n8n 1.119.1 → 1.120.1

package/dist/modules/mcp/mcp-oauth.helpers.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpOAuthHelpers = void 0;
+class McpOAuthHelpers {
+    static buildSuccessRedirectUrl(redirectUri, code, state) {
+        const targetUrl = new URL(redirectUri);
+        targetUrl.searchParams.set('code', code);
+        if (state) {
+            targetUrl.searchParams.set('state', state);
+        }
+        return targetUrl.toString();
+    }
+    static buildErrorRedirectUrl(redirectUri, error, errorDescription, state) {
+        const targetUrl = new URL(redirectUri);
+        targetUrl.searchParams.set('error', error);
+        targetUrl.searchParams.set('error_description', errorDescription);
+        if (state) {
+            targetUrl.searchParams.set('state', state);
+        }
+        return targetUrl.toString();
+    }
+}
+exports.McpOAuthHelpers = McpOAuthHelpers;
+//# sourceMappingURL=mcp-oauth.helpers.js.map

package/dist/modules/mcp/mcp-oauth.helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-oauth.helpers.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp-oauth.helpers.ts"],"names":[],"mappings":";;;AAGA,MAAa,eAAe;IAK3B,MAAM,CAAC,uBAAuB,CAAC,WAAmB,EAAE,IAAY,EAAE,KAAoB;QACrF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACvC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzC,IAAI,KAAK,EAAE,CAAC;YACX,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,EAAE,CAAC;IAC7B,CAAC;IAMD,MAAM,CAAC,qBAAqB,CAC3B,WAAmB,EACnB,KAAa,EACb,gBAAwB,EACxB,KAAoB;QAEpB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACvC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3C,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;QAClE,IAAI,KAAK,EAAE,CAAC;YACX,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,EAAE,CAAC;IAC7B,CAAC;CACD;AAhCD,0CAgCC"}

package/dist/modules/mcp/mcp-server-middleware.service.d.ts

@@ -0,0 +1,18 @@
+import { User } from '@n8n/db';
+import { NextFunction, Response, Request } from 'express';
+import { JwtService } from '../../services/jwt.service';
+import { Telemetry } from '../../telemetry';
+import { McpServerApiKeyService } from './mcp-api-key.service';
+import { McpOAuthTokenService } from './mcp-oauth-token.service';
+export declare class McpServerMiddlewareService {
+    private readonly mcpServerApiKeyService;
+    private readonly mcpAuthTokenService;
+    private readonly jwtService;
+    private readonly telemetry;
+    constructor(mcpServerApiKeyService: McpServerApiKeyService, mcpAuthTokenService: McpOAuthTokenService, jwtService: JwtService, telemetry: Telemetry);
+    getUserForToken(token: string): Promise<User | null>;
+    getAuthMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+    private extractBearerToken;
+    private responseWithUnauthorized;
+    private trackUnauthorizedEvent;
+}

package/dist/modules/mcp/mcp-server-middleware.service.js

@@ -0,0 +1,95 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpServerMiddlewareService = void 0;
+const di_1 = require("@n8n/di");
+const auth_error_1 = require("../../errors/response-errors/auth.error");
+const jwt_service_1 = require("../../services/jwt.service");
+const telemetry_1 = require("../../telemetry");
+const mcp_api_key_service_1 = require("./mcp-api-key.service");
+const mcp_oauth_token_service_1 = require("./mcp-oauth-token.service");
+const mcp_constants_1 = require("./mcp.constants");
+const mcp_utils_1 = require("./mcp.utils");
+let McpServerMiddlewareService = class McpServerMiddlewareService {
+    constructor(mcpServerApiKeyService, mcpAuthTokenService, jwtService, telemetry) {
+        this.mcpServerApiKeyService = mcpServerApiKeyService;
+        this.mcpAuthTokenService = mcpAuthTokenService;
+        this.jwtService = jwtService;
+        this.telemetry = telemetry;
+    }
+    async getUserForToken(token) {
+        let decoded;
+        try {
+            decoded = this.jwtService.decode(token);
+        }
+        catch (error) {
+            return null;
+        }
+        if (decoded?.meta?.isOAuth === true) {
+            return await this.mcpAuthTokenService.verifyOAuthAccessToken(token);
+        }
+        return await this.mcpServerApiKeyService.verifyApiKey(token);
+    }
+    getAuthMiddleware() {
+        return async (req, res, next) => {
+            const authorizationHeader = req.header('authorization');
+            if (!authorizationHeader) {
+                this.responseWithUnauthorized(res, req);
+                return;
+            }
+            const token = this.extractBearerToken(authorizationHeader);
+            if (!token) {
+                this.responseWithUnauthorized(res, req);
+                return;
+            }
+            const user = await this.getUserForToken(token);
+            if (!user) {
+                this.responseWithUnauthorized(res, req);
+                return;
+            }
+            req.user = user;
+            next();
+        };
+    }
+    extractBearerToken(headerValue) {
+        if (!headerValue.startsWith('Bearer')) {
+            throw new auth_error_1.AuthError('Invalid authorization header format');
+        }
+        const tokenMatch = headerValue.match(/^Bearer\s+(.+)$/i);
+        if (tokenMatch) {
+            return tokenMatch[1];
+        }
+        throw new auth_error_1.AuthError('Invalid authorization header format');
+    }
+    responseWithUnauthorized(res, req) {
+        this.trackUnauthorizedEvent(req);
+        res.header('WWW-Authenticate', 'Bearer realm="n8n MCP Server"');
+        res.status(401).send({ message: mcp_constants_1.UNAUTHORIZED_ERROR_MESSAGE });
+    }
+    trackUnauthorizedEvent(req) {
+        const clientInfo = (0, mcp_utils_1.getClientInfo)(req);
+        this.telemetry.track(mcp_constants_1.USER_CONNECTED_TO_MCP_EVENT, {
+            mcp_connection_status: 'error',
+            error: mcp_constants_1.UNAUTHORIZED_ERROR_MESSAGE,
+            client_name: clientInfo?.name,
+            client_version: clientInfo?.version,
+        });
+    }
+};
+exports.McpServerMiddlewareService = McpServerMiddlewareService;
+exports.McpServerMiddlewareService = McpServerMiddlewareService = __decorate([
+    (0, di_1.Service)(),
+    __metadata("design:paramtypes", [mcp_api_key_service_1.McpServerApiKeyService,
+        mcp_oauth_token_service_1.McpOAuthTokenService,
+        jwt_service_1.JwtService,
+        telemetry_1.Telemetry])
+], McpServerMiddlewareService);
+//# sourceMappingURL=mcp-server-middleware.service.js.map

package/dist/modules/mcp/mcp-server-middleware.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server-middleware.service.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp-server-middleware.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,gCAAkC;AAGlC,oEAAgE;AAChE,wDAAoD;AACpD,2CAAwC;AAExC,+DAA+D;AAC/D,uEAAiE;AACjE,mDAA0F;AAC1F,2CAA4C;AAQrC,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;IACtC,YACkB,sBAA8C,EAC9C,mBAAyC,EACzC,UAAsB,EACtB,SAAoB;QAHpB,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,wBAAmB,GAAnB,mBAAmB,CAAsB;QACzC,eAAU,GAAV,UAAU,CAAY;QACtB,cAAS,GAAT,SAAS,CAAW;IACnC,CAAC;IAMJ,KAAK,CAAC,eAAe,CAAC,KAAa;QAClC,IAAI,OAAyC,CAAC;QAC9C,IAAI,CAAC;YACJ,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAmC,KAAK,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACb,CAAC;QAED,IAAI,OAAO,EAAE,IAAI,EAAE,OAAO,KAAK,IAAI,EAAE,CAAC;YACrC,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAMD,iBAAiB;QAChB,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAChE,MAAM,mBAAmB,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAExD,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBAC1B,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACxC,OAAO;YACR,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;YAE3D,IAAI,CAAC,KAAK,EAAE,CAAC;gBACZ,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACxC,OAAO;YACR,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE/C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACxC,OAAO;YACR,CAAC;YAEA,GAA4B,CAAC,IAAI,GAAG,IAAI,CAAC;YAE1C,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,WAAmB;QAC7C,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,sBAAS,CAAC,qCAAqC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,UAAU,EAAE,CAAC;YAChB,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,sBAAS,CAAC,qCAAqC,CAAC,CAAC;IAC5D,CAAC;IAEO,wBAAwB,CAAC,GAAa,EAAE,GAAY;QAC3D,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAEjC,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,+BAA+B,CAAC,CAAC;QAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,0CAA0B,EAAE,CAAC,CAAC;IAC/D,CAAC;IAEO,sBAAsB,CAAC,GAAY;QAC1C,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,2CAA2B,EAAE;YACjD,qBAAqB,EAAE,OAAO;YAC9B,KAAK,EAAE,0CAA0B;YACjC,WAAW,EAAE,UAAU,EAAE,IAAI;YAC7B,cAAc,EAAE,UAAU,EAAE,OAAO;SACnC,CAAC,CAAC;IACJ,CAAC;CACD,CAAA;AAzFY,gEAA0B;qCAA1B,0BAA0B;IADtC,IAAA,YAAO,GAAE;qCAGiC,4CAAsB;QACzB,8CAAoB;QAC7B,wBAAU;QACX,qBAAS;GAL1B,0BAA0B,CAyFtC"}

package/dist/modules/mcp/mcp.auth.consent.controller.d.ts

@@ -0,0 +1,17 @@
+import { Logger } from '@n8n/backend-common';
+import type { AuthenticatedRequest } from '@n8n/db';
+import type { Response } from 'express';
+import { ApproveConsentRequestDto } from './dto/approve-consent-request.dto';
+import { McpOAuthConsentService } from './mcp-oauth-consent.service';
+import { OAuthSessionService } from './oauth-session.service';
+export declare class McpConsentController {
+    private readonly logger;
+    private readonly consentService;
+    private readonly oauthSessionService;
+    constructor(logger: Logger, consentService: McpOAuthConsentService, oauthSessionService: OAuthSessionService);
+    getConsentDetails(req: AuthenticatedRequest, res: Response): Promise<void>;
+    approveConsent(req: AuthenticatedRequest, res: Response, payload: ApproveConsentRequestDto): Promise<void>;
+    private sendErrorResponse;
+    private sendInvalidSessionError;
+    private getAndValidateSessionToken;
+}

