oauth-callback 1.0.0 → 1.2.0

package/README.md

@@ -5,7 +5,7 @@
 [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/kriasoft/oauth-callback/blob/main/LICENSE)
 [![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/)
 
-A lightweight local HTTP server for handling OAuth 2.0 authorization callbacks in Node.js, Deno, and Bun applications. Perfect for CLI tools, desktop applications, and development environments that need to capture OAuth authorization codes.
+A lightweight OAuth 2.0 callback handler for Node.js, Deno, and Bun with built-in browser flow and MCP SDK integration. Perfect for CLI tools, desktop applications, and development environments that need to capture OAuth authorization codes.
 
 <div align="center">
   <img src="https://raw.githubusercontent.com/kriasoft/oauth-callback/main/examples/notion.gif" alt="OAuth Callback Demo" width="100%" style="max-width: 800px; height: auto;">
@@ -15,10 +15,12 @@ A lightweight local HTTP server for handling OAuth 2.0 authorization callbacks i
 
 - 🚀 **Multi-runtime support** - Works with Node.js 18+, Deno, and Bun
 - 🔒 **Secure localhost-only server** for OAuth callbacks
+- 🤖 **MCP SDK integration** - Built-in OAuth provider for Model Context Protocol
 - ⚡ **Minimal dependencies** - Only requires `open` package
 - 🎯 **TypeScript support** out of the box
 - 🛡️ **Comprehensive OAuth error handling** with detailed error classes
 - 🔄 **Automatic server cleanup** after callback
+- 💾 **Flexible token storage** - In-memory and file-based options
 - 🎪 **Clean success pages** with animated checkmark
 - 🎨 **Customizable HTML templates** with placeholder support
 - 🚦 **AbortSignal support** for programmatic cancellation
@@ -47,6 +49,14 @@ const result = await getAuthCode(
   "https://example.com/oauth/authorize?client_id=xxx&redirect_uri=http://localhost:3000/callback",
 );
 console.log("Authorization code:", result.code);
+
+// MCP SDK integration - use specific import
+import { browserAuth, fileStore } from "oauth-callback/mcp";
+const authProvider = browserAuth({ store: fileStore() });
+
+// Or via namespace import
+import { mcp } from "oauth-callback";
+const authProvider = mcp.browserAuth({ store: mcp.fileStore() });
 ```
 
 ## Usage Examples
@@ -124,6 +134,71 @@ const microsoftAuth = await getAuthCode(
 );
 ```
 
+### MCP SDK Integration
+
+The `browserAuth()` function provides a drop-in OAuth provider for the Model Context Protocol SDK:
+
+```typescript
+import { browserAuth, inMemoryStore } from "oauth-callback/mcp";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+
+// Create MCP-compatible OAuth provider
+const authProvider = browserAuth({
+  port: 3000,
+  scope: "read write",
+  store: inMemoryStore(), // Or fileStore() for persistence
+});
+
+// Use with MCP SDK transport
+const transport = new StreamableHTTPClientTransport(
+  new URL("https://mcp.notion.com/mcp"),
+  { authProvider },
+);
+
+const client = new Client(
+  { name: "my-app", version: "1.0.0" },
+  { capabilities: {} },
+);
+
+await client.connect(transport);
+```
+
+#### Token Storage Options
+
+```typescript
+import { browserAuth, inMemoryStore, fileStore } from "oauth-callback/mcp";
+
+// Ephemeral storage (tokens lost on restart)
+const ephemeralAuth = browserAuth({
+  store: inMemoryStore(),
+});
+
+// Persistent file storage (default: ~/.mcp/tokens.json)
+const persistentAuth = browserAuth({
+  store: fileStore(),
+  storeKey: "my-app-tokens", // Namespace for multiple apps
+});
+
+// Custom file location
+const customAuth = browserAuth({
+  store: fileStore("/path/to/tokens.json"),
+});
+```
+
+#### Pre-configured Client Credentials
+
+If you have pre-registered OAuth client credentials:
+
+```typescript
+const authProvider = browserAuth({
+  clientId: "your-client-id",
+  clientSecret: "your-client-secret",
+  scope: "read write",
+  store: fileStore(), // Persist tokens across sessions
+});
+```
+
 ### Advanced Usage
 
 ```typescript
@@ -206,6 +281,50 @@ class OAuthError extends Error {
 }
 ```
 
