zuplo 6.71.6 → 6.71.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/docs/articles/graphql.mdx +4 -6
- package/docs/policies/mcp-auth0-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-cognito-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-entra-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-google-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-keycloak-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-logto-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-okta-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-ping-oauth-inbound/schema.json +7 -0
- package/docs/policies/mcp-workos-oauth-inbound/schema.json +7 -0
- package/package.json +4 -4
|
@@ -119,16 +119,14 @@ per API.
|
|
|
119
119
|
|
|
120
120
|
Import `graphqlPlugin` and add an instance per API. The `path` is where the docs
|
|
121
121
|
mount, and `schema` points at your GraphQL API — either a live endpoint URL or a
|
|
122
|
-
path to a schema definition language (SDL) file. Define the `path` once
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
the plugin isn't mounted at:
|
|
122
|
+
path to a schema definition language (SDL) file. Define the `path` once as a
|
|
123
|
+
const and reference the same value from both the plugin and the navigation link,
|
|
124
|
+
so the link can never point at a path the plugin isn't mounted at:
|
|
126
125
|
|
|
127
126
|
```tsx title="zudoku.config.tsx"
|
|
128
127
|
import { graphqlPlugin } from "@zudoku/plugin-graphql";
|
|
129
|
-
import { createPath } from "zudoku";
|
|
130
128
|
|
|
131
|
-
const graphqlPath =
|
|
129
|
+
const graphqlPath = "/graphql";
|
|
132
130
|
|
|
133
131
|
const config = {
|
|
134
132
|
navigation: [
|
|
@@ -177,6 +177,12 @@
|
|
|
177
177
|
"type": "integer",
|
|
178
178
|
"minimum": 1,
|
|
179
179
|
"default": 28800
|
|
180
|
+
},
|
|
181
|
+
"pkce": {
|
|
182
|
+
"type": "string",
|
|
183
|
+
"enum": ["S256", "none"],
|
|
184
|
+
"default": "none",
|
|
185
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
180
186
|
}
|
|
181
187
|
}
|
|
182
188
|
}
|
|
@@ -191,6 +197,7 @@
|
|
|
191
197
|
"audience": "https://gateway.example.com",
|
|
192
198
|
"auth0Domain": "my-tenant.us.auth0.com",
|
|
193
199
|
"browserLoginOverrides": {
|
|
200
|
+
"pkce": "none",
|
|
194
201
|
"remoteTimeoutMs": 10000,
|
|
195
202
|
"sessionTtlSeconds": 28800,
|
|
196
203
|
"stateTtlSeconds": 900
|
|
@@ -117,6 +117,12 @@
|
|
|
117
117
|
"type": "integer",
|
|
118
118
|
"minimum": 1,
|
|
119
119
|
"default": 28800
|
|
120
|
+
},
|
|
121
|
+
"pkce": {
|
|
122
|
+
"type": "string",
|
|
123
|
+
"enum": ["S256", "none"],
|
|
124
|
+
"default": "none",
|
|
125
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
120
126
|
}
|
|
121
127
|
}
|
|
122
128
|
}
|
|
@@ -130,6 +136,7 @@
|
|
|
130
136
|
"options": {
|
|
131
137
|
"awsRegion": "us-east-1",
|
|
132
138
|
"browserLoginOverrides": {
|
|
139
|
+
"pkce": "none",
|
|
133
140
|
"remoteTimeoutMs": 10000,
|
|
134
141
|
"sessionTtlSeconds": 28800,
|
|
135
142
|
"stateTtlSeconds": 900
|
|
@@ -98,6 +98,12 @@
|
|