package/dist/modules/mcp/mcp.auth.consent.controller.js

@@ -0,0 +1,120 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpConsentController = void 0;
+const backend_common_1 = require("@n8n/backend-common");
+const decorators_1 = require("@n8n/decorators");
+const approve_consent_request_dto_1 = require("./dto/approve-consent-request.dto");
+const mcp_oauth_consent_service_1 = require("./mcp-oauth-consent.service");
+const oauth_session_service_1 = require("./oauth-session.service");
+let McpConsentController = class McpConsentController {
+    constructor(logger, consentService, oauthSessionService) {
+        this.logger = logger;
+        this.consentService = consentService;
+        this.oauthSessionService = oauthSessionService;
+    }
+    async getConsentDetails(req, res) {
+        try {
+            const sessionToken = this.getAndValidateSessionToken(req, res);
+            if (!sessionToken)
+                return;
+            const consentDetails = await this.consentService.getConsentDetails(sessionToken);
+            if (!consentDetails) {
+                this.sendInvalidSessionError(res, true);
+                return;
+            }
+            res.json({
+                data: {
+                    clientName: consentDetails.clientName,
+                    clientId: consentDetails.clientId,
+                },
+            });
+        }
+        catch (error) {
+            this.logger.error('Failed to get consent details', { error });
+            this.oauthSessionService.clearSession(res);
+            this.sendErrorResponse(res, 500, 'Failed to load authorization details');
+        }
+    }
+    async approveConsent(req, res, payload) {
+        try {
+            const sessionToken = this.getAndValidateSessionToken(req, res);
+            if (!sessionToken)
+                return;
+            const result = await this.consentService.handleConsentDecision(sessionToken, req.user.id, payload.approved);
+            this.oauthSessionService.clearSession(res);
+            res.json({
+                data: {
+                    status: 'success',
+                    redirectUrl: result.redirectUrl,
+                },
+            });
+        }
+        catch (error) {
+            this.logger.error('Failed to process consent', { error });
+            this.oauthSessionService.clearSession(res);
+            const message = error instanceof Error ? error.message : 'Failed to process authorization';
+            this.sendErrorResponse(res, 500, message);
+        }
+    }
+    sendErrorResponse(res, statusCode, message) {
+        res.status(statusCode).json({
+            status: 'error',
+            message,
+        });
+    }
+    sendInvalidSessionError(res, clearCookie = false) {
+        if (clearCookie) {
+            this.oauthSessionService.clearSession(res);
+        }
+        this.sendErrorResponse(res, 400, 'Invalid or expired authorization session');
+    }
+    getAndValidateSessionToken(req, res) {
+        const sessionToken = this.oauthSessionService.getSessionToken(req.cookies);
+        if (!sessionToken) {
+            this.sendInvalidSessionError(res);
+            return null;
+        }
+        try {
+            this.oauthSessionService.verifySession(sessionToken);
+            return sessionToken;
+        }
+        catch (error) {
+            this.logger.debug('Invalid session token', { error });
+            this.sendInvalidSessionError(res, true);
+            return null;
+        }
+    }
+};
+exports.McpConsentController = McpConsentController;
+__decorate([
+    (0, decorators_1.Get)('/details', { usesTemplates: true }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], McpConsentController.prototype, "getConsentDetails", null);
+__decorate([
+    (0, decorators_1.Post)('/approve', { usesTemplates: true }),
+    __param(2, decorators_1.Body),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, approve_consent_request_dto_1.ApproveConsentRequestDto]),
+    __metadata("design:returntype", Promise)
+], McpConsentController.prototype, "approveConsent", null);
+exports.McpConsentController = McpConsentController = __decorate([
+    (0, decorators_1.RestController)('/consent'),
+    __metadata("design:paramtypes", [backend_common_1.Logger,
+        mcp_oauth_consent_service_1.McpOAuthConsentService,
+        oauth_session_service_1.OAuthSessionService])
+], McpConsentController);
+//# sourceMappingURL=mcp.auth.consent.controller.js.map

