mcp-use 1.6.3-canary.0 → 1.7.0-canary.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.tsbuildinfo +1 -1
- package/dist/chunk-JQKKMUCT.js +0 -0
- package/dist/chunk-PE7UMCVO.js +377 -0
- package/dist/{chunk-BWOTID2D.js → chunk-QSLJXXMG.js} +3 -346
- package/dist/chunk-R5DJJ4IV.js +942 -0
- package/dist/{chunk-SJEHVCPM.js → chunk-XN2PU4PS.js} +100 -23
- package/dist/index.cjs +132 -29
- package/dist/index.js +8 -5
- package/dist/oauth-CNGBFOZW.js +29 -0
- package/dist/src/agents/index.js +1 -1
- package/dist/src/auth/browser-provider.d.ts +2 -0
- package/dist/src/auth/browser-provider.d.ts.map +1 -1
- package/dist/src/auth/callback.d.ts.map +1 -1
- package/dist/src/auth/index.cjs +396 -0
- package/dist/src/auth/index.js +10 -0
- package/dist/src/auth/types.d.ts +3 -1
- package/dist/src/auth/types.d.ts.map +1 -1
- package/dist/src/browser.cjs +36 -8
- package/dist/src/browser.js +6 -4
- package/dist/src/connectors/http.d.ts.map +1 -1
- package/dist/src/react/index.cjs +132 -29
- package/dist/src/react/index.js +3 -2
- package/dist/src/react/types.d.ts +12 -1
- package/dist/src/react/types.d.ts.map +1 -1
- package/dist/src/react/useMcp.d.ts.map +1 -1
- package/dist/src/server/context-storage.d.ts +54 -0
- package/dist/src/server/context-storage.d.ts.map +1 -0
- package/dist/src/server/index.cjs +1409 -410
- package/dist/src/server/index.d.ts +4 -1
- package/dist/src/server/index.d.ts.map +1 -1
- package/dist/src/server/index.js +420 -412
- package/dist/src/server/mcp-server.d.ts +50 -81
- package/dist/src/server/mcp-server.d.ts.map +1 -1
- package/dist/src/server/oauth/index.d.ts +13 -0
- package/dist/src/server/oauth/index.d.ts.map +1 -0
- package/dist/src/server/oauth/middleware.d.ts +19 -0
- package/dist/src/server/oauth/middleware.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/auth0.d.ts +22 -0
- package/dist/src/server/oauth/providers/auth0.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/custom.d.ts +19 -0
- package/dist/src/server/oauth/providers/custom.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/keycloak.d.ts +22 -0
- package/dist/src/server/oauth/providers/keycloak.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/supabase.d.ts +24 -0
- package/dist/src/server/oauth/providers/supabase.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/types.d.ts +138 -0
- package/dist/src/server/oauth/providers/types.d.ts.map +1 -0
- package/dist/src/server/oauth/providers/workos.d.ts +30 -0
- package/dist/src/server/oauth/providers/workos.d.ts.map +1 -0
- package/dist/src/server/oauth/providers.d.ts +208 -0
- package/dist/src/server/oauth/providers.d.ts.map +1 -0
- package/dist/src/server/oauth/routes.d.ts +33 -0
- package/dist/src/server/oauth/routes.d.ts.map +1 -0
- package/dist/src/server/oauth/utils.d.ts +155 -0
- package/dist/src/server/oauth/utils.d.ts.map +1 -0
- package/dist/src/server/types/common.d.ts +47 -0
- package/dist/src/server/types/common.d.ts.map +1 -1
- package/dist/src/server/types/context.d.ts +34 -0
- package/dist/src/server/types/context.d.ts.map +1 -0
- package/dist/src/server/types/index.d.ts +2 -1
- package/dist/src/server/types/index.d.ts.map +1 -1
- package/dist/src/server/types/tool.d.ts +82 -9
- package/dist/src/server/types/tool.d.ts.map +1 -1
- package/dist/src/server/utils/index.d.ts +6 -0
- package/dist/src/server/utils/index.d.ts.map +1 -0
- package/dist/src/server/utils/response-helpers.d.ts +151 -0
- package/dist/src/server/utils/response-helpers.d.ts.map +1 -0
- package/dist/src/server/utils/runtime.d.ts +25 -0
- package/dist/src/server/utils/runtime.d.ts.map +1 -0
- package/dist/src/task_managers/streamable_http.d.ts +1 -0
- package/dist/src/task_managers/streamable_http.d.ts.map +1 -1
- package/dist/tsup.config.d.ts.map +1 -1
- package/package.json +14 -5
- /package/dist/{chunk-MCF5P6GJ.js → chunk-GVVPUU5K.js} +0 -0
|
@@ -76,8 +76,8 @@ export interface ToolContext {
|
|
|
76
76
|
}
|
|
77
77
|
import type { RequestOptions } from "@modelcontextprotocol/sdk/shared/protocol.js";
|
|
78
78
|
import { type Hono as HonoType } from "hono";
|
|
79
|
-
import type { PromptDefinition, ResourceDefinition, ResourceTemplateDefinition, ServerConfig, ToolDefinition, UIResourceDefinition } from "./types/index.js";
|
|
80
|
-
export declare class McpServer {
|
|
79
|
+
import type { PromptDefinition, ResourceDefinition, ResourceTemplateDefinition, ServerConfig, ToolDefinition, ToolCallback, UIResourceDefinition, InferToolInput, InferToolOutput } from "./types/index.js";
|
|
80
|
+
export declare class McpServer<HasOAuth extends boolean = false> {
|
|
81
81
|
private server;
|
|
82
82
|
private config;
|
|
83
83
|
private app;
|
|
@@ -92,6 +92,10 @@ export declare class McpServer {
|
|
|
92
92
|
private buildId?;
|
|
93
93
|
private sessions;
|
|
94
94
|
private idleCleanupInterval?;
|
|
95
|
+
private oauthProvider?;
|
|
96
|
+
private oauthMiddleware?;
|
|
97
|
+
private oauthConfig?;
|
|
98
|
+
private oauthSetupComplete;
|
|
95
99
|
/**
|
|
96
100
|
* Creates a new MCP server instance with Hono integration
|
|
97
101
|
*
|
|
@@ -114,6 +118,15 @@ export declare class McpServer {
|
|
|
114
118
|
* @returns Array of URLs to add to CSP resource_domains
|
|
115
119
|
*/
|
|
116
120
|
private getCSPUrls;
|
|
121
|
+
/**
|
|
122
|
+
* Setup OAuth authentication
|
|
123
|
+
*
|
|
124
|
+
* Initializes OAuth provider, creates bearer auth middleware,
|
|
125
|
+
* sets up OAuth routes, and applies auth to /mcp endpoints.
