils/env-aliases.js +61 -0
  322. package/dist/utils/env-aliases.js.map +1 -0
  323. package/dist/utils/env.d.ts +5 -0
  324. package/dist/utils/env.d.ts.map +1 -1
  325. package/dist/utils/env.js +10 -1
  326. package/dist/utils/env.js.map +1 -1
  327. package/dist/utils/index.d.ts +1 -0
  328. package/dist/utils/index.d.ts.map +1 -1
  329. package/dist/utils/index.js +1 -0
  330. package/dist/utils/index.js.map +1 -1
  331. package/dist/utils/redact.d.ts +25 -0
  332. package/dist/utils/redact.d.ts.map +1 -0
  333. package/dist/utils/redact.js +64 -0
  334. package/dist/utils/redact.js.map +1 -0
  335. package/package.json +78 -76
  336. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
  337. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
  338. package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
  339. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
  340. package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
  341. package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
  342. package/dist/server/http/creatio-oauth-handlers.js +0 -160
  343. package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
  344. package/dist/server/http/httpServer.d.ts.map +0 -1
  345. package/dist/server/http/httpServer.js.map +0 -1
  346. package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
  347. package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
  348. package/dist/server/http/mcp-oauth-handlers.js +0 -118
  349. package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
  350. package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
  351. package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
  352. package/dist/sessions/token-refresh-scheduler.js +0 -66
  353. package/dist/sessions/token-refresh-scheduler.js.map +0 -1
@@ -14,11 +14,13 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
- exports.AuthProviderType = exports.supportsInteractiveAuth = exports.supportsRevoke = void 0;
17
+ exports.BearerAuthMode = exports.AuthProviderType = exports.CreatioOAuthClient = exports.resolveIdentityBase = void 0;
18
18
  __exportStar(require("./auth-manager"), exports);
19
19
  var auth_1 = require("./auth");
20
- Object.defineProperty(exports, "supportsRevoke", { enumerable: true, get: function () { return auth_1.supportsRevoke; } });
21
- Object.defineProperty(exports, "supportsInteractiveAuth", { enumerable: true, get: function () { return auth_1.supportsInteractiveAuth; } });
20
+ Object.defineProperty(exports, "resolveIdentityBase", { enumerable: true, get: function () { return auth_1.resolveIdentityBase; } });
21
+ var providers_1 = require("./providers");
22
+ Object.defineProperty(exports, "CreatioOAuthClient", { enumerable: true, get: function () { return providers_1.CreatioOAuthClient; } });
22
23
  var type_1 = require("./providers/type");
23
24
  Object.defineProperty(exports, "AuthProviderType", { enumerable: true, get: function () { return type_1.AuthProviderType; } });
25
+ Object.defineProperty(exports, "BearerAuthMode", { enumerable: true, get: function () { return type_1.BearerAuthMode; } });
24
26
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iDAA+B;AAM/B,+BAAiE;AAAxD,sGAAA,cAAc,OAAA;AAAE,+GAAA,uBAAuB,OAAA;AAChD,yCAAoD;AAA3C,wGAAA,gBAAgB,OAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iDAA+B;AAE/B,+BAA6C;AAApC,2GAAA,mBAAmB,OAAA;AAC5B,yCAAiD;AAAxC,+GAAA,kBAAkB,OAAA;AAC3B,yCAAoE;AAA3D,wGAAA,gBAAgB,OAAA;AAAE,sGAAA,cAAc,OAAA"}
@@ -1,17 +1,23 @@
1
- import { OAuth2AuthConfig, OAuth2CodeAuthConfig } from '../../client-config';
1
+ import { OAuth2AuthConfig } from '../../client-config';
2
2
  import { BaseProvider } from './base-provider';
3
- type OAuthConfig = OAuth2AuthConfig | OAuth2CodeAuthConfig;
4
- export declare abstract class BaseOAuth2Provider<T extends OAuthConfig = OAuthConfig> extends BaseProvider<T> {
3
+ /** The raw result of a token fetch — caching and expiry math live in the base. */
4
+ export interface FetchedToken {
5
+ accessToken: string;
6
+ expiresInSeconds: number;
7
+ }
8
+ export declare abstract class BaseOAuth2Provider<T extends OAuth2AuthConfig = OAuth2AuthConfig> extends BaseProvider<T> {
5
9
  protected abstract readonly authErrorCode: string;
10
+ private _inflight;
6
11
  protected accessToken: string | undefined;
7
12
  protected accessTokenExpiryMs: number | undefined;
8
- protected abstract ensureAccessToken(force?: boolean): Promise<string | undefined>;
9
- protected computeExpiryMs(expiresInSeconds: number, minSeconds?: number): number;
13
+ /** Raw token acquisition (the network call only); returns undefined on failure. */
14
+ protected abstract fetchToken(): Promise<FetchedToken | undefined>;
15
+ private _isFresh;
16
+ private _acquireToken;
10
17
  protected getIdentityBase(): string;
11
- protected storageKey(userKey: string): string;
12
18
  protected throwNoTokenError(): void;
19
+ protected ensureAccessToken(force?: boolean): Promise<string | undefined>;
13
20
  getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
14
21