package/dist/modules/mcp/mcp.auth.consent.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.auth.consent.controller.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.auth.consent.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wDAA6C;AAE7C,gDAAkE;AAGlE,mFAA6E;AAC7E,2EAAqE;AACrE,mEAA8D;AAGvD,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAChC,YACkB,MAAc,EACd,cAAsC,EACtC,mBAAwC;QAFxC,WAAM,GAAN,MAAM,CAAQ;QACd,mBAAc,GAAd,cAAc,CAAwB;QACtC,wBAAmB,GAAnB,mBAAmB,CAAqB;IACvD,CAAC;IAGE,AAAN,KAAK,CAAC,iBAAiB,CAAC,GAAyB,EAAE,GAAa;QAC/D,IAAI,CAAC;YACJ,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,OAAO;YAE1B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAEjF,IAAI,CAAC,cAAc,EAAE,CAAC;gBACrB,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBACxC,OAAO;YACR,CAAC;YAED,GAAG,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE;oBACL,UAAU,EAAE,cAAc,CAAC,UAAU;oBACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;iBACjC;aACD,CAAC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC9D,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAC3C,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,sCAAsC,CAAC,CAAC;QAC1E,CAAC;IACF,CAAC;IAGK,AAAN,KAAK,CAAC,cAAc,CACnB,GAAyB,EACzB,GAAa,EACP,OAAiC;QAEvC,IAAI,CAAC;YACJ,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,OAAO;YAE1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAC7D,YAAY,EACZ,GAAG,CAAC,IAAI,CAAC,EAAE,EACX,OAAO,CAAC,QAAQ,CAChB,CAAC;YAEF,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAE3C,GAAG,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE;oBACL,MAAM,EAAE,SAAS;oBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;iBAC/B;aACD,CAAC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iCAAiC,CAAC;YAC3F,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;IACF,CAAC;IAEO,iBAAiB,CAAC,GAAa,EAAE,UAAkB,EAAE,OAAe;QAC3E,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;YAC3B,MAAM,EAAE,OAAO;YACf,OAAO;SACP,CAAC,CAAC;IACJ,CAAC;IAEO,uBAAuB,CAAC,GAAa,EAAE,WAAW,GAAG,KAAK;QACjE,IAAI,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,0CAA0C,CAAC,CAAC;IAC9E,CAAC;IAEO,0BAA0B,CAAC,GAAyB,EAAE,GAAa;QAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;YAClC,OAAO,IAAI,CAAC;QACb,CAAC;QAED,IAAI,CAAC;YACJ,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACrD,OAAO,YAAY,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;CACD,CAAA;AA/FY,oDAAoB;AAQ1B;IADL,IAAA,gBAAG,EAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;;;;6DAwBxC;AAGK;IADL,IAAA,iBAAI,EAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IAIxC,WAAA,iBAAI,CAAA;;qDAAU,sDAAwB;;0DA0BvC;+BA/DW,oBAAoB;IADhC,IAAA,2BAAc,EAAC,UAAU,CAAC;qCAGA,uBAAM;QACE,kDAAsB;QACjB,2CAAmB;GAJ9C,oBAAoB,CA+FhC"}

package/dist/modules/mcp/mcp.controller.d.ts

@@ -1,9 +1,9 @@
 import { AuthenticatedRequest } from '@n8n/db';
-import type { Response } from 'express';
+import type { Request, Response } from 'express';
 import { ErrorReporter } from 'n8n-core';
+import { Telemetry } from '../../telemetry';
 import { McpService } from './mcp.service';
 import { McpSettingsService } from './mcp.settings.service';
-import { Telemetry } from '../../telemetry';
 export type FlushableResponse = Response & {
     flush: () => void;
 };
@@ -13,6 +13,8 @@ export declare class McpController {
     private readonly mcpSettingsService;
     private readonly telemetry;
     constructor(errorReporter: ErrorReporter, mcpService: McpService, mcpSettingsService: McpSettingsService, telemetry: Telemetry);
+    private setCorsHeaders;
+    discoverAuthSchemeHead(_req: Request, res: Response): Promise<void>;
     build(req: AuthenticatedRequest, res: FlushableResponse): Promise<void>;
     private trackConnectionEvent;
 }