|
|
126
|
+
*
|
|
127
|
+
* @private
|
|
128
|
+
*/
|
|
129
|
+
private setupOAuth;
|
|
117
130
|
/**
|
|
118
131
|
* Define a static resource that can be accessed by clients
|
|
119
132
|
*
|
|
@@ -198,34 +211,47 @@ export declare class McpServer {
|
|
|
198
211
|
*
|
|
199
212
|
* @param toolDefinition - Configuration object containing tool metadata and handler function
|
|
200
213
|
* @param toolDefinition.name - Unique identifier for the tool
|
|
201
|
-
* @param toolDefinition.description -
|
|
202
|
-
* @param toolDefinition.inputs - Array of input parameter definitions
|
|
214
|
+
* @param toolDefinition.description - Optional human-readable description of what the tool does
|
|
215
|
+
* @param toolDefinition.inputs - Array of input parameter definitions (legacy, use schema instead)
|
|
216
|
+
* @param toolDefinition.schema - Zod object schema for input validation (preferred)
|
|
217
|
+
* @param toolDefinition.outputSchema - Zod object schema for structured output validation
|
|
203
218
|
* @param toolDefinition.cb - Async callback function that executes the tool logic with provided parameters
|
|
204
219
|
* @param toolDefinition._meta - Optional metadata for the tool (e.g. Apps SDK metadata)
|
|
220
|
+
* @param callback - Optional separate callback function (alternative to cb property)
|
|
205
221
|
* @returns The server instance for method chaining
|
|
206
222
|
*
|
|
207
223
|
* @example
|
|
208
224
|
* ```typescript
|
|
225
|
+
* // Using Zod schema (preferred)
|
|
209
226
|
* server.tool({
|
|
210
227
|
* name: 'calculate',
|
|
211
228
|
* description: 'Performs mathematical calculations',
|
|
212
|
-
*
|
|
213
|
-
*
|
|
214
|
-
*
|
|
215
|
-
*
|
|
229
|
+
* schema: z.object({
|
|
230
|
+
* expression: z.string(),
|
|
231
|
+
* precision: z.number().optional()
|
|
232
|
+
* }),
|
|
216
233
|
* cb: async ({ expression, precision = 2 }) => {
|
|
217
234
|
* const result = eval(expression)
|
|
218
|
-
* return
|
|
219
|
-
* },
|
|
220
|
-
* _meta: {
|
|
221
|
-
* 'openai/outputTemplate': 'ui://widgets/calculator',
|
|
222
|
-
* 'openai/toolInvocation/invoking': 'Calculating...',
|
|
223
|
-
* 'openai/toolInvocation/invoked': 'Calculation complete'
|
|
235
|
+
* return text(`Result: ${result.toFixed(precision)}`)
|
|
224
236
|
* }
|
|
225
237
|
* })
|
|
238
|
+
*
|
|
239
|
+
* // Using legacy inputs array
|
|
240
|
+
* server.tool({
|
|
241
|
+
* name: 'greet',
|
|
242
|
+
* inputs: [{ name: 'name', type: 'string', required: true }],
|
|
243
|
+
* cb: async ({ name }) => text(`Hello, ${name}!`)
|
|
244
|
+
* })
|
|
245
|
+
*
|
|
246
|
+
* // With separate callback for better typing
|
|
247
|
+
* server.tool({
|
|
248
|
+
* name: 'add',
|
|
249
|
+
* schema: z.object({ a: z.number(), b: z.number() })
|
|
250
|
+
* }, async ({ a, b }) => text(`${a + b}`))
|
|
226
251
|
* ```
|
|
227
252
|
*/
|
|
228
|
-
tool(toolDefinition:
|
|
253
|
+
tool<T extends ToolDefinition<any, any, HasOAuth>>(toolDefinition: T, callback: ToolCallback<InferToolInput<T>, InferToolOutput<T>, HasOAuth>): this;
|
|
254
|
+
tool<T extends ToolDefinition<any, any, HasOAuth>>(toolDefinition: T): this;
|
|
229
255
|
/**
|
|
230
256
|
* Define a prompt template
|
|
231
257
|
*
|
|
@@ -389,19 +415,6 @@ export declare class McpServer {
|
|
|
389
415
|
* @returns Widget URI with build ID if available
|
|
390
416
|
*/
|
|
391
417
|
private generateWidgetUri;
|
|
392
|
-
/**
|
|
393
|
-
* Build a complete URL for a widget including query parameters
|
|
394
|
-
*
|
|
395
|
-
* Constructs the full URL to access a widget's iframe, encoding any provided
|
|
396
|
-
* parameters as query string parameters. Complex objects are JSON-stringified
|
|
397
|
-
* for transmission.