  refresh(): Promise<void>;
15
22
  }
16
- export {};
17
23
  //# sourceMappingURL=base-oauth2-provider.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"base-oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG7E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,KAAK,WAAW,GAAG,gBAAgB,GAAG,oBAAoB,CAAC;AAE3D,8BAAsB,kBAAkB,CACvC,CAAC,SAAS,WAAW,GAAG,WAAW,CAClC,SAAQ,YAAY,CAAC,CAAC,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAElD,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAE1C,SAAS,CAAC,mBAAmB,EAAE,MAAM,GAAG,SAAS,CAAC;IAElD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAElF,SAAS,CAAC,eAAe,CAAC,gBAAgB,EAAE,MAAM,EAAE,UAAU,GAAE,MAAU,GAAG,MAAM;IAInF,SAAS,CAAC,eAAe,IAAI,MAAM;IAenC,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAO7C,SAAS,CAAC,iBAAiB,IAAI,IAAI;IAItB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAQ7E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAKrC"}
1
+ {"version":3,"file":"base-oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,kFAAkF;AAClF,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;CACzB;AAED,8BAAsB,kBAAkB,CACvC,CAAC,SAAS,gBAAgB,GAAG,gBAAgB,CAC5C,SAAQ,YAAY,CAAC,CAAC,CAAC;IACxB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAKlD,OAAO,CAAC,SAAS,CAA0C;IAE3D,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAE1C,SAAS,CAAC,mBAAmB,EAAE,MAAM,GAAG,SAAS,CAAC;IAElD,mFAAmF;IACnF,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAElE,OAAO,CAAC,QAAQ;YAMF,aAAa;IAY3B,SAAS,CAAC,eAAe,IAAI,MAAM;IAInC,SAAS,CAAC,iBAAiB,IAAI,IAAI;cAInB,iBAAiB,CAAC,KAAK,UAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAahE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAQ7E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAKrC"}
@@ -4,34 +4,44 @@ exports.BaseOAuth2Provider = void 0;
4
4
  const auth_1 = require("../auth");
5
5
  const base_provider_1 = require("./base-provider");
6
6
  class BaseOAuth2Provider extends base_provider_1.BaseProvider {
7
+ // Single-flight: K concurrent callers that find the token expired (e.g. a burst of requests all
8
+ // 401ing at once) trigger ONE token fetch, not K — avoids a thundering herd against Creatio
9
+ // Identity on expiry. Mirrors the per-user dedup the broker provider already does.
10
+ _inflight;
7
11
  accessToken;
8
12
  accessTokenExpiryMs;
9
- computeExpiryMs(expiresInSeconds, minSeconds = 1) {
10
- return Date.now() + Math.max(minSeconds, expiresInSeconds - auth_1.EXPIRES_MARGIN_SECONDS) * 1000;
13
+ _isFresh() {
14
+ return Boolean(this.accessToken && this.accessTokenExpiryMs && Date.now() < this.accessTokenExpiryMs);
11
15
  }
12
- getIdentityBase() {
13
- if (this.authConfig.idBaseUrl) {
14
- let base = String(this.authConfig.idBaseUrl).replace(/\/$/, '');
15
- if (!/\/0$/.test(base)) {
16
- base = base + '/0';
17
- }
18
- return base;
19
- }
20
- let base = this.config.baseUrl.replace(/\/$/, '');
21
- if (!/\/0$/.test(base)) {
22
- base = base + '/0';
16
+ async _acquireToken() {
17
+ const fetched = await this.fetchToken();
18
+ if (!fetched) {
19
+ this.accessToken = undefined;
20
+ this.accessTokenExpiryMs = undefined;
21
+ return undefined;
23
22
  }
24
- return base;
23
+ this.accessToken = fetched.accessToken;
24
+ this.accessTokenExpiryMs = (0, auth_1.computeTokenExpiryMs)(fetched.expiresInSeconds);
25
+ return this.accessToken;
25
26
  }
26
- storageKey(userKey) {
27
- const base = this.getIdentityBase();
28
- const kind = this.config?.auth?.kind ?? 'unknown';
29
- const clientId = this.config?.auth?.clientId ?? 'noclient';
30
- return `${kind}|${base}|${clientId}|${userKey}`;
27
+ getIdentityBase() {
28
+ return (0, auth_1.resolveIdentityBase)(this.config.baseUrl, this.authConfig.idBaseUrl);
31
29
  }
32
30
  throwNoTokenError() {
33
31
  throw new Error(this.authErrorCode);
34
32
  }
33
+ async ensureAccessToken(force = false) {
34
+ if (!force && this._isFresh()) {
35
+ return this.accessToken;
36
+ }
37
+ if (this._inflight) {
38
+ return this._inflight;
39
+ }
40
+ this._inflight = this._acquireToken().finally(() => {
41
+ this._inflight = undefined;
42
+ });
43
+ return this._inflight;
44
+ }
35
45
  async getHeaders(accept, isJson) {
36
46
  const token = await this.ensureAccessToken(false);
37
47
  if (!token) {
@@ -1 +1 @@
1
- {"version":3,"file":"base-oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":";;;AACA,kCAA+D;AAE/D,mDAA+C;AAI/C,MAAsB,kBAEpB,SAAQ,4BAAe;IAGd,WAAW,CAAqB;IAEhC,mBAAmB,CAAqB;IAIxC,eAAe,CAAC,gBAAwB,EAAE,aAAqB,CAAC;QACzE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,GAAG,6BAAsB,CAAC,GAAG,IAAI,CAAC;IAC5F,CAAC;IAES,eAAe;QACxB,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;YACpB,CAAC;YACD,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAES,UAAU,CAAC,OAAe;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACpC,MAAM,IAAI,GAAI,IAAI,CAAC,MAAc,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,CAAC;QAC3D,MAAM,QAAQ,GAAI,IAAI,CAAC,MAAc,EAAE,IAAI,EAAE,QAAQ,IAAI,UAAU,CAAC;QACpE,OAAO,GAAG,IAAI,IAAI,IAAI,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;IACjD,CAAC;IAES,iBAAiB;QAC1B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACrC,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACrC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;CACD;AAtDD,gDAsDC"}