package/dist/modules/mcp/mcp.controller.js

@@ -14,14 +14,14 @@ const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamable
 const decorators_1 = require("@n8n/decorators");
 const di_1 = require("@n8n/di");
 const n8n_core_1 = require("n8n-core");
-const mcp_api_key_service_1 = require("./mcp-api-key.service");
+const telemetry_1 = require("../../telemetry");
+const mcp_server_middleware_service_1 = require("./mcp-server-middleware.service");
 const mcp_constants_1 = require("./mcp.constants");
 const mcp_service_1 = require("./mcp.service");
 const mcp_settings_service_1 = require("./mcp.settings.service");
 const mcp_typeguards_1 = require("./mcp.typeguards");
 const mcp_utils_1 = require("./mcp.utils");
-const telemetry_1 = require("../../telemetry");
-const getAuthMiddleware = () => di_1.Container.get(mcp_api_key_service_1.McpServerApiKeyService).getAuthMiddleware();
+const getAuthMiddleware = () => di_1.Container.get(mcp_server_middleware_service_1.McpServerMiddlewareService).getAuthMiddleware();
 let McpController = class McpController {
     constructor(errorReporter, mcpService, mcpSettingsService, telemetry) {
         this.errorReporter = errorReporter;
@@ -29,7 +29,20 @@ let McpController = class McpController {
         this.mcpSettingsService = mcpSettingsService;
         this.telemetry = telemetry;
     }
+    setCorsHeaders(res) {
+        res.header('Access-Control-Allow-Origin', '*');
+        res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
+        res.header('Access-Control-Allow-Credentials', 'true');
+        res.header('Access-Control-Max-Age', '86400');
+    }
+    async discoverAuthSchemeHead(_req, res) {
+        this.setCorsHeaders(res);
+        res.header('WWW-Authenticate', 'Bearer realm="n8n MCP Server"');
+        res.status(401).end();
+    }
     async build(req, res) {
+        this.setCorsHeaders(res);
         const body = req.body;
         const isInitializationRequest = (0, mcp_typeguards_1.isJSONRPCRequest)(body) ? body.method === 'initialize' : false;
         const clientInfo = (0, mcp_utils_1.getClientInfo)(req);
@@ -94,6 +107,15 @@ let McpController = class McpController {
     }
 };
 exports.McpController = McpController;
+__decorate([
+    (0, decorators_1.Head)('/http', {
+        skipAuth: true,
+        usesTemplates: true,
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], McpController.prototype, "discoverAuthSchemeHead", null);
 __decorate([
     (0, decorators_1.Post)('/http', {
         rateLimit: { limit: 100 },

package/dist/modules/mcp/mcp.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp.controller.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0FAAmG;AAEnG,gDAA4D;AAC5D,gCAAoC;AAEpC,uCAAyC;AAEzC,+DAA+D;AAC/D,mDAIyB;AACzB,+CAA2C;AAC3C,iEAA4D;AAC5D,qDAAoD;AAEpD,2CAA4C;AAE5C,2CAAwC;AAIxC,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAAC,cAAS,CAAC,GAAG,CAAC,4CAAsB,CAAC,CAAC,iBAAiB,EAAE,CAAC;AAGnF,IAAM,aAAa,GAAnB,MAAM,aAAa;IACzB,YACkB,aAA4B,EAC5B,UAAsB,EACtB,kBAAsC,EACtC,SAAoB;QAHpB,kBAAa,GAAb,aAAa,CAAe;QAC5B,eAAU,GAAV,UAAU,CAAY;QACtB,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,cAAS,GAAT,SAAS,CAAW;IACnC,CAAC;IAQE,AAAN,KAAK,CAAC,KAAK,CAAC,GAAyB,EAAE,GAAsB;QAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACtB,MAAM,uBAAuB,GAAG,IAAA,iCAAgB,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC;QAC9F,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC;QAEtC,MAAM,gBAAgB,GAA4C;YACjE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;YACpB,WAAW,EAAE,UAAU,EAAE,IAAI;YAC7B,cAAc,EAAE,UAAU,EAAE,OAAO;SACnC,CAAC;QAGF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QAC3D,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,OAAO;oBAC9B,KAAK,EAAE,iDAAiC;iBACxC,CAAC,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,iDAAiC,EAAE,CAAC,CAAC;YACrE,OAAO;QACR,CAAC;QAID,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,SAAS,GAAkC,IAAI,iDAA6B,CAAC;gBAClF,kBAAkB,EAAE,SAAS;aAC7B,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,KAAK,SAAS,CAAC,KAAK,EAAE,CAAC;gBACvB,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,SAAS;iBAChC,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,OAAO;oBAC9B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC7D,CAAC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACN,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,6CAA6B;qBACtC;oBACD,EAAE,EAAE,IAAI;iBACR,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;IACF,CAAC;IAEO,oBAAoB,CAAC,OAAuC;QACnE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,2CAA2B,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;CACD,CAAA;AArFY,sCAAa;AAcnB;IANL,IAAA,iBAAI,EAAC,OAAO,EAAE;QACd,SAAS,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;QACzB,WAAW,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAClC,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACnB,CAAC;;;;0CAmED;wBAhFW,aAAa;IADzB,IAAA,gCAAmB,EAAC,aAAa,CAAC;qCAGD,wBAAa;QAChB,wBAAU;QACF,yCAAkB;QAC3B,qBAAS;GAL1B,aAAa,CAqFzB"}
+{"version":3,"file":"mcp.controller.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0FAAmG;AAEnG,gDAAkE;AAClE,gCAAoC;AAEpC,uCAAyC;AAEzC,2CAAwC;AAExC,mFAA6E;AAC7E,mDAIyB;AACzB,+CAA2C;AAC3C,iEAA4D;AAC5D,qDAAoD;AAEpD,2CAA4C;AAI5C,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAAC,cAAS,CAAC,GAAG,CAAC,0DAA0B,CAAC,CAAC,iBAAiB,EAAE,CAAC;AAGvF,IAAM,aAAa,GAAnB,MAAM,aAAa;IACzB,YACkB,aAA4B,EAC5B,UAAsB,EACtB,kBAAsC,EACtC,SAAoB;QAHpB,kBAAa,GAAb,aAAa,CAAe;QAC5B,eAAU,GAAV,UAAU,CAAY;QACtB,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,cAAS,GAAT,SAAS,CAAW;IACnC,CAAC;IAGI,cAAc,CAAC,GAAa;QAEnC,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAC/C,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,+CAA+C,CAAC,CAAC;QAC5F,GAAG,CAAC,MAAM,CAAC,kCAAkC,EAAE,MAAM,CAAC,CAAC;QACvD,GAAG,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAoBK,AAAN,KAAK,CAAC,sBAAsB,CAAC,IAAa,EAAE,GAAa;QACxD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QACzB,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,+BAA+B,CAAC,CAAC;QAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACvB,CAAC;IAQK,AAAN,KAAK,CAAC,KAAK,CAAC,GAAyB,EAAE,GAAsB;QAE5D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAEzB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACtB,MAAM,uBAAuB,GAAG,IAAA,iCAAgB,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC;QAC9F,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC;QAEtC,MAAM,gBAAgB,GAA4C;YACjE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;YACpB,WAAW,EAAE,UAAU,EAAE,IAAI;YAC7B,cAAc,EAAE,UAAU,EAAE,OAAO;SACnC,CAAC;QAGF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QAE3D,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,OAAO;oBAC9B,KAAK,EAAE,iDAAiC;iBACxC,CAAC,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,iDAAiC,EAAE,CAAC,CAAC;YACrE,OAAO;QACR,CAAC;QAID,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,SAAS,GAAkC,IAAI,iDAA6B,CAAC;gBAClF,kBAAkB,EAAE,SAAS;aAC7B,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,KAAK,SAAS,CAAC,KAAK,EAAE,CAAC;gBACvB,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,SAAS;iBAChC,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,uBAAuB,EAAE,CAAC;gBAC7B,IAAI,CAAC,oBAAoB,CAAC;oBACzB,GAAG,gBAAgB;oBACnB,qBAAqB,EAAE,OAAO;oBAC9B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC7D,CAAC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACN,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,6CAA6B;qBACtC;oBACD,EAAE,EAAE,IAAI;iBACR,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;IACF,CAAC;IAEO,oBAAoB,CAAC,OAAuC;QACnE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,2CAA2B,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;CACD,CAAA;AA3HY,sCAAa;AAoCnB;IAJL,IAAA,iBAAI,EAAC,OAAO,EAAE;QACd,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACnB,CAAC;;;;2DAKD;AAQK;IANL,IAAA,iBAAI,EAAC,OAAO,EAAE;QACd,SAAS,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;QACzB,WAAW,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAClC,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACnB,CAAC;;;;0CAuED;wBAtHW,aAAa;IADzB,IAAA,gCAAmB,EAAC,aAAa,CAAC;qCAGD,wBAAa;QAChB,wBAAU;QACF,yCAAkB;QAC3B,qBAAS;GAL1B,aAAa,CA2HzB"}

