UNPKG

@modelcontextprotocol/sdk

Version:

Model Context Protocol implementation for TypeScript

modelcontextprotocol.io

modelcontextprotocol/typescript-sdk

156 lines 6.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ProxyOAuthServerProvider = void 0; const auth_js_1 = require("../../../shared/auth.js"); const errors_js_1 = require("../errors.js"); /** * Implements an OAuth server that proxies requests to another OAuth server. */ class ProxyOAuthServerProvider { constructor(options) { var _a; this.skipLocalPkceValidation = true; this._endpoints = options.endpoints; this._verifyAccessToken = options.verifyAccessToken; this._getClient = options.getClient; if ((_a = options.endpoints) === null || _a === void 0 ? void 0 : _a.revocationUrl) { this.revokeToken = async (client, request) => { const revocationUrl = this._endpoints.revocationUrl; if (!revocationUrl) { throw new Error("No revocation endpoint configured"); } const params = new URLSearchParams(); params.set("token", request.token); params.set("client_id", client.client_id); if (client.client_secret) { params.set("client_secret", client.client_secret); } if (request.token_type_hint) { params.set("token_type_hint", request.token_type_hint); } const response = await fetch(revocationUrl, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded", }, body: params.toString(), }); if (!response.ok) { throw new errors_js_1.ServerError(`Token revocation failed: ${response.status}`); } }; } } get clientsStore() { const registrationUrl = this._endpoints.registrationUrl; return { getClient: this._getClient, ...(registrationUrl && { registerClient: async (client) => { const response = await fetch(registrationUrl, { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify(client), }); if (!response.ok) { throw new errors_js_1.ServerError(`Client registration failed: ${response.status}`); } const data = await response.json(); return auth_js_1.OAuthClientInformationFullSchema.parse(data); } }) }; } async authorize(client, params, res) { var _a; // Start with required OAuth parameters const targetUrl = new URL(this._endpoints.authorizationUrl); const searchParams = new URLSearchParams({ client_id: client.client_id, response_type: "code", redirect_uri: params.redirectUri, code_challenge: params.codeChallenge, code_challenge_method: "S256" }); // Add optional standard OAuth parameters if (params.state) searchParams.set("state", params.state); if ((_a = params.scopes) === null || _a === void 0 ? void 0 : _a.length) searchParams.set("scope", params.scopes.join(" ")); if (params.resource) searchParams.set("resource", params.resource.href); targetUrl.search = searchParams.toString(); res.redirect(targetUrl.toString()); } async challengeForAuthorizationCode(_client, _authorizationCode) { // In a proxy setup, we don't store the code challenge ourselves // Instead, we proxy the token request and let the upstream server validate it return ""; } async exchangeAuthorizationCode(client, authorizationCode, codeVerifier, redirectUri, resource) { const params = new URLSearchParams({ grant_type: "authorization_code", client_id: client.client_id, code: authorizationCode, }); if (client.client_secret) { params.append("client_secret", client.client_secret); } if (codeVerifier) { params.append("code_verifier", codeVerifier); } if (redirectUri) { params.append("redirect_uri", redirectUri); } if (resource) { params.append("resource", resource.href); } const response = await fetch(this._endpoints.tokenUrl, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded", }, body: params.toString(), }); if (!response.ok) { throw new errors_js_1.ServerError(`Token exchange failed: ${response.status}`); } const data = await response.json(); return auth_js_1.OAuthTokensSchema.parse(data); } async exchangeRefreshToken(client, refreshToken, scopes, resource) { const params = new URLSearchParams({ grant_type: "refresh_token", client_id: client.client_id, refresh_token: refreshToken, }); if (client.client_secret) { params.set("client_secret", client.client_secret); } if (scopes === null || scopes === void 0 ? void 0 : scopes.length) { params.set("scope", scopes.join(" ")); } if (resource) { params.set("resource", resource.href); } const response = await fetch(this._endpoints.tokenUrl, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded", }, body: params.toString(), }); if (!response.ok) { throw new errors_js_1.ServerError(`Token refresh failed: ${response.status}`); } const data = await response.json(); return auth_js_1.OAuthTokensSchema.parse(data); } async verifyAccessToken(token) { return this._verifyAccessToken(token); } } exports.ProxyOAuthServerProvider = ProxyOAuthServerProvider; //# sourceMappingURL=proxyProvider.js.map