1
+ {"version":3,"file":"base-oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-oauth2-provider.ts"],"names":[],"mappings":";;;AACA,kCAAkF;AAElF,mDAA+C;AAQ/C,MAAsB,kBAEpB,SAAQ,4BAAe;IAGxB,gGAAgG;IAChG,4FAA4F;IAC5F,mFAAmF;IAC3E,SAAS,CAA0C;IAEjD,WAAW,CAAqB;IAEhC,mBAAmB,CAAqB;IAK1C,QAAQ;QACf,OAAO,OAAO,CACb,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,mBAAmB,CACrF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;YAC7B,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;YACrC,OAAO,SAAS,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,mBAAmB,GAAG,IAAA,2BAAoB,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,WAAW,CAAC;IACzB,CAAC;IAES,eAAe;QACxB,OAAO,IAAA,0BAAmB,EAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC5E,CAAC;IAES,iBAAiB;QAC1B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACrC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,KAAK,GAAG,KAAK;QAC9C,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,SAAS,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAClD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACrC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;CACD;AArED,gDAqEC"}
@@ -13,7 +13,7 @@ class BaseProvider {
13
13
  this.config = config;
14
14
  }
15
15
  cancelAllRefresh() {
16
- // No background refresh timers by default; OAuth2CodeProvider overrides this.
16
+ // No background refresh timers in any current provider; the hook stays for shutdown symmetry.
17
17
  }
18
18
  }
19
19
  exports.BaseProvider = BaseProvider;
@@ -1 +1 @@
1
- {"version":3,"file":"base-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-provider.ts"],"names":[],"mappings":";;;AAKA,MAAsB,YAAY;IAGd,MAAM,CAAsB;IAE/C,IAAc,UAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAS,CAAC;IAC9B,CAAC;IAED,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,YAAY,MAA2B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IASM,gBAAgB;QACtB,8EAA8E;IAC/E,CAAC;CACD;AA3BD,oCA2BC"}
1
+ {"version":3,"file":"base-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/base-provider.ts"],"names":[],"mappings":";;;AAKA,MAAsB,YAAY;IAGd,MAAM,CAAsB;IAE/C,IAAc,UAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAS,CAAC;IAC9B,CAAC;IAED,IAAW,IAAI;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,YAAY,MAA2B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IASM,gBAAgB;QACtB,8FAA8F;IAC/F,CAAC;CACD;AA3BD,oCA2BC"}
@@ -0,0 +1,20 @@
1
+ import { BrokerAuthConfig, CreatioClientConfig } from '../../client-config';
2
+ import { BaseProvider } from './base-provider';
3
+ /**
4
+ * Runtime auth provider for `broker` mode. The broker handler has already brokered the user's
5
+ * Creatio login and stored their tokens per `userKey`; this provider only SERVES them: it reads the
6
+ * current request's user tokens, refreshes on demand when expired, and attaches the Bearer. Token
7
+ * acquisition lives in the broker handler — this side never drives the interactive flow (SRP).
8
+ */
9
+ export declare class BrokerProvider extends BaseProvider<BrokerAuthConfig> {
10
+ private readonly _session;
11
+ private readonly _creatio;
12
+ private readonly _inflightRefresh;
13
+ constructor(config: CreatioClientConfig);
14
+ private _ensureAccessToken;
15
+ private _refreshDeduped;
16
+ getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
17
+ /** Forces a refresh for the current user (called by the HTTP client on a 401, then it retries). */
18
+ refresh(): Promise<void>;
19
+ }
20
+ //# sourceMappingURL=broker-provider.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"broker-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/broker-provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C;;;;;GAKG;AACH,qBAAa,cAAe,SAAQ,YAAY,CAAC,gBAAgB,CAAC;IACjE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;IACpD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAqB;IAG9C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA0C;gBAE/D,MAAM,EAAE,mBAAmB;YAKzB,kBAAkB;IAehC,OAAO,CAAC,eAAe;IAcV,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAQ1F,mGAAmG;IACtF,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAUrC"}
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.BrokerProvider = void 0;
4
+ const sessions_1 = require("../../../sessions");
5
+ const utils_1 = require("../../../utils");
6
+ const auth_1 = require("../auth");
7
+ const base_provider_1 = require("./base-provider");
8
+ const creatio_oauth_client_1 = require("./creatio-oauth-client");
9
+ /**
10
+ * Runtime auth provider for `broker` mode. The broker handler has already brokered the user's
11
+ * Creatio login and stored their tokens per `userKey`; this provider only SERVES them: it reads the
12
+ * current request's user tokens, refreshes on demand when expired, and attaches the Bearer. Token
13
+ * acquisition lives in the broker handler — this side never drives the interactive flow (SRP).