|
|
398
|
-
*
|
|
399
|
-
* @private
|
|
400
|
-
* @param widget - Widget name/identifier
|
|
401
|
-
* @param params - Parameters to encode in the URL
|
|
402
|
-
* @returns Complete URL with encoded parameters
|
|
403
|
-
*/
|
|
404
|
-
private buildWidgetUrl;
|
|
405
418
|
/**
|
|
406
419
|
* Convert widget props definition to tool input schema
|
|
407
420
|
*
|
|
@@ -744,22 +757,12 @@ export declare class McpServer {
|
|
|
744
757
|
*/
|
|
745
758
|
private setupWidgetRoutes;
|
|
746
759
|
/**
|
|
747
|
-
*
|
|
748
|
-
*
|
|
749
|
-
* Parses a URI template string to extract parameter names and generates a Zod
|
|
750
|
-
* validation schema for those parameters. Used internally for validating resource
|
|
751
|
-
* template parameters before processing requests.
|
|
752
|
-
*
|
|
753
|
-
* @param uriTemplate - URI template string with parameter placeholders (e.g., "/users/{id}/posts/{postId}")
|
|
754
|
-
* @returns Object mapping parameter names to Zod string schemas
|
|
760
|
+
* Convert a Zod object schema to the internal Record<string, z.ZodSchema> format
|
|
755
761
|
*
|
|
756
|
-
* @
|
|
757
|
-
*
|
|
758
|
-
* const schema = this.createInputSchema("/users/{id}/posts/{postId}")
|
|
759
|
-
* // Returns: { id: z.string(), postId: z.string() }
|
|
760
|
-
* ```
|
|
762
|
+
* @param zodSchema - Zod object schema to convert
|
|
763
|
+
* @returns Object mapping parameter names to Zod validation schemas
|
|
761
764
|
*/
|
|
762
|
-
private
|
|
765
|
+
private convertZodSchemaToParams;
|
|
763
766
|
/**
|
|
764
767
|
* Create input schema for tools
|
|
765
768
|
*
|
|
@@ -780,43 +783,6 @@ export declare class McpServer {
|
|
|
780
783
|
* ```
|
|
781
784
|
*/
|
|
782
785
|
private createParamsSchema;
|
|
783
|
-
/**
|
|
784
|
-
* Create arguments schema for prompts
|
|
785
|
-
*
|
|
786
|
-
* Converts prompt argument definitions into Zod validation schemas for runtime validation.
|
|
787
|
-
* Supports common data types (string, number, boolean, object, array) and optional
|
|
788
|
-
* parameters. Used internally when registering prompt templates with the MCP server.
|
|
789
|
-
*
|
|
790
|
-
* @param inputs - Array of argument definitions with name, type, and optional flag
|
|
791
|
-
* @returns Object mapping argument names to Zod validation schemas
|
|
792
|
-
*
|
|
793
|
-
* @example
|
|
794
|
-
* ```typescript
|
|
795
|
-
* const schema = this.createPromptArgsSchema([
|
|
796
|
-
* { name: 'topic', type: 'string', required: true },
|
|
797
|
-
* { name: 'style', type: 'string', required: false }
|
|
798
|
-
* ])
|
|
799
|
-
* // Returns: { topic: z.string(), style: z.string().optional() }
|
|
800
|
-
* ```
|
|
801
|
-
*/
|
|
802
|
-
private createPromptArgsSchema;
|
|
803
|
-
/**
|
|
804
|
-
* Extract parameter names from URI template
|
|
805
|
-
*
|
|
806
|
-
* Parses a URI template string to extract parameter names enclosed in curly braces.
|
|
807
|
-
* Used internally to identify dynamic parameters in resource templates and generate
|
|
808
|
-
* appropriate validation schemas.
