UNPKG

@civic/nexus-bridge

Version:

Stdio <-> HTTP/SSE MCP bridge with Civic auth handling

github.com/civicteam/civic-mcp/tree/main/packages/nexus-bridge

civicteam/civic-mcp

102 lines 3.54 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/** * authProvider.ts * * Implements the OAuth client interface for authentication with Civic services. * Handles PKCE flow and token management through the OAuthClientProvider interface. */ import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js'; import type { Tokens } from "./types.js"; /** * Implementation of OAuthClientProvider for Civic authentication * Handles PKCE flow and token management */ export declare class CivicAuthProvider implements OAuthClientProvider { private _codeVerifier; private _oidcConfigPromise; private _authInProgress; private _refreshInProgress; private _tokenChangedCallbacks; private _isInstallMode; constructor(); /** * Check for refresh token on startup and refresh tokens if available */ refreshTokensIfAvailable(): Promise<boolean>; /** * Refresh tokens using the refresh_token grant type * @param refreshToken The refresh token to use */ refreshTokens(refreshToken: string): Promise<boolean>; /** * Generate a random PKCE code verifier * This is a cryptographically random string used for PKCE flow */ private generateCodeVerifier; /** * Generate a code challenge from the code verifier * This is the SHA256 hash of the verifier, encoded as base64url */ private generateCodeChallenge; onTokensChanged(callback: () => void | Promise<void>): void; /** * The URL to redirect to after authorization * This is where the browser will be redirected after the user authenticates */ get redirectUrl(): string; /** * Metadata about this OAuth client * Used during dynamic registration if supported */ get clientMetadata(): { client_name: string; redirect_uris: string[]; }; /** * Return static client information * Civic auth service uses pre-registered clients */ clientInformation(): { client_id: string; client_name: string; }; /** * Load any existing OAuth tokens from storage * Used by SSEClientTransport to include tokens in requests * This is called by the SDK when making authenticated requests * * If NO_LOGIN is set to true, we'll use the CLIENT_ID as the bearer token * instead of requiring user authentication */ tokens(): Promise<{ access_token: string; token_type: string; id_token?: string; refresh_token?: string; } | undefined>; /** * Store new OAuth tokens after successful authorization * Called by the auth flow when new tokens are received * @param tokens The tokens to store * @param triggerTokenChange Whether to trigger token change callbacks (defaults to false) */ saveTokens(tokens: Tokens, triggerTokenChange?: boolean): Promise<void>; private _lastBrowserOpenTime; private _minBrowserOpenInterval; /** * Open the browser to begin authorization flow * This method is called when authentication is needed */ redirectToAuthorization(authorizationUrl: URL): Promise<void>; /** * Save PKCE code verifier * Called during the authorization flow before redirecting */ saveCodeVerifier(codeVerifier: string): void; /** * Return the stored PKCE code verifier * Used during token exchange to prove code ownership */ codeVerifier(): string; } export declare const authProvider: CivicAuthProvider; //# sourceMappingURL=authProvider.d.ts.map