14
+ */
15
+ class BrokerProvider extends base_provider_1.BaseProvider {
16
+ _session = sessions_1.SessionContext.instance;
17
+ _creatio;
18
+ // Deduplicates concurrent refreshes per user so K parallel requests trigger one refresh, not K
19
+ // (avoids the thundering herd + rotating-refresh-token races).
20
+ _inflightRefresh = new Map();
21
+ constructor(config) {
22
+ super(config);
23
+ this._creatio = new creatio_oauth_client_1.CreatioOAuthClient(config.baseUrl, this.authConfig);
24
+ }
25
+ async _ensureAccessToken(userKey) {
26
+ const saved = await this._session.getTokensForUser(userKey);
27
+ if (!saved) {
28
+ throw new Error('broker_not_authorized');
29
+ }
30
+ if (Date.now() < saved.accessTokenExpiryMs) {
31
+ return saved.accessToken;
32
+ }
33
+ if (!saved.refreshToken) {
34
+ await this._session.deleteTokensForUser(userKey);
35
+ throw new Error('broker_token_expired');
36
+ }
37
+ return (await this._refreshDeduped(userKey, saved.refreshToken)).accessToken;
38
+ }
39
+ _refreshDeduped(userKey, refreshToken) {
40
+ const existing = this._inflightRefresh.get(userKey);
41
+ if (existing) {
42
+ return existing;
43
+ }
44
+ const promise = (async () => {
45
+ const updated = await this._creatio.refresh(refreshToken);
46
+ await this._session.setTokensForUser(userKey, updated);
47
+ return updated;
48
+ })().finally(() => this._inflightRefresh.delete(userKey));
49
+ this._inflightRefresh.set(userKey, promise);
50
+ return promise;
51
+ }
52
+ async getHeaders(accept, isJson) {
53
+ const userKey = (0, utils_1.getEffectiveUserKey)();
54
+ if (!userKey) {
55
+ throw new Error('broker_no_user');
56
+ }
57
+ return (0, auth_1.buildHeaders)(accept, Boolean(isJson), await this._ensureAccessToken(userKey));
58
+ }
59
+ /** Forces a refresh for the current user (called by the HTTP client on a 401, then it retries). */
60
+ async refresh() {
61
+ const userKey = (0, utils_1.getEffectiveUserKey)();
62
+ if (!userKey) {
63
+ return;
64
+ }
65
+ const saved = await this._session.getTokensForUser(userKey);
66
+ if (saved?.refreshToken) {
67
+ await this._refreshDeduped(userKey, saved.refreshToken);
68
+ }
69
+ }
70
+ }
71
+ exports.BrokerProvider = BrokerProvider;
72
+ //# sourceMappingURL=broker-provider.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"broker-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/broker-provider.ts"],"names":[],"mappings":";;;AAAA,gDAA+D;AAC/D,0CAAqD;AAErD,kCAAuC;AAEvC,mDAA+C;AAC/C,iEAA4D;AAE5D;;;;;GAKG;AACH,MAAa,cAAe,SAAQ,4BAA8B;IAChD,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC;IACnC,QAAQ,CAAqB;IAC9C,+FAA+F;IAC/F,+DAA+D;IAC9C,gBAAgB,GAAG,IAAI,GAAG,EAA+B,CAAC;IAE3E,YAAY,MAA2B;QACtC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,QAAQ,GAAG,IAAI,yCAAkB,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACzE,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC/C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,WAAW,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC;IAC9E,CAAC;IAEO,eAAe,CAAC,OAAe,EAAE,YAAoB;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,QAAQ,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC;QACjB,CAAC;QACD,MAAM,OAAO,GAAG,CAAC,KAAK,IAAI,EAAE;YAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC1D,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACvD,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,OAAO,GAAG,IAAA,2BAAmB,GAAE,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,mGAAmG;IAC5F,KAAK,CAAC,OAAO;QACnB,MAAM,OAAO,GAAG,IAAA,2BAAmB,GAAE,CAAC;QACtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;QACR,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,KAAK,EAAE,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;CACD;AA5DD,wCA4DC"}
@@ -0,0 +1,27 @@
1
+ import { UserTokens } from '../../../sessions';
2
+ import { BrokerAuthConfig } from '../../client-config';
3
+ /**
4
+ * Thin client for the Creatio Identity authorization-code endpoints — the "Creatio leg" of the
5
+ * broker. One place owns every call to Creatio's `/connect/authorize` and `/connect/token` (build
6
+ * the consent URL, exchange a code, refresh), so the broker handler and the runtime provider never
7
+ * duplicate token-endpoint logic (DRY). It is stateless: callers own where tokens are stored.
