oauth2-cli 0.8.1 → 0.8.3

package/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [0.8.3](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.8.2...oauth2-cli/0.8.3) (2026-02-18)
+
+
+### Bug Fixes
+
+* continued server timeout improvements ([2e8d275](https://github.com/battis/oauth2-cli/commit/2e8d275706be411b317e2257bd97ee8f7fe4bc95))
+
+## [0.8.2](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.8.1...oauth2-cli/0.8.2) (2026-02-18)
+
+
+### Features
+
+* isAuthorized() ([56b0436](https://github.com/battis/oauth2-cli/commit/56b0436d98b9d9f213518e806ead846321180a63))
+
+
+### Bug Fixes
+
+* block thread until interactive authorization complete ([fb9987e](https://github.com/battis/oauth2-cli/commit/fb9987e41a5a8f129955bc3e88ab17994860091b)), closes [#22](https://github.com/battis/oauth2-cli/issues/22)
+
 ## [0.8.1](https://github.com/battis/oauth2-cli/compare/oauth2-cli/0.8.0...oauth2-cli/0.8.1) (2026-02-18)
 
 

package/dist/Client.d.ts

@@ -84,6 +84,7 @@ export declare class Client<C extends Credentials = Credentials> extends EventEm
     protected getParameters(session: Session): Promise<URLSearchParams>;
     getAuthorizationUrl(session: Session): Promise<URL>;
     createSession({ views, ...options }: Omit<SessionOptions, 'client'>): Session;
+    isAuthorized(): Promise<boolean>;
     authorize(options?: Omit<SessionOptions, 'client'>): Promise<Token.Response>;
     handleAuthorizationCodeRedirect(req: Request, session: Session): Promise<void>;
     protected refreshTokenGrant({ refresh_token, inject: request }?: RefreshOptions): Promise<Token.Response | undefined>;

package/dist/Client.js

@@ -91,6 +91,16 @@ export class Client extends EventEmitter {
             ...options
         });
     }
+    async isAuthorized() {
+        if (this.token?.expiresIn()) {
+            return true;
+        }
+        else {
+            return await this.tokenLock.runExclusive(async () => {
+                return !!(await this.refreshTokenGrant());
+            });
+        }
+    }
     async authorize(options = {}) {
         const session = this.createSession(options);
         const token = await this.save(await session.authorizationCodeGrant());
@@ -98,16 +108,20 @@ export class Client extends EventEmitter {
     }
     async handleAuthorizationCodeRedirect(req, session) {
         try {
-            const response = await OpenIDClient.authorizationCodeGrant(await this.getConfiguration(), new URL(req.url, this.redirect_uri), {
+            /**
+             * Do _NOT_ await this promise: the WebServer needs to send the
+             * authorization complete response asynchronously before this can resolve,
+             * and awaiting session.resolve() will block that response.
+             */
+            session.resolve(await OpenIDClient.authorizationCodeGrant(await this.getConfiguration(), new URL(req.url, this.redirect_uri), {
                 pkceCodeVerifier: session.code_verifier,
                 expectedState: session.state
             }, this.inject?.search
                 ? requestish.URLSearchParams.from(this.inject.search)
-                : undefined);
-            await session.resolve(response);
+                : undefined));
         }
-        catch (error) {
-            await session.resolve(undefined, error);
+        catch (cause) {
+            session.reject(new Error('Error making Authorization Code Grant request', { cause }));
         }
     }
     async refreshTokenGrant({ refresh_token = this.token?.refresh_token, inject: request } = {}) {

package/dist/Session.d.ts

@@ -11,7 +11,7 @@ export type SessionOptions = {
     /** Additional request injection for authorization code grant flow */
     inject?: Injection;
 };
-export type Resolver = (response?: Token.Response, error?: Error) => void | Promise<void>;
+export type SessionResolver = (response: Token.Response) => void | Promise<void>;
 export declare class Session {
     private readonly client;
     private readonly outOfBandRedirectServer;
@@ -21,19 +21,21 @@ export declare class Session {
     readonly state: string;
     /** Additional request injection for Authorization Code Grant request */
     readonly inject?: Injection;
+    private spinner;
     private _resolve?;
-    private spinner?;
     /**
      * Method that resolves or rejects the promise returned from the
      * {@link authorizationCodeGrant}
      */
-    get resolve(): Resolver;
+    get resolve(): SessionResolver;
+    reject(cause: unknown): void;
     constructor({ client, views, inject: request }: SessionOptions);
     /** Instantiate the web server that will listen for the out-of-band redirect */
-    createWebServer(options: Omit<WebServer.WebServerOptions, 'session'>): WebServer.WebServerInterface;
+    protected instantiateWebServer(options: Omit<WebServer.WebServerOptions, 'session'>): WebServer.WebServerInterface;
     /**
      * Trigger the start of the Authorization Code Grant flow, returnig a Promise
-     * that will resolve into the eventual token
+     * that will resolve into the eventual token. This will close the out-of-band
+     * redirect server that creating the session started.
      */
     authorizationCodeGrant(): Promise<Token.Response>;
     /** OAuth 2.0 redirect_uri that this session is handling */