+### `browserAuth(options)`
+
+Available from `oauth-callback/mcp`. Creates an MCP SDK-compatible OAuth provider for browser-based flows. Handles Dynamic Client Registration (DCR), token storage, and automatic refresh.
+
+#### Parameters
+
+- `options` (BrowserAuthOptions): Configuration object with:
+  - `port` (number): Port for callback server (default: 3000)
+  - `hostname` (string): Hostname to bind to (default: "localhost")
+  - `callbackPath` (string): URL path for OAuth callback (default: "/callback")
+  - `scope` (string): OAuth scopes to request
+  - `clientId` (string): Pre-registered client ID (optional)
+  - `clientSecret` (string): Pre-registered client secret (optional)
+  - `store` (TokenStore): Token storage implementation (default: inMemoryStore())
+  - `storeKey` (string): Storage key for tokens (default: "mcp-tokens")
+  - `authTimeout` (number): Authorization timeout in ms (default: 300000)
+  - `successHtml` (string): Custom success page HTML
+  - `errorHtml` (string): Custom error page HTML
+  - `onRequest` (function): Request logging callback
+
+#### Returns
+
+OAuthClientProvider compatible with MCP SDK transports.
+
+### `inMemoryStore()`
+
+Available from `oauth-callback/mcp`. Creates an ephemeral in-memory token store. Tokens are lost when the process exits.
+
+#### Returns
+
+TokenStore implementation for temporary token storage.
+
+### `fileStore(filepath?)`
+
+Available from `oauth-callback/mcp`. Creates a persistent file-based token store.
+
+#### Parameters
+
+- `filepath` (string): Optional custom file path (default: `~/.mcp/tokens.json`)
+
+#### Returns
+
+TokenStore implementation for persistent token storage.
+
 ## How It Works
 
 1. **Server Creation**: Creates a temporary HTTP server on the specified port
@@ -279,7 +398,8 @@ This example demonstrates:
 - Dynamic Client Registration (OAuth 2.0 DCR) - no pre-configured client ID/secret needed
 - Integration with Model Context Protocol (MCP) servers
 - Automatic client registration with the authorization server
-- Using the MCP SDK's OAuth capabilities
+- Using `browserAuth()` provider with MCP SDK's `StreamableHTTPClientTransport`
+- Token persistence with `inMemoryStore()` for ephemeral sessions
 
 ## Development
 

package/dist/auth/browser-auth.d.ts

@@ -0,0 +1,18 @@
+import type { BrowserAuthOptions } from "../mcp-types";
+import type { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
+/**
+ * Factory for MCP SDK-compatible OAuth provider using browser flow.
+ *
+ * @param options Configuration for OAuth flow behavior
+ * @returns OAuthClientProvider for MCP SDK transport
+ *
+ * @example
+ * ```typescript
+ * const transport = new StreamableHTTPClientTransport(
+ *   new URL("https://mcp.notion.com/mcp"),
+ *   { authProvider: browserAuth() }
+ * );
+ * ```
+ */
+export declare function browserAuth(options?: BrowserAuthOptions): OAuthClientProvider;
+//# sourceMappingURL=browser-auth.d.ts.map

package/dist/auth/browser-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-auth.d.ts","sourceRoot":"","sources":["../../src/auth/browser-auth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,kBAAkB,EAMnB,MAAM,cAAc,CAAC;AAKtB,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AAQpF;;;;;;;;;;;;;GAaG;AACH,wBAAgB,WAAW,CACzB,OAAO,GAAE,kBAAuB,GAC/B,mBAAmB,CAErB"}

package/dist/auth/browser-auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=browser-auth.test.d.ts.map