|
|
809
|
-
*
|
|
810
|
-
* @param uriTemplate - URI template string with parameter placeholders (e.g., "/users/{id}/posts/{postId}")
|
|
811
|
-
* @returns Array of parameter names found in the template
|
|
812
|
-
*
|
|
813
|
-
* @example
|
|
814
|
-
* ```typescript
|
|
815
|
-
* const params = this.extractTemplateParams("/users/{id}/posts/{postId}")
|
|
816
|
-
* // Returns: ["id", "postId"]
|
|
817
|
-
* ```
|
|
818
|
-
*/
|
|
819
|
-
private extractTemplateParams;
|
|
820
786
|
/**
|
|
821
787
|
* Parse parameter values from a URI based on a template
|
|
822
788
|
*
|
|
@@ -835,7 +801,7 @@ export declare class McpServer {
|
|
|
835
801
|
*/
|
|
836
802
|
private parseTemplateUri;
|
|
837
803
|
}
|
|
838
|
-
export type McpServerInstance = Omit<McpServer
|
|
804
|
+
export type McpServerInstance<HasOAuth extends boolean = false> = Omit<McpServer<HasOAuth>, keyof HonoType> & HonoType & {
|
|
839
805
|
getHandler: (options?: {
|
|
840
806
|
provider?: "supabase" | "cloudflare" | "deno-deploy";
|
|
841
807
|
}) => Promise<(req: Request) => Promise<Response>>;
|
|
@@ -886,5 +852,8 @@ export type McpServerInstance = Omit<McpServer, keyof HonoType> & HonoType & {
|
|
|
886
852
|
* })
|
|
887
853
|
* ```
|
|
888
854
|
*/
|
|
889
|
-
export declare function createMCPServer(name: string, config
|
|
855
|
+
export declare function createMCPServer(name: string, config: Partial<ServerConfig> & {
|
|
856
|
+
oauth: NonNullable<ServerConfig["oauth"]>;
|
|
857
|
+
}): McpServerInstance<true>;
|
|
858
|
+
export declare function createMCPServer(name: string, config?: Partial<ServerConfig>): McpServerInstance<false>;
|
|
890
859
|
//# sourceMappingURL=mcp-server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../../../src/server/mcp-server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,oBAAoB,EACpB,mBAAmB,EAEpB,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../../../src/server/mcp-server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,oBAAoB,EACpB,mBAAmB,EAEpB,MAAM,oCAAoC,CAAC;AAG5C;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;QACtB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,KAAK,IAAI,CAAC;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,MAAM,EAAE,CACN,MAAM,EAAE,oBAAoB,CAAC,QAAQ,CAAC,EACtC,OAAO,CAAC,EAAE,aAAa,KACpB,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAElC;;;;;;;OAOG;IACH,cAAc,CAAC,EAAE,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,CAAC,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,KACb,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB;AACD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8CAA8C,CAAC;AACnF,OAAO,EAAsB,KAAK,IAAI,IAAI,QAAQ,EAAa,MAAM,MAAM,CAAC;AAa5E,OAAO,KAAK,EAEV,gBAAgB,EAChB,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACZ,cAAc,EACd,YAAY,EAEZ,oBAAoB,EAEpB,cAAc,EACd,eAAe,EAChB,MAAM,kBAAkB,CAAC;AAa1B,qBAAa,SAAS,CAAC,QAAQ,SAAS,OAAO,GAAG,KAAK;IACrD,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,GAAG,CAAW;IACtB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,eAAe,CAAgB;IACvC,OAAO,CAAC,iBAAiB,CAAgB;IACzC,OAAO,CAAC,mBAAmB,CAAgB;IAC3C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,QAAQ,CAOZ;IACJ,OAAO,CAAC,mBAAmB,CAAC,CAAiB;IAC7C,OAAO,CAAC,aAAa,CAAC,CAAM;IAC5B,OAAO,CAAC,eAAe,CAAC,CAAM;IAC9B,OAAO,CAAC,WAAW,CAAC,CAAM;IAC1B,OAAO,CAAC,kBAAkB,CAAS;IAEnC;;;;;;;;;OASG;gBACS,MAAM,EAAE,YAAY;IA6GhC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;;OAIG;IACH,OAAO,CAAC,UAAU;IAiBlB;;;;;;;OAOG;YACW,UAAU;IA0CxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,IAAI;IAkBtD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,gBAAgB,CACd,0BAA0B,EAAE,0BAA0B,GACrD,IAAI;IA+CP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiDG;IAEH,IAAI,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,EAC/C,cAAc,EAAE,CAAC,EACjB,QAAQ,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,GACtE,IAAI;IAGP,IAAI,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,IAAI;IAqM3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACH,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,GAAG,IAAI;IAiBhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACG,aAAa,CACjB,MAAM,EAAE,oBAAoB,CAAC,QAAQ,CAAC,EACtC,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,mBAAmB,CAAC;IAO/B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkEG;IACH,UAAU,CAAC,UAAU,EAAE,oBAAoB,GAAG,IAAI;IAwKlD;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,sBAAsB;IA2C9B;;;;;;;;OAQG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAY5B;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;IAYzB;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;;;;OAKG;YACW,iBAAiB;IAkB/B;;;;;;;;;;OAUG;IACG,YAAY,CAAC,OAAO,CAAC,EAAE;QAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,IAAI,CAAC;IAUjB;;;;;;;;;;;;OAYG;YACW,eAAe;IAuhB7B;;;;;;;;;;;OAWG;YACW,sBAAsB;IAmOpC;;;;;;;;OAQG;IACH,OAAO,CAAC,sBAAsB;IAgB9B;;;;;;;;;;;;;;;;;;OAkBG;YACW,QAAQ;IAksBtB;;;;;;;;;;;;;;;;;;;;OAoBG;IACH;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAuBpB,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkH1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACG,UAAU,CAAC,OAAO,CAAC,EAAE;QACzB,QAAQ,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC;KACtD,GAAG,OAAO,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAsEhD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,iBAAiB,IAAI,MAAM,EAAE;IAI7B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACG,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,IAAI,CAAC;IAoBhB;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACG,yBAAyB,CAC7B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,OAAO,CAAC;IAyBnB,OAAO,CAAC,sBAAsB,CAAC,CAEL;IAE1B;;;;;;;;;;;;;;;;;;OAkBG;IACH,cAAc,CACZ,QAAQ,EAAE,CACR,KAAK,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,KACzC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GACxB,IAAI;IAKP;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,SAAS,CACb,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC;IAkCxD;;;;;;;;;;;;;;;;;;;;;OAqBG;YACW,cAAc;IAwC5B;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,OAAO,CAAC,iBAAiB;IAoLzB;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAoBhC;;;;;;;;;;;;;;;;;;OAkBG;IACH,OAAO,CAAC,kBAAkB;IA+C1B;;;;;;;;;;;;;;;OAeG;IACH,OAAO,CAAC,gBAAgB;CA4BzB;AAED,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,OAAO,GAAG,KAAK,IAAI,IAAI,CACpE,SAAS,CAAC,QAAQ,CAAC,EACnB,MAAM,QAAQ,CACf,GACC,QAAQ,GAAG;IACT,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE;QACrB,QAAQ,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC;KACtD,KAAK,OAAO,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpD,CAAC;AAEJ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AAIH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG;IAAE,KAAK,EAAE,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAA;CAAE,GAC5E,iBAAiB,CAAC,IAAI,CAAC,CAAC;AAI3B,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAC7B,iBAAiB,CAAC,KAAK,CAAC,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth Integration for MCP Use
|
|
3
|
+
*
|
|
4
|
+
* Provides zero-config OAuth authentication for MCP servers with support for
|
|
5
|
+
* Supabase, Auth0, Keycloak, WorkOS, and custom OAuth providers.
|
|
6
|
+
*/
|
|
7
|
+
export type { OAuthProvider, UserInfo } from "./providers/types.js";
|
|
8
|
+
export { oauthSupabaseProvider, oauthAuth0Provider, oauthKeycloakProvider, oauthWorkOSProvider, oauthCustomProvider, type SupabaseProviderConfig, type Auth0ProviderConfig, type KeycloakProviderConfig, type WorkOSProviderConfig, type CustomProviderConfig, } from "./providers.js";
|
|
9
|
+
export { createBearerAuthMiddleware } from "./middleware.js";
|
|
10
|
+
export { setupOAuthRoutes } from "./routes.js";
|
|
11
|
+
export { getAuth, hasScope, hasAnyScope, requireScope, requireAnyScope, } from "./utils.js";
|
|
12
|
+
export type { AuthInfo } from "./utils.js";
|
|
13
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/server/oauth/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAGpE,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,GAC1B,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,OAAO,EACP,QAAQ,EACR,WAAW,EACX,YAAY,EACZ,eAAe,GAChB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth Middleware
|
|
3
|
+
*
|
|
4
|
+
* Creates bearer authentication middleware for Hono that validates
|
|
5
|
+
* JWT tokens and attaches user information to the request context.
|
|
6
|
+
*/
|
|
7
|
+
import type { Context, Next } from "hono";
|
|
8
|
+
import type { OAuthProvider } from "./providers/types.js";
|
|
9
|
+
/**
|
|
10
|
+
* Create bearer authentication middleware for a given OAuth provider
|
|
11
|
+
*
|
|
12
|
+
* @param provider - The OAuth provider to use for token verification
|
|
13
|
+
* @param baseUrl - The base URL of the server (for WWW-Authenticate header)
|
|
14
|
+
* @returns Hono middleware function
|
|
15
|
+
*/
|
|
16
|
+
export declare function createBearerAuthMiddleware(provider: OAuthProvider, baseUrl?: string): (c: Context, next: Next) => Promise<(Response & import("hono").TypedResponse<{
|
|
17
|
+
error: string;
|
|
18
|
+
}, 401, "json">) | undefined>;
|
|
19
|
+
//# sourceMappingURL=middleware.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../../src/server/oauth/middleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,aAAa,EACvB,OAAO,CAAC,EAAE,MAAM,IAEF,GAAG,OAAO,EAAE,MAAM,IAAI;;8BAyErC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Implements OAuth authentication for Auth0 tenants.
|
|
5
|
+
* Supports JWKS-based JWT verification with permissions and roles.