|
98
98
|
"type": "integer",
|
|
99
99
|
"minimum": 1,
|
|
100
100
|
"default": 28800
|
|
101
|
+
},
|
|
102
|
+
"pkce": {
|
|
103
|
+
"type": "string",
|
|
104
|
+
"enum": ["S256", "none"],
|
|
105
|
+
"default": "none",
|
|
106
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
101
107
|
}
|
|
102
108
|
}
|
|
103
109
|
}
|
|
@@ -110,6 +116,7 @@
|
|
|
110
116
|
"module": "$import(@zuplo/runtime)",
|
|
111
117
|
"options": {
|
|
112
118
|
"browserLoginOverrides": {
|
|
119
|
+
"pkce": "none",
|
|
113
120
|
"remoteTimeoutMs": 10000,
|
|
114
121
|
"sessionTtlSeconds": 28800,
|
|
115
122
|
"stateTtlSeconds": 900
|
|
@@ -93,6 +93,12 @@
|
|
|
93
93
|
"type": "integer",
|
|
94
94
|
"minimum": 1,
|
|
95
95
|
"default": 28800
|
|
96
|
+
},
|
|
97
|
+
"pkce": {
|
|
98
|
+
"type": "string",
|
|
99
|
+
"enum": ["S256", "none"],
|
|
100
|
+
"default": "none",
|
|
101
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
96
102
|
}
|
|
97
103
|
}
|
|
98
104
|
}
|
|
@@ -105,6 +111,7 @@
|
|
|
105
111
|
"module": "$import(@zuplo/runtime)",
|
|
106
112
|
"options": {
|
|
107
113
|
"browserLoginOverrides": {
|
|
114
|
+
"pkce": "none",
|
|
108
115
|
"remoteTimeoutMs": 10000,
|
|
109
116
|
"sessionTtlSeconds": 28800,
|
|
110
117
|
"stateTtlSeconds": 900
|
|
@@ -106,6 +106,12 @@
|
|
|
106
106
|
"type": "integer",
|
|
107
107
|
"minimum": 1,
|
|
108
108
|
"default": 28800
|
|
109
|
+
},
|
|
110
|
+
"pkce": {
|
|
111
|
+
"type": "string",
|
|
112
|
+
"enum": ["S256", "none"],
|
|
113
|
+
"default": "none",
|
|
114
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
109
115
|
}
|
|
110
116
|
}
|
|
111
117
|
}
|
|
@@ -118,6 +124,7 @@
|
|
|
118
124
|
"module": "$import(@zuplo/runtime)",
|
|
119
125
|
"options": {
|
|
120
126
|
"browserLoginOverrides": {
|
|
127
|
+
"pkce": "none",
|
|
121
128
|
"remoteTimeoutMs": 10000,
|
|
122
129
|
"sessionTtlSeconds": 28800,
|
|
123
130
|
"stateTtlSeconds": 900
|
|
@@ -98,6 +98,12 @@
|
|
|
98
98
|
"type": "integer",
|
|
99
99
|
"minimum": 1,
|
|
100
100
|
"default": 28800
|
|
101
|
+
},
|
|
102
|
+
"pkce": {
|
|
103
|
+
"type": "string",
|
|
104
|
+
"enum": ["S256", "none"],
|
|
105
|
+
"default": "none",
|
|
106
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
101
107
|
}
|
|
102
108
|
}
|
|
103
109
|
}
|
|
@@ -110,6 +116,7 @@
|
|
|
110
116
|
"module": "$import(@zuplo/runtime)",
|
|
111
117
|
"options": {
|
|
112
118
|
"browserLoginOverrides": {
|
|
119
|
+
"pkce": "none",
|
|
113
120
|
"remoteTimeoutMs": 10000,
|
|
114
121
|
"sessionTtlSeconds": 28800,
|
|
115
122
|
"stateTtlSeconds": 900
|
|
@@ -98,6 +98,12 @@
|
|
|
98
98
|
"type": "string",
|
|
99
99
|
"description": "Optional audience parameter for the IdP authorization request (Auth0-style API audiences)."
|
|
100
100
|
},
|
|
101
|
+
"pkce": {
|
|
102
|
+
"type": "string",
|
|
103
|
+
"enum": ["S256", "none"],
|
|
104
|
+
"default": "none",
|
|
105
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow (e.g. OAuth 2.1 IdPs, hardened Okta/Entra tenants). Leave as \"none\" for IdPs that may reject unexpected PKCE parameters."