8
+ */
9
+ export declare class CreatioOAuthClient {
10
+ private readonly _baseUrl;
11
+ private readonly _auth;
12
+ private get _identityBase();
13
+ private get _scope();
14
+ constructor(baseUrl: string, auth: BrokerAuthConfig);
15
+ private _baseBody;
16
+ private _postToken;
17
+ /** Builds the Creatio consent URL for the brokered login (always with S256 PKCE). */
18
+ buildAuthorizeUrl(redirectUri: string, state: string, codeChallenge: string): string;
19
+ /** Exchanges a Creatio authorization code (+ our PKCE verifier) for the user's Creatio tokens. */
20
+ exchangeCode(code: string, redirectUri: string, codeVerifier: string): Promise<UserTokens>;
21
+ /** Refreshes the user's Creatio tokens using a stored refresh token. */
22
+ refresh(refreshToken: string): Promise<UserTokens>;
23
+ /** Revoke a user's Creatio token (RFC 7009) on logout. Best-effort: a failure must not block the
24
+ * local logout (we still purge our own state), so this never throws. */
25
+ revoke(token: string): Promise<void>;
26
+ }
27
+ //# sourceMappingURL=creatio-oauth-client.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"creatio-oauth-client.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/creatio-oauth-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAYvD;;;;;GAKG;AACH,qBAAa,kBAAkB;IAC9B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAmB;IAEzC,OAAO,KAAK,aAAa,GAExB;IAED,OAAO,KAAK,MAAM,GAEjB;gBAEW,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB;IAKnD,OAAO,CAAC,SAAS;YAUH,UAAU;IAmCxB,qFAAqF;IAC9E,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM;IAY3F,kGAAkG;IACrF,YAAY,CACxB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GAClB,OAAO,CAAC,UAAU,CAAC;IAStB,wEAAwE;IAC3D,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAU/D;6EACyE;IAC5D,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgBjD"}
@@ -0,0 +1,122 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.CreatioOAuthClient = void 0;
7
+ const log_1 = __importDefault(require("../../../log"));
8
+ const auth_1 = require("../auth");
9
+ const DEFAULT_TOKEN_LIFETIME_SECONDS = 180;
10
+ /**
11
+ * Thin client for the Creatio Identity authorization-code endpoints — the "Creatio leg" of the
12
+ * broker. One place owns every call to Creatio's `/connect/authorize` and `/connect/token` (build
13
+ * the consent URL, exchange a code, refresh), so the broker handler and the runtime provider never
14
+ * duplicate token-endpoint logic (DRY). It is stateless: callers own where tokens are stored.
15
+ */
16
+ class CreatioOAuthClient {
17
+ _baseUrl;
18
+ _auth;
19
+ get _identityBase() {
20
+ return (0, auth_1.resolveIdentityBase)(this._baseUrl, this._auth.idBaseUrl);
21
+ }
22
+ get _scope() {
23
+ return this._auth.scope || 'offline_access';
24
+ }
25
+ constructor(baseUrl, auth) {
26
+ this._baseUrl = baseUrl;
27
+ this._auth = auth;
28
+ }
29
+ _baseBody() {
30
+ const body = new URLSearchParams();
31
+ body.set('client_id', this._auth.clientId);
32
+ // Confidential clients send a secret; public clients (PKCE) send none.
33
+ if (this._auth.clientSecret) {
34
+ body.set('client_secret', this._auth.clientSecret);
35
+ }
36
+ return body;
37
+ }
38
+ async _postToken(body, op) {
39
+ const url = this._identityBase + auth_1.TOKEN_ENDPOINT;
40
+ const res = await fetch(url, {
41
+ method: 'POST',
42
+ headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
43
+ body: body.toString(),
44
+ });
45
+ const text = await res.text().catch(() => '');
46
+ if (!res.ok || !text) {
47
+ log_1.default.error(`broker.creatio.${op}_failed`, {
48
+ status: res.status,
49
+ body: text.slice(0, 200),
50
+ });
51
+ throw new Error(`creatio_oauth_${op}_error:${res.status}`);
52
+ }
53
+ let json;
54
+ try {
55
+ json = JSON.parse(text);
56
+ }
57
+ catch {
58
+ throw new Error(`creatio_oauth_${op}_parse_failed`);
59
+ }
60
+ if (!json.access_token) {
61
+ throw new Error(`creatio_oauth_${op}_no_access_token`);
62
+ }
63
+ const lifetime = Number(json.expires_in) || DEFAULT_TOKEN_LIFETIME_SECONDS;
64
+ return {
65
+ accessToken: String(json.access_token),
66
+ accessTokenExpiryMs: (0, auth_1.computeTokenExpiryMs)(lifetime),
67
+ ...(json.refresh_token ? { refreshToken: String(json.refresh_token) } : {}),
68
+ };
69
+ }
70
+ /** Builds the Creatio consent URL for the brokered login (always with S256 PKCE). */
71
+ buildAuthorizeUrl(redirectUri, state, codeChallenge) {
72
+ const url = new URL(this._identityBase + auth_1.AUTHORIZE_ENDPOINT);
73
+ url.searchParams.set('client_id', this._auth.clientId);
74
+ url.searchParams.set('redirect_uri', redirectUri);
75
+ url.searchParams.set('response_type', 'code');
76
+ url.searchParams.set('state', state);
77
+ url.searchParams.set('code_challenge', codeChallenge);
78
+ url.searchParams.set('code_challenge_method', auth_1.PKCE_S256);
79
+ url.searchParams.set('scope', this._scope);
80
+ return url.toString();
81
+ }
82
+ /** Exchanges a Creatio authorization code (+ our PKCE verifier) for the user's Creatio tokens. */
83
+ async exchangeCode(code, redirectUri, codeVerifier) {
84
+ const body = this._baseBody();
85
+ body.set('grant_type', 'authorization_code');
86
+ body.set('code', code);
87
+ body.set('redirect_uri', redirectUri);
88
+ body.set('code_verifier', codeVerifier);
89
+ return this._postToken(body, 'exchange');
90
+ }
91
+ /** Refreshes the user's Creatio tokens using a stored refresh token. */
92
+ async refresh(refreshToken) {
93
+ const body = this._baseBody();
94
+ body.set('grant_type', 'refresh_token');
95
+ body.set('refresh_token', refreshToken);
96
+ body.set('scope', this._scope);
97
+ const tokens = await this._postToken(body, 'refresh');
98
+ // Rotating refresh tokens: keep the previous one if Creatio did not return a new one.