package/dist/Session.js

@@ -1,6 +1,5 @@
 import { Colors } from '@qui-cli/colors';
 import * as gcrtl from 'gcrtl';
-import open from 'open';
 import * as OpenIDClient from 'openid-client';
 import ora from 'ora';
 import * as WebServer from './WebServer.js';
@@ -13,49 +12,87 @@ export class Session {
     state = OpenIDClient.randomState();
     /** Additional request injection for Authorization Code Grant request */
     inject;
-    _resolve;
     spinner;
+    _resolve;
     /**
      * Method that resolves or rejects the promise returned from the
      * {@link authorizationCodeGrant}
      */
     get resolve() {
         if (!this._resolve) {
-            throw new Error('callback is missing');
+            throw new Error(`Session resolve method is ${this._resolve}`);
         }
         return this._resolve;
     }
+    reject(cause) {
+        throw new Error('Session failed', { cause });
+    }
     constructor({ client, views, inject: request }) {
+        this.spinner = ora('Awaiting interactive authorization').start();
         this.client = client;
         this.inject = request;
-        this.outOfBandRedirectServer = this.createWebServer({ views });
+        this.outOfBandRedirectServer = this.instantiateWebServer({ views });
     }
     /** Instantiate the web server that will listen for the out-of-band redirect */
-    createWebServer(options) {
+    instantiateWebServer(options) {
         return new WebServer.WebServer({ session: this, ...options });
     }
     /**
      * Trigger the start of the Authorization Code Grant flow, returnig a Promise
-     * that will resolve into the eventual token
+     * that will resolve into the eventual token. This will close the out-of-band
+     * redirect server that creating the session started.
      */
-    authorizationCodeGrant() {
-        return new Promise((resolve, reject) => {
-            this._resolve = async (response, error) => {
-                if (error) {
-                    reject(error);
-                }
-                if (response) {
-                    resolve(response);
-                }
-                else {
-                    reject(new Error('Authorization Code Grant response undefined.'));
-                }
-            };
-            const url = gcrtl
-                .expand(this.outOfBandRedirectServer.authorization_endpoint, this.client.redirect_uri)
-                .toString();
-            this.spinner = ora(`Waiting for interactive authorization at ${Colors.url(url)}`).start();
-            open(url);
+    async authorizationCodeGrant() {
+        return await new Promise((resolve, reject) => {
+            try {
+                this._resolve = (response) => {
+                    let closed = false;
+                    this.spinner.text =
+                        'Waiting for out-of-band redirect server to shut down';
+                    this.outOfBandRedirectServer.close().then(() => {
+                        closed = true;
+                        this.spinner.succeed('Interactive authorization complete');
+                        resolve(response);
+                    });
+                    setTimeout(() => {
+                        if (!closed) {
+                            this.spinner.text =
+                                'Still waiting for out-of-band redirect server to shut down.\n' +
+                                    '  Your browser may be holding the connection to the server open.\n\n' +
+                                    '  Please close the "Authorization Complete" tab in your browser.';
+                        }
+                    }, 5000);
+                    setTimeout(() => {
+                        if (!closed) {
+                            this.spinner.text =
+                                'Still waiting for out-of-band redirect server to shut down.\n' +
+                                    '  Your browser may be holding the connection to the server open.\n\n' +
+                                    '  Please close the browser window.';
+                        }
+                    }, 10000);
+                    setTimeout(() => {
+                        if (!closed) {
+                            this.spinner.text =
+                                'Still waiting for out-of-band redirect server to shut down.\n' +
+                                    '  Your browser may be holding the connection to the server open.\n\n' +
+                                    '  Please quit the browser.';
+                        }
+                    }, 15000);
+                };
+                const url = gcrtl
+                    .expand(this.outOfBandRedirectServer.authorization_endpoint, this.client.redirect_uri)
+                    .toString();
+                //open(url);
+                this.spinner.text = `Please continue interactive authorization at ${Colors.url(url)} in your browser`;
+            }
+            catch (cause) {
+                this.spinner.text =
+                    'Waiting for out-of-band redirect server to shut down';
+                this.outOfBandRedirectServer.close().then(() => {
+                    this.spinner.fail('Interactive authorization failed');
+                    reject(new Error('Error in Authorization Code flow', { cause }));
+                });
+            }
         });
     }
     /** OAuth 2.0 redirect_uri that this session is handling */
@@ -70,7 +107,8 @@ export class Session {
      * Code Grant flow
      */
     async handleAuthorizationCodeRedirect(req) {
-        this.spinner?.succeed('Interactive authorization begun');
+        this.spinner.text =
+            'Completing access token request with provided authorization code';
         return await this.client.handleAuthorizationCodeRedirect(req, this);
     }
 }