package/dist/auth/browser-auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-auth.test.d.ts","sourceRoot":"","sources":["../../src/auth/browser-auth.test.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -3,27 +3,26 @@ import type { GetAuthCodeOptions } from "./types";
 export type { CallbackResult, CallbackServer, ServerOptions } from "./server";
 export { OAuthError } from "./errors";
 export type { GetAuthCodeOptions } from "./types";
+export { inMemoryStore } from "./storage/memory";
+export { fileStore } from "./storage/file";
+import * as mcp from "./mcp";
+export { mcp };
 /**
- * Get the OAuth authorization code from the authorization URL.
+ * Captures OAuth authorization code via localhost callback.
+ * Opens browser to auth URL, waits for provider redirect to localhost.
  *
- * Creates a temporary local HTTP server to handle the OAuth callback,
- * opens the authorization URL in the user's browser, and waits for the
- * OAuth provider to redirect back with an authorization code.
- *
- * @param input - Either a string containing the OAuth authorization URL,
- *                or a GetAuthCodeOptions object with detailed configuration
- * @returns Promise that resolves to CallbackResult containing the authorization code
- *          and other parameters, or rejects with OAuthError if authorization fails
- * @throws {OAuthError} When OAuth provider returns an error (e.g., access_denied)
- * @throws {Error} For timeout, network errors, or other unexpected failures
+ * @param input - Auth URL string or GetAuthCodeOptions with config
+ * @returns Promise<CallbackResult> with code and params
+ * @throws {OAuthError} Provider errors (access_denied, invalid_scope)
+ * @throws {Error} Timeout, network failures, port conflicts
  *
  * @example
  * ```typescript
- * // Simple usage with URL string
+ * // Simple
  * const result = await getAuthCode('https://oauth.example.com/authorize?...');
  * console.log('Code:', result.code);
  *
- * // Advanced usage with options
+ * // Custom port/timeout
  * const result = await getAuthCode({
  *   authorizationUrl: 'https://oauth.example.com/authorize?...',
  *   port: 8080,

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAaA,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAGlD,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAElD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,kBAAkB,GAAG,MAAM,GACjC,OAAO,CAAC,cAAc,CAAC,CAqEzB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAElD,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAGlD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAG3C,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,CAAC;AAEf;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,kBAAkB,GAAG,MAAM,GACjC,OAAO,CAAC,cAAc,CAAC,CA8DzB"}

package/dist/index.js

@@ -15,6 +15,15 @@ var __toESM = (mod, isNodeMode, target) => {
       });
   return to;
 };
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // node_modules/open/index.js
@@ -946,7 +955,394 @@ function createCallbackServer() {
   }
   return new NodeCallbackServer;
 }
+// src/storage/memory.ts
+function inMemoryStore() {
+  const store = new Map;
+  return {
+    async get(key) {
+      return store.get(key) ?? null;
+    },
+    async set(key, tokens) {
+      store.set(key, tokens);
+    },
+    async delete(key) {
+      store.delete(key);
+    },
+    async clear() {
+      store.clear();
+    }
+  };
+}
+// src/storage/file.ts
+import * as fs6 from "node:fs/promises";
+import * as path2 from "node:path";
+import * as os2 from "node:os";
+function fileStore(filepath) {
+  const file = filepath ?? path2.join(os2.homedir(), ".mcp", "tokens.json");
+  async function ensureDir() {
+    await fs6.mkdir(path2.dirname(file), { recursive: true });
+  }
+  async function readStore() {
+    try {
+      const data = await fs6.readFile(file, "utf-8");
+      return JSON.parse(data);
+    } catch {
+      return {};
+    }
+  }
+  async function writeStore(data) {
+    await ensureDir();
+    await fs6.writeFile(file, JSON.stringify(data, null, 2), "utf-8");
+  }
+  return {
+    async get(key) {
+      const store = await readStore();
+      return store[key] ?? null;
+    },
+    async set(key, tokens) {
+      const store = await readStore();
+      store[key] = tokens;
+      await writeStore(store);
+    },
+    async delete(key) {
+      const store = await readStore();
+      delete store[key];
+      await writeStore(store);
+    },
+    async clear() {
+      await writeStore({});
+    }
+  };
+}
+// src/mcp.ts
+var exports_mcp = {};
+__export(exports_mcp, {
+  inMemoryStore: () => inMemoryStore,
+  fileStore: () => fileStore,
+  browserAuth: () => browserAuth
+});
+
+// src/auth/browser-auth.ts
+import { randomBytes } from "node:crypto";
+
+// src/utils/token.ts
+function calculateExpiry(expiresIn) {
+  if (!expiresIn)
+    return;
+  return Date.now() + expiresIn * 1000;
+}
+
+// src/auth/browser-auth.ts
+function browserAuth(options = {}) {