99
+ return tokens.refreshToken ? tokens : { ...tokens, refreshToken };
100
+ }
101
+ /** Revoke a user's Creatio token (RFC 7009) on logout. Best-effort: a failure must not block the
102
+ * local logout (we still purge our own state), so this never throws. */
103
+ async revoke(token) {
104
+ const body = this._baseBody();
105
+ body.set('token', token);
106
+ try {
107
+ const res = await fetch(this._identityBase + auth_1.REVOCATION_ENDPOINT, {
108
+ method: 'POST',
109
+ headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
110
+ body: body.toString(),
111
+ });
112
+ if (!res.ok) {
113
+ log_1.default.warn('broker.creatio.revoke_failed', { status: res.status });
114
+ }
115
+ }
116
+ catch (err) {
117
+ log_1.default.warn('broker.creatio.revoke_error', { error: String(err) });
118
+ }
119
+ }
120
+ }
121
+ exports.CreatioOAuthClient = CreatioOAuthClient;
122
+ //# sourceMappingURL=creatio-oauth-client.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"creatio-oauth-client.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/creatio-oauth-client.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAG/B,kCAOiB;AAEjB,MAAM,8BAA8B,GAAG,GAAG,CAAC;AAE3C;;;;;GAKG;AACH,MAAa,kBAAkB;IACb,QAAQ,CAAS;IACjB,KAAK,CAAmB;IAEzC,IAAY,aAAa;QACxB,OAAO,IAAA,0BAAmB,EAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IAED,IAAY,MAAM;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,gBAAgB,CAAC;IAC7C,CAAC;IAED,YAAY,OAAe,EAAE,IAAsB;QAClD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACnB,CAAC;IAEO,SAAS;QAChB,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC3C,uEAAuE;QACvE,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEO,KAAK,CAAC,UAAU,CACvB,IAAqB,EACrB,EAA0B;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,GAAG,qBAAc,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;YACtB,aAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,SAAS,EAAE;gBACxC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACxB,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,IAA4E,CAAC;QACjF,IAAI,CAAC;YACJ,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,8BAA8B,CAAC;QAC3E,OAAO;YACN,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;YACtC,mBAAmB,EAAE,IAAA,2BAAoB,EAAC,QAAQ,CAAC;YACnD,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3E,CAAC;IACH,CAAC;IAED,qFAAqF;IAC9E,iBAAiB,CAAC,WAAmB,EAAE,KAAa,EAAE,aAAqB;QACjF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,yBAAkB,CAAC,CAAC;QAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,gBAAS,CAAC,CAAC;QACzD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC;IAED,kGAAkG;IAC3F,KAAK,CAAC,YAAY,CACxB,IAAY,EACZ,WAAmB,EACnB,YAAoB;QAEpB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,wEAAwE;IACjE,KAAK,CAAC,OAAO,CAAC,YAAoB;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACtD,sFAAsF;QACtF,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,CAAC;IACnE,CAAC;IAED;6EACyE;IAClE,KAAK,CAAC,MAAM,CAAC,KAAa;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACzB,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,0BAAmB,EAAE;gBACjE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;aACrB,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACb,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjE,CAAC;IACF,CAAC;CACD;AAtHD,gDAsHC"}
@@ -1,5 +1,7 @@
1
1
  export * from './legacy-provider';
2
2
  export * from './oauth2-provider';
3
- export * from './oauth2-code-provider';
3
+ export * from './oauth2-bearer-provider';
4
+ export * from './broker-provider';
5
+ export * from './creatio-oauth-client';
4
6
  export * from './type';
5
7
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,QAAQ,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,QAAQ,CAAC"}
@@ -16,6 +16,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./legacy-provider"), exports);
18
18
  __exportStar(require("./oauth2-provider"), exports);
19
- __exportStar(require("./oauth2-code-provider"), exports);
19
+ __exportStar(require("./oauth2-bearer-provider"), exports);
20
+ __exportStar(require("./broker-provider"), exports);
21
+ __exportStar(require("./creatio-oauth-client"), exports);
20
22
  __exportStar(require("./type"), exports);
21
23
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,yDAAuC;AACvC,yCAAuB"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,2DAAyC;AACzC,oDAAkC;AAClC,yDAAuC;AACvC,yCAAuB"}
@@ -0,0 +1,17 @@
1
+ import { BearerAuthConfig } from '../../client-config';
2
+ import { BaseProvider } from './base-provider';
3
+ /**
4
+ * Stateless per-request Bearer passthrough provider.
5
+ *
6
+ * The MCP issues and stores no tokens: every request already carries a Creatio access token
7
+ * (obtained by the client from Creatio Identity in `delegated` mode, or injected by a trusted
8
+ * Control-Plane in `gateway` mode). This provider simply attaches that token — read from the
9
+ * per-request {@link getBearerToken} context — to outgoing Creatio calls. Token acquisition and
10
+ * refresh are the client's / gateway's responsibility, which is why there is nothing to refresh
11
+ * here and no server-side token store.