|
|
6
|
+
*/
|
|
7
|
+
import type { OAuthProvider, UserInfo, Auth0OAuthConfig } from "./types.js";
|
|
8
|
+
export declare class Auth0OAuthProvider implements OAuthProvider {
|
|
9
|
+
private config;
|
|
10
|
+
private issuer;
|
|
11
|
+
private jwks;
|
|
12
|
+
constructor(config: Auth0OAuthConfig);
|
|
13
|
+
private getJWKS;
|
|
14
|
+
verifyToken(token: string): Promise<any>;
|
|
15
|
+
getUserInfo(payload: any): UserInfo;
|
|
16
|
+
getIssuer(): string;
|
|
17
|
+
getAuthEndpoint(): string;
|
|
18
|
+
getTokenEndpoint(): string;
|
|
19
|
+
getScopesSupported(): string[];
|
|
20
|
+
getGrantTypesSupported(): string[];
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=auth0.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth0.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/auth0.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE5E,qBAAa,kBAAmB,YAAW,aAAa;IACtD,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsD;gBAEtD,MAAM,EAAE,gBAAgB;IAKpC,OAAO,CAAC,OAAO;IAST,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IA4B9C,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ;IAoBnC,SAAS,IAAI,MAAM;IAInB,eAAe,IAAI,MAAM;IAIzB,gBAAgB,IAAI,MAAM;IAI1B,kBAAkB,IAAI,MAAM,EAAE;IAI9B,sBAAsB,IAAI,MAAM,EAAE;CAGnC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Custom OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Allows users to implement custom OAuth providers with their own
|
|
5
|
+
* JWT verification logic and user info extraction.
|
|
6
|
+
*/
|
|
7
|
+
import type { OAuthProvider, UserInfo, CustomOAuthConfig } from "./types.js";
|
|
8
|
+
export declare class CustomOAuthProvider implements OAuthProvider {
|
|
9
|
+
private config;
|
|
10
|
+
constructor(config: CustomOAuthConfig);
|
|
11
|
+
verifyToken(token: string): Promise<any>;
|
|
12
|
+
getUserInfo(payload: any): UserInfo;
|
|
13
|
+
getIssuer(): string;
|
|
14
|
+
getAuthEndpoint(): string;
|
|
15
|
+
getTokenEndpoint(): string;
|
|
16
|
+
getScopesSupported(): string[];
|
|
17
|
+
getGrantTypesSupported(): string[];
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=custom.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"custom.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/custom.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE7E,qBAAa,mBAAoB,YAAW,aAAa;IACvD,OAAO,CAAC,MAAM,CAAoB;gBAEtB,MAAM,EAAE,iBAAiB;IAI/B,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAS9C,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ;IAoBnC,SAAS,IAAI,MAAM;IAInB,eAAe,IAAI,MAAM;IAIzB,gBAAgB,IAAI,MAAM;IAI1B,kBAAkB,IAAI,MAAM,EAAE;IAI9B,sBAAsB,IAAI,MAAM,EAAE;CAKnC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Keycloak OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Implements OAuth authentication for Keycloak servers.
|
|
5
|
+
* Supports realm roles, client roles, and resource access.
|
|
6
|
+
*/
|
|
7
|
+
import type { OAuthProvider, UserInfo, KeycloakOAuthConfig } from "./types.js";
|
|
8
|
+
export declare class KeycloakOAuthProvider implements OAuthProvider {
|
|
9
|
+
private config;
|
|
10
|
+
private issuer;
|
|
11
|
+
private jwks;
|
|
12
|
+
constructor(config: KeycloakOAuthConfig);
|
|
13
|
+
private getJWKS;
|
|
14
|
+
verifyToken(token: string): Promise<any>;
|
|
15
|
+
getUserInfo(payload: any): UserInfo;
|
|
16
|
+
getIssuer(): string;
|
|
17
|
+
getAuthEndpoint(): string;
|
|
18
|
+
getTokenEndpoint(): string;
|
|
19
|
+
getScopesSupported(): string[];
|
|
20
|
+
getGrantTypesSupported(): string[];
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=keycloak.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keycloak.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/keycloak.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,aAAa;IACzD,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsD;gBAEtD,MAAM,EAAE,mBAAmB;IAOvC,OAAO,CAAC,OAAO;IAST,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAgC9C,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ;IA+CnC,SAAS,IAAI,MAAM;IAInB,eAAe,IAAI,MAAM;IAIzB,gBAAgB,IAAI,MAAM;IAI1B,kBAAkB,IAAI,MAAM,EAAE;IAI9B,sBAAsB,IAAI,MAAM,EAAE;CAGnC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Supabase OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Implements OAuth authentication for Supabase projects.
|
|
5
|
+
* Supports both HS256 (legacy) and ES256 (new ECC) signing algorithms.
|
|
6
|
+
*/
|
|
7
|
+
import type { OAuthProvider, UserInfo, SupabaseOAuthConfig } from "./types.js";
|
|
8
|
+
export declare class SupabaseOAuthProvider implements OAuthProvider {
|
|
9
|
+
private config;
|
|
10
|
+
private supabaseUrl;
|
|
11
|
+
private supabaseAuthUrl;
|
|
12
|
+
private issuer;
|
|
13
|
+
private jwks;
|
|
14
|
+
constructor(config: SupabaseOAuthConfig);
|
|
15
|
+
private getJWKS;
|
|
16
|
+
verifyToken(token: string): Promise<any>;
|
|
17
|
+
getUserInfo(payload: any): UserInfo;
|
|
18
|
+
getIssuer(): string;
|
|
19
|
+
getAuthEndpoint(): string;
|
|
20
|
+
getTokenEndpoint(): string;
|
|
21
|
+
getScopesSupported(): string[];
|
|
22
|
+
getGrantTypesSupported(): string[];
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=supabase.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"supabase.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/supabase.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,aAAa;IACzD,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsD;gBAEtD,MAAM,EAAE,mBAAmB;IAOvC,OAAO,CAAC,OAAO;IAST,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IA+C9C,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ;IAgBnC,SAAS,IAAI,MAAM;IAInB,eAAe,IAAI,MAAM;IAIzB,gBAAgB,IAAI,MAAM;IAI1B,kBAAkB,IAAI,MAAM,EAAE;IAI9B,sBAAsB,IAAI,MAAM,EAAE;CAGnC"}
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth mode determines how the MCP server handles OAuth requests
|
|
3
|
+
*/
|
|
4
|
+
export type OAuthMode = "direct" | "proxy";
|
|
5
|
+
/**
|
|
6
|
+
* OAuth Provider Interface
|
|
7
|
+
*
|
|
8
|
+
* Defines the contract that all OAuth providers must implement
|
|
9
|
+
* to provide authentication and authorization services.