+  return new BrowserOAuthProvider(options);
+}
 
+class BrowserOAuthProvider {
+  _store;
+  _storeKey;
+  _port;
+  _hostname;
+  _callbackPath;
+  _authTimeout;
+  _usePKCE;
+  _openBrowser;
+  _clientId;
+  _clientSecret;
+  _scope;
+  _successHtml;
+  _errorHtml;
+  _onRequest;
+  _clientInfo;
+  _tokens;
+  _codeVerifier;
+  _pendingAuthCode;
+  _pendingAuthState;
+  _isExchangingCode = false;
+  _tokensLoaded = false;
+  _loadingTokens;
+  _authInProgress;
+  _refreshInProgress;
+  constructor(options = {}) {
+    this._store = options.store ?? inMemoryStore();
+    this._storeKey = options.storeKey ?? "mcp-tokens";
+    this._port = options.port ?? 3000;
+    this._hostname = options.hostname ?? "localhost";
+    this._callbackPath = options.callbackPath ?? "/callback";
+    this._authTimeout = options.authTimeout ?? 300000;
+    this._usePKCE = options.usePKCE ?? true;
+    this._openBrowser = options.openBrowser ?? true;
+    this._clientId = options.clientId;
+    this._clientSecret = options.clientSecret;
+    this._scope = options.scope;
+    this._successHtml = options.successHtml;
+    this._errorHtml = options.errorHtml;
+    this._onRequest = options.onRequest;
+  }
+  async _ensureTokensLoaded() {
+    if (this._tokensLoaded)
+      return;
+    if (!this._loadingTokens) {
+      this._loadingTokens = this._loadStoredData();
+    }
+    await this._loadingTokens;
+  }
+  async _loadStoredData() {
+    try {
+      const stored = await this._store.get(this._storeKey);
+      if (stored) {
+        this._tokens = {
+          access_token: stored.accessToken,
+          token_type: "Bearer",
+          refresh_token: stored.refreshToken,
+          expires_in: stored.expiresAt ? Math.floor((stored.expiresAt - Date.now()) / 1000) : undefined,
+          scope: stored.scope
+        };
+      }
+      if (this._isOAuthStore(this._store)) {
+        const clientInfo = await this._store.getClient(this._storeKey);
+        if (clientInfo) {
+          this._clientInfo = {
+            client_id: clientInfo.clientId,
+            client_secret: clientInfo.clientSecret,
+            client_id_issued_at: clientInfo.clientIdIssuedAt,
+            client_secret_expires_at: clientInfo.clientSecretExpiresAt,
+            redirect_uris: [this.redirectUrl]
+          };
+        }
+        const session = await this._store.getSession(this._storeKey);
+        if (session) {
+          this._codeVerifier = session.codeVerifier;
+        }
+      }
+      this._tokensLoaded = true;
+    } catch (error) {
+      console.warn("Failed to load stored data:", error);
+      this._tokensLoaded = true;
+    }
+  }
+  _isOAuthStore(store) {
+    return typeof store.getClient === "function";
+  }
+  get redirectUrl() {
+    return `http://${this._hostname}:${this._port}${this._callbackPath}`;
+  }
+  get clientMetadata() {
+    return {
+      client_name: "OAuth Callback Handler",
+      client_uri: "https://github.com/kriasoft/oauth-callback",
+      redirect_uris: [this.redirectUrl],
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      scope: this._scope,
+      token_endpoint_auth_method: this._clientSecret ? "client_secret_post" : "none"
+    };
+  }
+  async state() {
+    const buffer = randomBytes(32);
+    return buffer.toString("base64url");
+  }
+  async clientInformation() {
+    if (this._clientId) {
+      return {
+        client_id: this._clientId,
+        client_secret: this._clientSecret
+      };
+    }
+    if (this._clientInfo) {
+      return {
+        client_id: this._clientInfo.client_id,
+        client_secret: this._clientInfo.client_secret
+      };
+    }
+    return;
+  }
+  async saveClientInformation(clientInformation) {
+    this._clientInfo = clientInformation;
+    if (this._isOAuthStore(this._store)) {
+      const clientInfo = {
+        clientId: clientInformation.client_id,
+        clientSecret: clientInformation.client_secret,
+        clientIdIssuedAt: clientInformation.client_id_issued_at,
+        clientSecretExpiresAt: clientInformation.client_secret_expires_at
+      };
+      await this._store.setClient(this._storeKey, clientInfo);
+    }
+  }
+  async tokens() {
+    await this._ensureTokensLoaded();
+    if (!this._tokens) {
+      return;
+    }
+    const stored = await this._store.get(this._storeKey);
+    if (stored?.expiresAt) {
+      if (Date.now() >= stored.expiresAt - 60000) {
+        if (this._tokens.refresh_token) {
+          try {
+            await this._refreshTokens();
+            return this._tokens;
+          } catch (error) {
+            console.warn("Token refresh failed:", error);
+            return;
+          }
+        }
+        return;
+      }
+    }
+    return this._tokens;
+  }
+  async saveTokens(tokens) {
+    this._tokens = tokens;
+    this._tokensLoaded = true;
+    const storedTokens = {
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token,