12
+ */
13
+ export declare class OAuth2BearerProvider extends BaseProvider<BearerAuthConfig> {
14
+ getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
15
+ refresh(): Promise<void>;
16
+ }
17
+ //# sourceMappingURL=oauth2-bearer-provider.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth2-bearer-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-bearer-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C;;;;;;;;;GASG;AACH,qBAAa,oBAAqB,SAAQ,YAAY,CAAC,gBAAgB,CAAC;IAC1D,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAU7E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAIrC"}
@@ -0,0 +1,33 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OAuth2BearerProvider = void 0;
4
+ const utils_1 = require("../../../utils");
5
+ const auth_1 = require("../auth");
6
+ const base_provider_1 = require("./base-provider");
7
+ /**
8
+ * Stateless per-request Bearer passthrough provider.
9
+ *
10
+ * The MCP issues and stores no tokens: every request already carries a Creatio access token
11
+ * (obtained by the client from Creatio Identity in `delegated` mode, or injected by a trusted
12
+ * Control-Plane in `gateway` mode). This provider simply attaches that token — read from the
13
+ * per-request {@link getBearerToken} context — to outgoing Creatio calls. Token acquisition and
14
+ * refresh are the client's / gateway's responsibility, which is why there is nothing to refresh
15
+ * here and no server-side token store.
16
+ */
17
+ class OAuth2BearerProvider extends base_provider_1.BaseProvider {
18
+ async getHeaders(accept, isJson) {
19
+ const token = (0, utils_1.getBearerToken)();
20
+ if (!token) {
21
+ // No token in context ⇒ unauthenticated request. The HTTP edge turns this into a 401
22
+ // (delegated: with a WWW-Authenticate challenge; gateway: a plain rejection).
23
+ throw new Error('bearer_token_required');
24
+ }
25
+ return (0, auth_1.buildHeaders)(accept, Boolean(isJson), token);
26
+ }
27
+ async refresh() {
28
+ // Nothing to refresh: the client (delegated) or gateway owns the token lifecycle. A stale
29
+ // token surfaces as a 401 from Creatio, which the caller resolves by presenting a fresh one.
30
+ }
31
+ }
32
+ exports.OAuth2BearerProvider = OAuth2BearerProvider;
33
+ //# sourceMappingURL=oauth2-bearer-provider.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth2-bearer-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-bearer-provider.ts"],"names":[],"mappings":";;;AAAA,0CAAgD;AAEhD,kCAAuC;AAEvC,mDAA+C;AAE/C;;;;;;;;;GASG;AACH,MAAa,oBAAqB,SAAQ,4BAA8B;IAChE,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,MAAgB;QACvD,MAAM,KAAK,GAAG,IAAA,sBAAc,GAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,qFAAqF;YACrF,8EAA8E;YAC9E,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,IAAA,mBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,0FAA0F;QAC1F,6FAA6F;IAC9F,CAAC;CACD;AAfD,oDAeC"}
@@ -1,9 +1,9 @@
1
1
  import { CreatioClientConfig, OAuth2AuthConfig } from '../../client-config';
2
- import { BaseOAuth2Provider } from './base-oauth2-provider';
2
+ import { BaseOAuth2Provider, FetchedToken } from './base-oauth2-provider';
3
3
  export declare class OAuth2Provider extends BaseOAuth2Provider<OAuth2AuthConfig> {
4
4
  private readonly _config;
5
5
  protected readonly authErrorCode = "oauth2_auth_failed";
6
6
  constructor(config: CreatioClientConfig);
7
- protected ensureAccessToken(): Promise<string | undefined>;
7
+ protected fetchToken(): Promise<FetchedToken | undefined>;
8
8
  }
9
9
  //# sourceMappingURL=oauth2-provider.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,qBAAa,cAAe,SAAQ,kBAAkB,CAAC,gBAAgB,CAAC;IACvE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAE9C,SAAS,CAAC,QAAQ,CAAC,aAAa,wBAAwB;gBAE5C,MAAM,EAAE,mBAAmB;cAKvB,iBAAiB,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;CA0EhE"}
1
+ {"version":3,"file":"oauth2-provider.d.ts","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5E,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE1E,qBAAa,cAAe,SAAQ,kBAAkB,CAAC,gBAAgB,CAAC;IACvE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAE9C,SAAS,CAAC,QAAQ,CAAC,aAAa,wBAAwB;gBAE5C,MAAM,EAAE,mBAAmB;cAKvB,UAAU,IAAI,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;CAqE/D"}
@@ -14,11 +14,7 @@ class OAuth2Provider extends base_oauth2_provider_1.BaseOAuth2Provider {
14
14
  super(config);
15
15
  this._config = config;
16
16
  }
17
- async ensureAccessToken() {
18
- const now = Date.now();
19
- if (this.accessToken && this.accessTokenExpiryMs && now < this.accessTokenExpiryMs) {
20
- return this.accessToken;
21
- }
17
+ async fetchToken() {
22
18
  const url = `${this.getIdentityBase()}${auth_1.TOKEN_ENDPOINT}`;
23
19
  const body = new URLSearchParams();
24
20
  body.set('grant_type', 'client_credentials');
@@ -69,11 +65,10 @@ class OAuth2Provider extends base_oauth2_provider_1.BaseOAuth2Provider {
69
65
  log_1.default.creatioAuthFailed(this._config.baseUrl, 'no_access_token_in_response', 'oauth2');
70
66
  throw new Error('oauth2_no_access_token');
71
67
  }
72
- this.accessToken = String(tokenResponse.access_token);
73
- const expiresIn = Number(tokenResponse.expires_in) || 3600;
74
- this.accessTokenExpiryMs = this.computeExpiryMs(expiresIn, 1);
68
+ const accessToken = String(tokenResponse.access_token);
69
+ const expiresInSeconds = Number(tokenResponse.expires_in) || 3600;
75
70
  log_1.default.creatioAuthOk(this._config.baseUrl, 'oauth2');
76
- return this.accessToken;
71
+ return { accessToken, expiresInSeconds };
77
72
  }
78
73