|
|
106
|
+
},
|
|
101
107
|
"remoteTimeoutMs": {
|
|
102
108
|
"type": "integer",
|
|
103
109
|
"minimum": 1,
|
|
@@ -227,6 +233,7 @@
|
|
|
227
233
|
"options": {
|
|
228
234
|
"browserLogin": {
|
|
229
235
|
"clientSecret": "$env(MCP_OAUTH_CLIENT_SECRET)",
|
|
236
|
+
"pkce": "none",
|
|
230
237
|
"remoteTimeoutMs": 10000,
|
|
231
238
|
"scope": "openid profile email",
|
|
232
239
|
"sessionTtlSeconds": 28800,
|
|
@@ -103,6 +103,12 @@
|
|
|
103
103
|
"type": "integer",
|
|
104
104
|
"minimum": 1,
|
|
105
105
|
"default": 28800
|
|
106
|
+
},
|
|
107
|
+
"pkce": {
|
|
108
|
+
"type": "string",
|
|
109
|
+
"enum": ["S256", "none"],
|
|
110
|
+
"default": "none",
|
|
111
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
106
112
|
}
|
|
107
113
|
}
|
|
108
114
|
}
|
|
@@ -116,6 +122,7 @@
|
|
|
116
122
|
"options": {
|
|
117
123
|
"authorizationServerId": "default",
|
|
118
124
|
"browserLoginOverrides": {
|
|
125
|
+
"pkce": "none",
|
|
119
126
|
"remoteTimeoutMs": 10000,
|
|
120
127
|
"sessionTtlSeconds": 28800,
|
|
121
128
|
"stateTtlSeconds": 900
|
|
@@ -116,6 +116,12 @@
|
|
|
116
116
|
"type": "integer",
|
|
117
117
|
"minimum": 1,
|
|
118
118
|
"default": 28800
|
|
119
|
+
},
|
|
120
|
+
"pkce": {
|
|
121
|
+
"type": "string",
|
|
122
|
+
"enum": ["S256", "none"],
|
|
123
|
+
"default": "none",
|
|
124
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
119
125
|
}
|
|
120
126
|
}
|
|
121
127
|
}
|
|
@@ -128,6 +134,7 @@
|
|
|
128
134
|
"module": "$import(@zuplo/runtime)",
|
|
129
135
|
"options": {
|
|
130
136
|
"browserLoginOverrides": {
|
|
137
|
+
"pkce": "none",
|
|
131
138
|
"remoteTimeoutMs": 10000,
|
|
132
139
|
"sessionTtlSeconds": 28800,
|
|
133
140
|
"stateTtlSeconds": 900
|
|
@@ -93,6 +93,12 @@
|
|
|
93
93
|
"type": "integer",
|
|
94
94
|
"minimum": 1,
|
|
95
95
|
"default": 28800
|
|
96
|
+
},
|
|
97
|
+
"pkce": {
|
|
98
|
+
"type": "string",
|
|
99
|
+
"enum": ["S256", "none"],
|
|
100
|
+
"default": "none",
|
|
101
|
+
"description": "Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to \"none\". Set to \"S256\" when the identity provider mandates PKCE on the authorization-code flow."
|
|
96
102
|
}
|
|
97
103
|
}
|
|
98
104
|
}
|
|
@@ -105,6 +111,7 @@
|
|
|
105
111
|
"module": "$import(@zuplo/runtime)",
|
|
106
112
|
"options": {
|
|
107
113
|
"browserLoginOverrides": {
|
|
114
|
+
"pkce": "none",
|
|
108
115
|
"remoteTimeoutMs": 10000,
|
|
109
116
|
"sessionTtlSeconds": 28800,
|
|
110
117
|
"stateTtlSeconds": 900
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "zuplo",
|
|
3
|
-
"version": "6.71.
|
|
3
|
+
"version": "6.71.7",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "The programmable API Gateway",
|
|
6
6
|
"author": "Zuplo, Inc.",
|
|
@@ -19,9 +19,9 @@
|
|
|
19
19
|
"zuplo": "zuplo.js"
|
|
20
20
|
},
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"@zuplo/cli": "6.71.
|
|
23
|
-
"@zuplo/core": "6.71.
|
|
24
|
-
"@zuplo/runtime": "6.71.
|
|
22
|
+
"@zuplo/cli": "6.71.7",
|
|
23
|
+
"@zuplo/core": "6.71.7",
|
|
24
|
+
"@zuplo/runtime": "6.71.7",
|
|
25
25
|
"@zuplo/test": "1.4.0"
|
|
26
26
|
}
|
|
27
27
|
}
|