|
|
10
|
+
*/
|
|
11
|
+
export interface OAuthProvider {
|
|
12
|
+
/**
|
|
13
|
+
* Verify and decode a JWT token
|
|
14
|
+
* @param token - The JWT token to verify
|
|
15
|
+
* @returns The decoded and verified token payload
|
|
16
|
+
* @throws Error if token is invalid or verification fails
|
|
17
|
+
*/
|
|
18
|
+
verifyToken(token: string): Promise<any>;
|
|
19
|
+
/**
|
|
20
|
+
* Extract user information from a verified token payload
|
|
21
|
+
* @param payload - The verified JWT payload
|
|
22
|
+
* @returns User information object
|
|
23
|
+
*/
|
|
24
|
+
getUserInfo(payload: any): UserInfo;
|
|
25
|
+
/**
|
|
26
|
+
* Get the OAuth issuer URL
|
|
27
|
+
* @returns The issuer URL for this provider
|
|
28
|
+
*/
|
|
29
|
+
getIssuer(): string;
|
|
30
|
+
/**
|
|
31
|
+
* Get the authorization endpoint URL
|
|
32
|
+
* @returns The authorization endpoint URL
|
|
33
|
+
*/
|
|
34
|
+
getAuthEndpoint(): string;
|
|
35
|
+
/**
|
|
36
|
+
* Get the token endpoint URL
|
|
37
|
+
* @returns The token endpoint URL
|
|
38
|
+
*/
|
|
39
|
+
getTokenEndpoint(): string;
|
|
40
|
+
/**
|
|
41
|
+
* Get supported scopes
|
|
42
|
+
* @returns Array of supported OAuth scopes
|
|
43
|
+
*/
|
|
44
|
+
getScopesSupported(): string[];
|
|
45
|
+
/**
|
|
46
|
+
* Get supported grant types
|
|
47
|
+
* @returns Array of supported grant types
|
|
48
|
+
*/
|
|
49
|
+
getGrantTypesSupported(): string[];
|
|
50
|
+
/**
|
|
51
|
+
* Get the OAuth mode for this provider
|
|
52
|
+
* @returns 'direct' if clients should communicate directly with auth server,
|
|
53
|
+
* 'proxy' if MCP server should proxy OAuth requests
|
|
54
|
+
*/
|
|
55
|
+
getMode?(): OAuthMode;
|
|
56
|
+
/**
|
|
57
|
+
* Get the registration endpoint URL (for direct mode with dynamic client registration)
|
|
58
|
+
* @returns The registration endpoint URL, or undefined if not supported
|
|
59
|
+
*/
|
|
60
|
+
getRegistrationEndpoint?(): string | undefined;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* User information extracted from OAuth token
|
|
64
|
+
*/
|
|
65
|
+
export interface UserInfo {
|
|
66
|
+
userId: string;
|
|
67
|
+
email?: string;
|
|
68
|
+
name?: string;
|
|
69
|
+
username?: string;
|
|
70
|
+
nickname?: string;
|
|
71
|
+
picture?: string;
|
|
72
|
+
roles?: string[];
|
|
73
|
+
permissions?: string[];
|
|
74
|
+
[key: string]: any;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Base configuration for all OAuth providers
|
|
78
|
+
*/
|
|
79
|
+
export interface BaseOAuthConfig {
|
|
80
|
+
provider: string;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Supabase OAuth provider configuration
|
|
84
|
+
*/
|
|
85
|
+
export interface SupabaseOAuthConfig extends BaseOAuthConfig {
|
|
86
|
+
provider: "supabase";
|
|
87
|
+
projectId: string;
|
|
88
|
+
jwtSecret?: string;
|
|
89
|
+
skipVerification?: boolean;
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Auth0 OAuth provider configuration
|
|
93
|
+
*/
|
|
94
|
+
export interface Auth0OAuthConfig extends BaseOAuthConfig {
|
|
95
|
+
provider: "auth0";
|
|
96
|
+
domain: string;
|
|
97
|
+
audience: string;
|
|
98
|
+
verifyJwt?: boolean;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Keycloak OAuth provider configuration
|
|
102
|
+
*/
|
|
103
|
+
export interface KeycloakOAuthConfig extends BaseOAuthConfig {
|
|
104
|
+
provider: "keycloak";
|
|
105
|
+
serverUrl: string;
|
|
106
|
+
realm: string;
|
|
107
|
+
clientId?: string;
|
|
108
|
+
verifyJwt?: boolean;
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* WorkOS OAuth provider configuration
|
|
112
|
+
*/
|
|
113
|
+
export interface WorkOSOAuthConfig extends BaseOAuthConfig {
|
|
114
|
+
provider: "workos";
|
|
115
|
+
subdomain: string;
|
|
116
|
+
clientId?: string;
|
|
117
|
+
apiKey?: string;
|