  catch (e) {
79
74
  log_1.default.error('oauth.token.exception', { error: String(e?.message ?? e) });
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAE/B,kCAAiE;AAEjE,iEAA4D;AAE5D,MAAa,cAAe,SAAQ,yCAAoC;IACtD,OAAO,CAAsB;IAE3B,aAAa,GAAG,oBAAoB,CAAC;IAExD,YAAY,MAA2B;QACtC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAES,KAAK,CAAC,iBAAiB;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,mBAAmB,IAAI,GAAG,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACpF,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,EAAE,GAAG,qBAAc,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACJ,aAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;aACrB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC3D,MAAM,WAAW,GAAI,QAAQ,CAAC,OAAe,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC3E,MAAM,WAAW,GAChB,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,6BAAsB;gBAC3D,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,6BAAsB,CAAC,GAAG,mBAAmB;gBACrE,CAAC,CAAC,YAAY,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,aAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE;oBAC9B,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,eAAe,QAAQ,CAAC,MAAM,EAAE,EAChC,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,aAAG,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;gBACnF,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;gBAC7E,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,aAAa,GAAQ,IAAI,CAAC;YAC9B,IAAI,CAAC;gBACJ,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE;oBACrC,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;gBACnD,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,6BAA6B,EAC7B,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YAC3D,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YAC9D,aAAG,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACjB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YACvE,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC/E,OAAO,SAAS,CAAC;QAClB,CAAC;IACF,CAAC;CACD;AApFD,wCAoFC"}
1
+ {"version":3,"file":"oauth2-provider.js","sourceRoot":"","sources":["../../../../src/creatio/auth/providers/oauth2-provider.ts"],"names":[],"mappings":";;;;;;AAAA,uDAA+B;AAE/B,kCAAiE;AAEjE,iEAA0E;AAE1E,MAAa,cAAe,SAAQ,yCAAoC;IACtD,OAAO,CAAsB;IAE3B,aAAa,GAAG,oBAAoB,CAAC;IAExD,YAAY,MAA2B;QACtC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAES,KAAK,CAAC,UAAU;QACzB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,EAAE,GAAG,qBAAc,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACJ,aAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;aACrB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC3D,MAAM,WAAW,GAAI,QAAQ,CAAC,OAAe,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC3E,MAAM,WAAW,GAChB,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,6BAAsB;gBAC3D,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,6BAAsB,CAAC,GAAG,mBAAmB;gBACrE,CAAC,CAAC,YAAY,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,aAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE;oBAC9B,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,eAAe,QAAQ,CAAC,MAAM,EAAE,EAChC,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,aAAG,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;gBACnF,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;gBAC7E,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,aAAa,GAAQ,IAAI,CAAC;YAC9B,IAAI,CAAC;gBACJ,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE;oBACrC,GAAG;oBACH,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,WAAW;oBACX,WAAW;iBACX,CAAC,CAAC;gBACH,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;gBACnD,aAAG,CAAC,iBAAiB,CACpB,IAAI,CAAC,OAAO,CAAC,OAAO,EACpB,6BAA6B,EAC7B,QAAQ,CACR,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC3C,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACvD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YAClE,aAAG,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;QAC1C,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACjB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YACvE,aAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC/E,OAAO,SAAS,CAAC;QAClB,CAAC;IACF,CAAC;CACD;AA/ED,wCA+EC"}
@@ -1,6 +1,25 @@
1
1
  export declare enum AuthProviderType {
2
2
  Legacy = "legacy",
3
3
  OAuth2 = "oauth2",
4
- OAuth2Code = "oauth2_code"
4
+ /**
5
+ * Stateless per-request Bearer passthrough: the incoming request carries a Creatio access token
6
+ * (obtained by the client directly from Creatio Identity in `delegated` mode, or injected by a
7
+ * fronting Control-Plane in `gateway` mode). The MCP issues no tokens and stores none.
8
+ */
9
+ OAuth2Bearer = "oauth2_bearer",
10
+ /**
11
+ * Broker: the MCP is its own OAuth 2.1 authorization server for clients (DCR + /authorize +
12
+ * /token), brokering the user login to Creatio via authorization_code + PKCE and holding the
13
+ * user's Creatio tokens server-side. The "connect → authorize → work as me" UX for standalone
14
+ * direct clients (Claude Desktop / ChatGPT) where Creatio offers no dynamic client registration.
15
+ */
16
+ Broker = "broker"
17
+ }
18
+ /** Where the per-request Bearer comes from / how strictly the MCP treats it. */
19
+ export declare enum BearerAuthMode {
20
+ /** Client authenticates directly against Creatio Identity; MCP advertises it (RFC 9728) + validates. */
21
+ Delegated = "delegated",
22
+ /** A trusted fronting gateway (Creatio.ai Control-Plane) injects the Bearer; MCP trusts it. */
23
+ Gateway = "gateway"
5
24
  }
6
25
  //# sourceMappingURL=type.d.ts.map