package/dist/modules/mcp/mcp.module.d.ts

@@ -4,5 +4,6 @@ export declare class McpModule implements ModuleInterface {
     settings(): Promise<{
         mcpAccessEnabled: boolean;
     }>;
+    entities(): Promise<never>;
     shutdown(): Promise<void>;
 }

package/dist/modules/mcp/mcp.module.js

@@ -49,6 +49,9 @@ let McpModule = class McpModule {
     async init() {
         await Promise.resolve().then(() => __importStar(require('./mcp.controller')));
         await Promise.resolve().then(() => __importStar(require('./mcp.settings.controller')));
+        await Promise.resolve().then(() => __importStar(require('./mcp.oauth.controller')));
+        await Promise.resolve().then(() => __importStar(require('./mcp.auth.consent.controller')));
+        await Promise.resolve().then(() => __importStar(require('./mcp.oauth-clients.controller')));
         const { McpEventRelay } = await Promise.resolve().then(() => __importStar(require('./mcp.event-relay')));
         di_1.Container.get(McpEventRelay).init();
     }
@@ -57,6 +60,14 @@ let McpModule = class McpModule {
         const mcpAccessEnabled = await di_1.Container.get(McpSettingsService).getEnabled();
         return { mcpAccessEnabled };
     }
+    async entities() {
+        const { OAuthClient } = await Promise.resolve().then(() => __importStar(require('./database/entities/oauth-client.entity')));
+        const { AuthorizationCode } = await Promise.resolve().then(() => __importStar(require('./database/entities/oauth-authorization-code.entity')));
+        const { AccessToken } = await Promise.resolve().then(() => __importStar(require('./database/entities/oauth-access-token.entity')));
+        const { RefreshToken } = await Promise.resolve().then(() => __importStar(require('./database/entities/oauth-refresh-token.entity')));
+        const { UserConsent } = await Promise.resolve().then(() => __importStar(require('./database/entities/oauth-user-consent.entity')));
+        return [OAuthClient, AuthorizationCode, AccessToken, RefreshToken, UserConsent];
+    }
     async shutdown() { }
 };
 exports.McpModule = McpModule;