|
118
|
+
verifyJwt?: boolean;
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Custom OAuth provider configuration
|
|
122
|
+
*/
|
|
123
|
+
export interface CustomOAuthConfig extends BaseOAuthConfig {
|
|
124
|
+
provider: "custom";
|
|
125
|
+
issuer: string;
|
|
126
|
+
jwksUrl: string;
|
|
127
|
+
authEndpoint: string;
|
|
128
|
+
tokenEndpoint: string;
|
|
129
|
+
scopesSupported?: string[];
|
|
130
|
+
grantTypesSupported?: string[];
|
|
131
|
+
verifyToken: (token: string) => Promise<any>;
|
|
132
|
+
getUserInfo?: (payload: any) => UserInfo;
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* Union type of all OAuth provider configurations
|
|
136
|
+
*/
|
|
137
|
+
export type OAuthConfig = SupabaseOAuthConfig | Auth0OAuthConfig | KeycloakOAuthConfig | WorkOSOAuthConfig | CustomOAuthConfig;
|
|
138
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,SAAS,GACjB,QAAQ,GACR,OAAO,CAAC;AAEZ;;;;;GAKG;AAEH,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAEzC;;;;OAIG;IACH,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ,CAAC;IAEpC;;;OAGG;IACH,SAAS,IAAI,MAAM,CAAC;IAEpB;;;OAGG;IACH,eAAe,IAAI,MAAM,CAAC;IAE1B;;;OAGG;IACH,gBAAgB,IAAI,MAAM,CAAC;IAE3B;;;OAGG;IACH,kBAAkB,IAAI,MAAM,EAAE,CAAC;IAE/B;;;OAGG;IACH,sBAAsB,IAAI,MAAM,EAAE,CAAC;IAEnC;;;;OAIG;IACH,OAAO,CAAC,IAAI,SAAS,CAAC;IAEtB;;;OAGG;IACH,uBAAuB,CAAC,IAAI,MAAM,GAAG,SAAS,CAAC;CAChD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,QAAQ,EAAE,UAAU,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,eAAe;IACvD,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,QAAQ,EAAE,UAAU,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,QAAQ,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,mBAAmB,GACnB,gBAAgB,GAChB,mBAAmB,GACnB,iBAAiB,GACjB,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* WorkOS OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Implements OAuth authentication for WorkOS AuthKit.
|
|
5
|
+
* Supports JWKS-based JWT verification with Dynamic Client Registration.
|
|
6
|
+
*
|
|
7
|
+
* WorkOS uses "direct" mode where MCP clients communicate directly with
|
|
8
|
+
* WorkOS for OAuth flows (registration, authorization, token exchange).
|
|
9
|
+
* The MCP server only verifies tokens issued by WorkOS.
|
|
10
|
+
*
|
|
11
|
+
* Learn more: https://workos.com/docs/authkit/mcp
|
|
12
|
+
*/
|
|
13
|
+
import type { OAuthProvider, UserInfo, WorkOSOAuthConfig, OAuthMode } from "./types.js";
|
|
14
|
+
export declare class WorkOSOAuthProvider implements OAuthProvider {
|
|
15
|
+
private config;
|
|
16
|
+
private issuer;
|
|
17
|
+
private jwks;
|
|
18
|
+
constructor(config: WorkOSOAuthConfig);
|
|
19
|
+
private getJWKS;
|
|
20
|
+
verifyToken(token: string): Promise<any>;
|
|
21
|
+
getUserInfo(payload: any): UserInfo;
|
|
22
|
+
getIssuer(): string;
|
|
23
|
+
getAuthEndpoint(): string;
|
|
24
|
+
getTokenEndpoint(): string;
|
|
25
|
+
getScopesSupported(): string[];
|
|
26
|
+
getGrantTypesSupported(): string[];
|
|
27
|
+
getMode(): OAuthMode;
|
|
28
|
+
getRegistrationEndpoint(): string | undefined;
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=workos.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workos.d.ts","sourceRoot":"","sources":["../../../../../src/server/oauth/providers/workos.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EACV,aAAa,EACb,QAAQ,EACR,iBAAiB,EACjB,SAAS,EACV,MAAM,YAAY,CAAC;AAEpB,qBAAa,mBAAoB,YAAW,aAAa;IACvD,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAsD;gBAEtD,MAAM,EAAE,iBAAiB;IAKrC,OAAO,CAAC,OAAO;IAOT,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAyB9C,WAAW,CAAC,OAAO,EAAE,GAAG,GAAG,QAAQ;IAmBnC,SAAS,IAAI,MAAM;IAInB,eAAe,IAAI,MAAM;IAIzB,gBAAgB,IAAI,MAAM;IAI1B,kBAAkB,IAAI,MAAM,EAAE;IAI9B,sBAAsB,IAAI,MAAM,EAAE;IAIlC,OAAO,IAAI,SAAS;IAapB,uBAAuB,IAAI,MAAM,GAAG,SAAS;CAO9C"}
|