import type { EndpointMethod } from '../api.js'; import type { AuthModeType, OAuthAuthorizationMethodType, OAuthBodyFormatType } from '../auth/api.js'; import type { CursorPagination, LinkPagination, OffsetPagination, RetryHeaderConfig } from '../proxy/api.js'; export interface TokenUrlObject { OAUTH1?: string; OAUTH2?: string; OAUTH2CC?: string; BASIC?: string; API_KEY?: string; APP_STORE?: string; CUSTOM?: string; APP?: string; NONE?: string; } export interface ProviderAlias { alias?: string; proxy: { base_url?: string; }; } export interface SimplifiedJSONSchema { type: 'string'; title: string; description: string; example?: string; pattern?: string; optional?: boolean; format?: 'hostname' | 'uri' | 'uuid' | 'email'; order: number; default_value?: string; hidden?: string; prefix?: string; suffix?: string; doc_section?: string; secret?: string; automated: boolean; } export interface BaseProvider { display_name: string; auth_mode: AuthModeType; installation?: 'outbound'; proxy?: { base_url: string; headers?: Record; connection_config?: Record; query?: Record; retry?: RetryHeaderConfig; decompress?: boolean; forward_headers_on_redirect?: boolean; paginate?: LinkPagination | CursorPagination | OffsetPagination; verification?: { method: EndpointMethod; endpoints: string[]; base_url_override?: string; headers?: Record; data?: unknown; }; }; authorization_url?: string; authorization_url_skip_encode?: string[]; authorization_url_skip_empty?: boolean; access_token_url?: string; authorization_params?: Record; authorization_code_param_in_callback?: string; scope_separator?: string; default_scopes?: string[]; token_url?: string | TokenUrlObject; token_url_skip_encode?: string[]; token_params?: Record; authorization_url_replacements?: Record; redirect_uri_metadata?: string[]; token_response_metadata?: string[]; webhook_response_metadata?: string[]; authorization_code_param_in_webhook?: string; docs: string; docs_connect?: string; token_expiration_buffer?: number; webhook_routing_script?: string; webhook_user_defined_secret?: boolean; webhook_allowed_query_params?: string[]; post_connection_script?: string; pre_connection_deletion_script?: string; credentials_verification_script?: string; categories?: string[]; connection_configuration?: string[]; connection_config?: Record; credentials?: Record; assertion_option?: Record; authorization_url_fragment?: string; body_format?: OAuthBodyFormatType; require_client_certificate?: boolean; token_request_auth_method?: 'basic' | 'custom' | 'private_key_jwt'; } export interface ProviderOAuth2 extends BaseProvider { auth_mode: 'OAUTH2'; disable_pkce?: boolean; token_params?: { grant_type?: 'authorization_code' | 'client_credentials'; }; refresh_params?: { grant_type: 'refresh_token'; }; authorization_method?: OAuthAuthorizationMethodType; alternate_access_token_response_path?: string; refresh_url?: string; expires_in_unit?: 'milliseconds'; } export interface ProviderOAuth1 extends BaseProvider { auth_mode: 'OAUTH1'; request_url: string; request_params?: Record; request_http_method?: 'GET' | 'PUT' | 'POST'; token_http_method?: 'GET' | 'PUT' | 'POST'; signature_method: 'HMAC-SHA1' | 'RSA-SHA1' | 'PLAINTEXT'; } export interface ProviderCustom extends Omit { auth_mode: 'CUSTOM'; token_url: { OAUTH2: string; APP: string; }; } export type McpOAuth2ClientRegistration = 'dynamic' | 'static' | 'metadata'; export interface ProviderMcpOAUTH2 extends Omit { auth_mode: 'MCP_OAUTH2'; registration_url?: string; client_registration: McpOAuth2ClientRegistration; } export interface ProviderMcpOAuth2Generic extends Omit { auth_mode: 'MCP_OAUTH2_GENERIC'; } export interface ProviderJwt extends BaseProvider { auth_mode: 'JWT'; signature: { protocol: 'RSA' | 'HMAC'; hmac_secret_encoding?: 'hex' | 'utf8'; }; token: { signing_key: string; expires_in_ms: number; header: { alg: string; typ?: string; }; payload: { aud?: string; iss?: string; sub?: string; }; }; } export interface ProviderAppleAppStore extends BaseProvider { auth_mode: 'APP_STORE'; token_url: string; } export interface ProviderBill extends BaseProvider { auth_mode: 'BILL'; } export interface ProviderGithubApp extends BaseProvider { auth_mode: 'APP'; token_url: string; } export interface ProviderTwoStep extends Omit { auth_mode: 'TWO_STEP'; signature?: { protocol: 'RSA'; }; token?: { signing_key: string; expires_in_ms: number; header: { alg: string; typ?: string; }; payload: { iss?: string; scope?: string; aud?: string; sub?: string; }; }; token_request_method?: 'GET'; token_headers?: Record; refresh_url?: string; refresh_token_params?: Record; refresh_token_headers?: Record; token_response: { token: string; token_expiration?: string; token_expiration_strategy?: 'expireAt' | 'expireIn'; refresh_token?: string; }; additional_steps?: { body_format?: 'json' | 'form'; token_params?: Record; token_headers?: Record; token_url: string; token_request_method?: 'GET'; }[]; assertion?: { type?: 'saml' | 'jwt'; key?: string; issuer?: string; lifetimeInSeconds?: number; audiences?: string | string[]; attributes?: Record; sessionIndex?: string; recipient?: string; header?: Record; payload?: Record; }; assertion_option?: Record; token_expires_in_ms?: number; proxy_header_authorization?: string; body_format?: 'xml' | 'json' | 'form'; } export interface ProviderSignature extends BaseProvider { auth_mode: 'SIGNATURE'; signature: { protocol: 'WSSE'; }; token: { expires_in_ms: number; }; } export interface ProviderApiKey extends BaseProvider { auth_mode: 'API_KEY'; } export interface ProviderInstallPlugin extends BaseProvider { auth_mode: 'INSTALL_PLUGIN'; auth_type: 'BASIC'; } export type Provider = BaseProvider | ProviderOAuth1 | ProviderOAuth2 | ProviderJwt | ProviderTwoStep | ProviderSignature | ProviderApiKey | ProviderBill | ProviderGithubApp | ProviderAppleAppStore | ProviderCustom | ProviderMcpOAUTH2 | ProviderMcpOAuth2Generic | ProviderInstallPlugin; export type RefreshableProvider = ProviderTwoStep | ProviderJwt | ProviderSignature | ProviderOAuth2 | ProviderMcpOAuth2Generic; export type TestableProvider = ProviderApiKey;