UNPKG

@aashari/mcp-server-aws-sso

Version:

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

github.com/aashari/mcp-server-aws-sso

aashari/mcp-server-aws-sso

99 lines (98 loc) 2.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import { AwsSsoConfig, AwsSsoAuthResult } from './vendor.aws.sso.types.js'; /** * Device authorization information */ interface DeviceAuthorizationInfo { /** * The client ID for SSO */ clientId: string; /** * The client secret for SSO */ clientSecret: string; /** * The device code for SSO */ deviceCode: string; /** * The expiration time in seconds */ expiresIn: number; /** * The AWS region for SSO */ region: string; } /** * Auth check result */ export interface AuthCheckResult { /** * Whether the user is authenticated */ isAuthenticated: boolean; /** * Error message if authentication failed */ errorMessage?: string; } /** * Device authorization response */ interface DeviceAuthorizationResponse { deviceCode: string; userCode: string; verificationUri: string; verificationUriComplete: string; expiresIn: number; interval: number; } /** * Get AWS SSO configuration from the environment * * Retrieves the AWS SSO start URL and region from the environment variables. * These are required for SSO authentication. * * @returns {AwsSsoConfig} AWS SSO configuration * @throws {Error} If AWS SSO configuration is missing */ export declare function getAwsSsoConfig(): Promise<AwsSsoConfig>; /** * Start the AWS SSO login process * * Initiates the SSO login flow by registering a client and starting device authorization. * Returns a verification URI and user code that the user must visit to complete authentication. * * @returns {Promise<DeviceAuthorizationResponse>} Login information including verification URI and user code * @throws {Error} If login initialization fails */ export declare function startSsoLogin(): Promise<DeviceAuthorizationResponse>; /** * Poll for SSO token completion * * Polls the AWS SSO token endpoint to check if the user has completed authentication. * Returns the SSO token if successful. * * @returns {Promise<AwsSsoAuthResult>} SSO token data * @throws {Error} If polling fails or user hasn't completed authentication yet */ export declare function pollForSsoToken(): Promise<AwsSsoAuthResult>; /** * Check if the user is authenticated with AWS SSO * * Verifies if a valid SSO token exists in the cache. * * @returns {Promise<AuthCheckResult>} Authentication status result */ export declare function checkSsoAuthStatus(): Promise<AuthCheckResult>; /** * Get cached SSO token */ export declare function getCachedSsoToken(): Promise<AwsSsoAuthResult | undefined>; /** * Get cached device authorization info * @returns Device authorization info from cache or undefined if not found */ export declare function getCachedDeviceAuthorizationInfo(): Promise<DeviceAuthorizationInfo | undefined>; export {};