package/dist/WebServer.d.ts

@@ -15,11 +15,22 @@ export type WebServerOptions = {
      * URL, the first step in the Authorization Code Grant flow.
      */
     authorize_endpoint?: PathString;
+    /**
+     * The number of milliseconds of inactivity before a socket is presumed to
+     * have timed out. This can be reduced to limit potential wait times during
+     * interactive authentication, but must still be long enough to allow time for
+     * the authorization code to be exchanged for an access token.
+     *
+     * Defaults to 1000 milliseconds
+     */
+    timeout?: number;
 };
 export declare const DEFAULT_AUTHORIZE_ENDPOINT = "/oauth2-cli/authorize";
 export interface WebServerInterface {
     /** See {@link WebServerOptions} */
     readonly authorization_endpoint: PathString;
+    /** Shut down web server */
+    close(): Promise<void>;
 }
 /**
  * Minimal HTTP server running on localhost to handle the redirect step of
@@ -33,7 +44,7 @@ export declare class WebServer implements WebServerInterface {
     protected readonly port: string;
     readonly authorization_endpoint: PathString;
     private server;
-    constructor({ session, views, authorize_endpoint }: WebServerOptions);
+    constructor({ session, views, authorize_endpoint, timeout }: WebServerOptions);
     /**
      * Set the path to folder of *.ejs templates
      *
@@ -59,6 +70,6 @@ export declare class WebServer implements WebServerInterface {
     protected handleAuthorizationEndpoint(req: Request, res: Response): Promise<void>;
     /** Handles request to `redirect_uri` */
     protected handleRedirect(req: Request, res: Response): Promise<void>;
-    /** Close server */
+    /** Shut down web server */
     close(): Promise<void>;
 }

package/dist/WebServer.js

@@ -23,7 +23,8 @@ export class WebServer {
     port;
     authorization_endpoint;
     server;
-    constructor({ session, views, authorize_endpoint = DEFAULT_AUTHORIZE_ENDPOINT }) {
+    constructor({ session, views, authorize_endpoint = DEFAULT_AUTHORIZE_ENDPOINT, timeout = 1000 // milliseconds
+     }) {
         this.session = session;
         this.authorization_endpoint = authorize_endpoint;
         this.views = views;
@@ -37,6 +38,9 @@ export class WebServer {
         app.get(this.authorization_endpoint, this.handleAuthorizationEndpoint.bind(this));
         app.get(gcrtl.path(url), this.handleRedirect.bind(this));
         this.server = app.listen(gcrtl.port(url));
+        this.server.timeout = timeout;
+        this.server.keepAliveTimeout = 0;
+        this.server.keepAliveTimeoutBuffer = 0;
     }
     /**
      * Set the path to folder of *.ejs templates
@@ -79,6 +83,7 @@ export class WebServer {
         const authorization_url = await this.session.getAuthorizationUrl();
         if (!(await this.render(res, 'authorize.ejs', { authorization_url }))) {
             res.redirect(authorization_url);
+            res.end();
         }
     }
     /** Handles request to `redirect_uri` */
@@ -86,7 +91,7 @@ export class WebServer {
         try {
             await this.session.handleAuthorizationCodeRedirect(req);
             if (!(await this.render(res, 'complete.ejs'))) {
-                res.send('You may close this window.');
+                res.send('Authorization complete. You may close this window.');
             }
         }
         catch (error) {
@@ -94,16 +99,15 @@ export class WebServer {
                 res.send(error);
             }
         }
-        finally {
-            this.close();
-        }
     }
-    /** Close server */
+    /** Shut down web server */
     async close() {
         return new Promise((resolve, reject) => {
-            this.server.close((err) => {
-                if (err) {
-                    reject(err);
+            this.server.close((cause) => {
+                if (cause) {
+                    reject(new Error('Error shutting down out-of-band redirect web server', {
+                        cause
+                    }));
                 }
                 else {
                     WebServer.activePorts.splice(WebServer.activePorts.indexOf(this.port), 1);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oauth2-cli",
-  "version": "0.8.1",
+  "version": "0.8.3",
   "description": "Acquire API access tokens via OAuth 2.0 within CLI tools",
   "homepage": "https://github.com/battis/oauth2-cli/tree/main/packages/oauth2-cli#readme",
   "repository": {
@@ -20,7 +20,6 @@
     "async-mutex": "^0.5.0",
     "express": "^5.2.1",
     "oauth4webapi": "^3.8.5",
-    "open": "^11.0.0",
     "openid-client": "^6.8.2",
     "ora": "^9.3.0",
     "gcrtl": "0.1.7",

package/views/error.ejs

@@ -32,9 +32,7 @@
       <div class="center container">
         <h1>Authorization Error</h1>
         <div class="alert alert-danger" role="alert">
-          <% if (typeof error === 'string') { %><%= error %><<% } else { %>
-          <pre><%= JSON.stringify(error,null,2) %></pre>
-          <% } %>
+          <pre><%= JSON.stringify(error, null, 2) %></pre>
         </div>
         <p>You may close this window.</p>
       </div>