package/dist/modules/mcp/mcp.module.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp.module.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.module.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,gDAA4D;AAC5D,gCAAoC;AAQ7B,IAAM,SAAS,GAAf,MAAM,SAAS;IACrB,KAAK,CAAC,IAAI;QACT,wDAAa,kBAAkB,GAAC,CAAC;QACjC,wDAAa,2BAA2B,GAAC,CAAC;QAG1C,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,mBAAmB,GAAC,CAAC;QAC5D,cAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAOD,KAAK,CAAC,QAAQ;QACb,MAAM,EAAE,kBAAkB,EAAE,GAAG,wDAAa,wBAAwB,GAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,MAAM,cAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,UAAU,EAAE,CAAC;QAC9E,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC7B,CAAC;IAGK,AAAN,KAAK,CAAC,QAAQ,KAAI,CAAC;CACnB,CAAA;AAvBY,8BAAS;AAsBf;IADL,IAAA,uBAAU,GAAE;;;;yCACM;oBAtBP,SAAS;IADrB,IAAA,0BAAa,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;GAClB,SAAS,CAuBrB"}
+{"version":3,"file":"mcp.module.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.module.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,gDAA4D;AAC5D,gCAAoC;AAQ7B,IAAM,SAAS,GAAf,MAAM,SAAS;IACrB,KAAK,CAAC,IAAI;QACT,wDAAa,kBAAkB,GAAC,CAAC;QACjC,wDAAa,2BAA2B,GAAC,CAAC;QAC1C,wDAAa,wBAAwB,GAAC,CAAC;QACvC,wDAAa,+BAA+B,GAAC,CAAC;QAC9C,wDAAa,gCAAgC,GAAC,CAAC;QAG/C,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,mBAAmB,GAAC,CAAC;QAC5D,cAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAOD,KAAK,CAAC,QAAQ;QACb,MAAM,EAAE,kBAAkB,EAAE,GAAG,wDAAa,wBAAwB,GAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,MAAM,cAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,UAAU,EAAE,CAAC;QAC9E,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,QAAQ;QACb,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,yCAAyC,GAAC,CAAC;QAChF,MAAM,EAAE,iBAAiB,EAAE,GAAG,wDAC7B,qDAAqD,GACrD,CAAC;QACF,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,+CAA+C,GAAC,CAAC;QACtF,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,gDAAgD,GAAC,CAAC;QACxF,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,+CAA+C,GAAC,CAAC;QAEtF,OAAO,CAAC,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,CAAU,CAAC;IAC1F,CAAC;IAGK,AAAN,KAAK,CAAC,QAAQ,KAAI,CAAC;CACnB,CAAA;AAtCY,8BAAS;AAqCf;IADL,IAAA,uBAAU,GAAE;;;;yCACM;oBArCP,SAAS;IADrB,IAAA,0BAAa,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;GAClB,SAAS,CAsCrB"}

package/dist/modules/mcp/mcp.oauth-clients.controller.d.ts

@@ -0,0 +1,12 @@
+import { DeleteOAuthClientResponseDto, ListOAuthClientsResponseDto } from '@n8n/api-types';
+import { Logger } from '@n8n/backend-common';
+import { AuthenticatedRequest } from '@n8n/db';
+import type { Response } from 'express';
+import { McpOAuthService } from './mcp-oauth-service';
+export declare class McpOAuthClientsController {
+    private readonly mcpOAuthService;
+    private readonly logger;
+    constructor(mcpOAuthService: McpOAuthService, logger: Logger);
+    getAllClients(req: AuthenticatedRequest, _res: Response): Promise<ListOAuthClientsResponseDto>;
+    deleteClient(req: AuthenticatedRequest, _res: Response, clientId: string): Promise<DeleteOAuthClientResponseDto>;
+}