+      expiresAt: tokens.expires_in ? calculateExpiry(tokens.expires_in) : undefined,
+      scope: tokens.scope
+    };
+    await this._store.set(this._storeKey, storedTokens);
+  }
+  async redirectToAuthorization(authorizationUrl) {
+    if (this._authInProgress) {
+      await this._authInProgress;
+      return;
+    }
+    this._authInProgress = this._doAuthorization(authorizationUrl);
+    try {
+      await this._authInProgress;
+    } finally {
+      this._authInProgress = undefined;
+    }
+  }
+  async _doAuthorization(authorizationUrl) {
+    let lastError;
+    const maxRetries = 2;
+    for (let attempt = 0;attempt <= maxRetries; attempt++) {
+      try {
+        const result = await getAuthCode({
+          authorizationUrl: authorizationUrl.href,
+          port: this._port,
+          hostname: this._hostname,
+          callbackPath: this._callbackPath,
+          timeout: this._authTimeout,
+          openBrowser: typeof this._openBrowser === "boolean" ? this._openBrowser : true,
+          successHtml: this._successHtml,
+          errorHtml: this._errorHtml,
+          onRequest: this._onRequest
+        });
+        this._pendingAuthCode = result.code;
+        this._pendingAuthState = result.state;
+        setTimeout(() => {
+          if (this._pendingAuthCode === result.code) {
+            this._pendingAuthCode = undefined;
+            this._pendingAuthState = undefined;
+          }
+        }, this._authTimeout);
+        return;
+      } catch (error) {
+        lastError = error instanceof Error ? error : new Error(String(error));
+        if (error instanceof OAuthError) {
+          throw error;
+        }
+        if (attempt < maxRetries) {
+          console.warn(`Auth attempt ${attempt + 1} failed, retrying...`, error);
+          await new Promise((resolve) => setTimeout(resolve, 1000 * (attempt + 1)));
+        }
+      }
+    }
+    throw new Error(`OAuth authorization failed after ${maxRetries + 1} attempts: ${lastError?.message}`);
+  }
+  async saveCodeVerifier(codeVerifier) {
+    this._codeVerifier = codeVerifier;
+    if (this._isOAuthStore(this._store)) {
+      const session = {
+        codeVerifier,
+        state: this._pendingAuthState
+      };
+      await this._store.setSession(this._storeKey, session);
+    }
+  }
+  async codeVerifier() {
+    if (!this._codeVerifier) {
+      throw new Error("Code verifier not found");
+    }
+    return this._codeVerifier;
+  }
+  async invalidateCredentials(scope) {
+    if (scope === "all" && this._isExchangingCode) {
+      this._tokens = undefined;
+      await this._store.delete(this._storeKey);
+      return;
+    }
+    if (this._isExchangingCode && (scope === "client" || scope === "all")) {
+      this._isExchangingCode = false;
+    }
+    switch (scope) {
+      case "all":
+        this._clientInfo = undefined;
+        this._tokens = undefined;
+        this._codeVerifier = undefined;
+        this._tokensLoaded = false;
+        await this._store.clear();
+        break;
+      case "client":
+        this._clientInfo = undefined;
+        if (this._isOAuthStore(this._store)) {
+          await this._store.setClient(this._storeKey, {
+            clientId: ""
+          });
+        }
+        break;
+      case "tokens":
+        this._tokens = undefined;
+        await this._store.delete(this._storeKey);
+        break;
+      case "verifier":
+        this._codeVerifier = undefined;
+        if (this._isOAuthStore(this._store)) {
+          await this._store.setSession(this._storeKey, {});
+        }
+        break;
+    }
+  }
+  async validateResourceURL(_serverUrl, _resource) {
+    return;
+  }
+  getPendingAuthCode() {
+    if (this._pendingAuthCode) {
+      const result = {
+        code: this._pendingAuthCode,
+        state: this._pendingAuthState
+      };
+      this._isExchangingCode = true;
+      this._pendingAuthCode = undefined;
+      this._pendingAuthState = undefined;
+      return result;
+    }
+    return;
+  }
+  async _refreshTokens() {
+    if (this._refreshInProgress) {
+      await this._refreshInProgress;
+      return;
+    }
+    this._refreshInProgress = this._doRefreshTokens();
+    try {
+      await this._refreshInProgress;
+    } finally {
+      this._refreshInProgress = undefined;
+    }
+  }
+  async _doRefreshTokens() {
+    if (!this._tokens?.refresh_token) {
+      throw new Error("No refresh token available");
+    }
+    const clientInfo = await this.clientInformation();
+    if (!clientInfo?.client_id) {
+      throw new Error("No client information available for refresh");
+    }
+    throw new Error("Token refresh not yet implemented - requires token endpoint URL");
+  }
+}
 // src/index.ts
 async function getAuthCode(input) {
   const options = typeof input === "string" ? { authorizationUrl: input } : input;
@@ -994,6 +1390,9 @@ async function getAuthCode(input) {
   }
 }
 export {
+  exports_mcp as mcp,
+  inMemoryStore,
   getAuthCode,
+  fileStore,
   OAuthError
 };