package/dist/modules/mcp/mcp.oauth-clients.controller.js

@@ -0,0 +1,93 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpOAuthClientsController = void 0;
+const backend_common_1 = require("@n8n/backend-common");
+const decorators_1 = require("@n8n/decorators");
+const not_found_error_1 = require("../../errors/response-errors/not-found.error");
+const mcp_oauth_service_1 = require("./mcp-oauth-service");
+let McpOAuthClientsController = class McpOAuthClientsController {
+    constructor(mcpOAuthService, logger) {
+        this.mcpOAuthService = mcpOAuthService;
+        this.logger = logger;
+    }
+    async getAllClients(req, _res) {
+        this.logger.debug('Fetching all OAuth clients for user', { userId: req.user.id });
+        const clients = await this.mcpOAuthService.getAllClients(req.user.id);
+        this.logger.debug(`Found ${clients.length} OAuth clients`);
+        const clientDtos = clients.map((client) => ({
+            id: client.id,
+            name: client.name,
+            redirectUris: client.redirectUris,
+            grantTypes: client.grantTypes,
+            tokenEndpointAuthMethod: client.tokenEndpointAuthMethod,
+            createdAt: client.createdAt.toISOString(),
+            updatedAt: client.updatedAt.toISOString(),
+        }));
+        return {
+            data: clientDtos,
+            count: clients.length,
+        };
+    }
+    async deleteClient(req, _res, clientId) {
+        this.logger.info('Deleting OAuth client', {
+            clientId,
+            userId: req.user.id,
+            userEmail: req.user.email,
+        });
+        try {
+            await this.mcpOAuthService.deleteClient(clientId);
+            this.logger.info('OAuth client deleted successfully', {
+                clientId,
+                userId: req.user.id,
+            });
+            return {
+                success: true,
+                message: `OAuth client ${clientId} has been deleted successfully`,
+            };
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('not found')) {
+                this.logger.warn('Attempted to delete non-existent OAuth client', {
+                    clientId,
+                    userId: req.user.id,
+                });
+                throw new not_found_error_1.NotFoundError(`OAuth client with ID ${clientId} not found`);
+            }
+            throw error;
+        }
+    }
+};
+exports.McpOAuthClientsController = McpOAuthClientsController;
+__decorate([
+    (0, decorators_1.GlobalScope)('mcp:oauth'),
+    (0, decorators_1.Get)('/'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], McpOAuthClientsController.prototype, "getAllClients", null);
+__decorate([
+    (0, decorators_1.GlobalScope)('mcp:oauth'),
+    (0, decorators_1.Delete)('/:clientId'),
+    __param(2, (0, decorators_1.Param)('clientId')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, String]),
+    __metadata("design:returntype", Promise)
+], McpOAuthClientsController.prototype, "deleteClient", null);
+exports.McpOAuthClientsController = McpOAuthClientsController = __decorate([
+    (0, decorators_1.RestController)('/mcp/oauth-clients'),
+    __metadata("design:paramtypes", [mcp_oauth_service_1.McpOAuthService,
+        backend_common_1.Logger])
+], McpOAuthClientsController);
+//# sourceMappingURL=mcp.oauth-clients.controller.js.map

package/dist/modules/mcp/mcp.oauth-clients.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.oauth-clients.controller.js","sourceRoot":"","sources":["../../../src/modules/mcp/mcp.oauth-clients.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAKA,wDAA6C;AAE7C,gDAAkF;AAGlF,8EAAyE;AAEzE,2DAAsD;AAG/C,IAAM,yBAAyB,GAA/B,MAAM,yBAAyB;IACrC,YACkB,eAAgC,EAChC,MAAc;QADd,oBAAe,GAAf,eAAe,CAAiB;QAChC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAOE,AAAN,KAAK,CAAC,aAAa,CAClB,GAAyB,EACzB,IAAc;QAEd,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAElF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEtE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAE3D,MAAM,UAAU,GAA6B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACrE,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;YACvD,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;YACzC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;SACzC,CAAC,CAAC,CAAC;QAEJ,OAAO;YACN,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE,OAAO,CAAC,MAAM;SACrB,CAAC;IACH,CAAC;IAQK,AAAN,KAAK,CAAC,YAAY,CACjB,GAAyB,EACzB,IAAc,EACK,QAAgB;QAEnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;YACzC,QAAQ;YACR,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;YACnB,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAElD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE;gBACrD,QAAQ;gBACR,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;aACnB,CAAC,CAAC;YAEH,OAAO;gBACN,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,gBAAgB,QAAQ,gCAAgC;aACjE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;oBACjE,QAAQ;oBACR,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;iBACnB,CAAC,CAAC;gBACH,MAAM,IAAI,+BAAa,CAAC,wBAAwB,QAAQ,YAAY,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;CACD,CAAA;AA7EY,8DAAyB;AAW/B;IAFL,IAAA,wBAAW,EAAC,WAAW,CAAC;IACxB,IAAA,gBAAG,EAAC,GAAG,CAAC;;;;8DAyBR;AAQK;IAFL,IAAA,wBAAW,EAAC,WAAW,CAAC;IACxB,IAAA,mBAAM,EAAC,YAAY,CAAC;IAInB,WAAA,IAAA,kBAAK,EAAC,UAAU,CAAC,CAAA;;;;6DA8BlB;oCA5EW,yBAAyB;IADrC,IAAA,2BAAc,EAAC,oBAAoB,CAAC;qCAGD,mCAAe;QACxB,uBAAM;GAHpB,yBAAyB,CA6ErC"}

package/dist/modules/mcp/mcp.oauth.controller.d.ts

@@ -0,0 +1,13 @@
+import { StaticRouterMetadata } from '@n8n/decorators';
+import type { Response, Request } from 'express';
+import { UrlService } from '../../services/url.service';
+export declare class McpOAuthController {
+    private readonly urlService;
+    constructor(urlService: UrlService);
+    private setCorsHeaders;
+    static routers: StaticRouterMetadata[];
+    metadataOptions(_req: Request, res: Response): void;
+    metadata(_req: Request, res: Response): void;
+    protectedResourceMetadataOptions(_req: Request, res: Response): void;
+    protectedResourceMetadata(_req: Request, res: Response): void;
+}