/** * MCP OAuth 数据存储层 * * 实现 OAuthRegisteredClientsStore 接口 + 授权码/Token CRUD */ import type { OAuthClientInformationFull } from '@modelcontextprotocol/sdk/shared/auth.js'; import type { OAuthRegisteredClientsStore } from '@modelcontextprotocol/sdk/server/auth/clients.js'; import { getSupabaseClient } from '../supabase.js'; export declare class TaiBuClientsStore implements OAuthRegisteredClientsStore { getClient(clientId: string): Promise; registerClient(clientData: OAuthClientInformationFull): Promise; } export interface StoredAuthCode { code: string; clientId: string; userId: string; redirectUri: string; codeChallenge: string; codeChallengeMethod: string; scope: string | null; resource: string | null; expiresAt: Date; } export interface StoredRefreshToken { userId: string; clientId: string; scope: string | null; resource: string | null; } type SupabaseFromOnly = Pick, 'from'>; type SupabaseRpcOnly = Pick, 'rpc'>; type TransactionalAuthorizationCodeExchangeStatus = 'ok' | 'invalid_code'; type TransactionalRefreshRotationStatus = 'ok' | 'invalid_refresh_token'; export declare function saveAuthorizationCode(params: { clientId: string; userId: string; redirectUri: string; codeChallenge: string; scope?: string; resource?: string; }): Promise; export declare function getAuthorizationCode(code: string, supabase?: SupabaseFromOnly): Promise; /** * 查询授权码对应的 code_challenge(不消费 code)。 * * SDK 流程:先调 challengeForAuthorizationCode 做 PKCE 校验,再调 * exchangeAuthorizationCode。真正的 code 消费和 refresh token 落库 * 由 mcp_exchange_authorization_code RPC 在数据库事务里完成。 */ export declare function getCodeChallenge(code: string): Promise; export declare function exchangeAuthorizationCodeTransactionally(params: { authorizationCode: string; refreshToken: string; }, supabase?: SupabaseRpcOnly): Promise; export declare function getActiveRefreshToken(refreshToken: string, supabase?: SupabaseFromOnly): Promise; export declare function revokeRefreshToken(refreshToken: string): Promise; export declare function cleanupOAuthArtifactsTransactionally(nowIso?: string, supabase?: SupabaseRpcOnly): Promise<{ deleted_codes: number; deleted_tokens: number; deleted_clients: number; orphan_clients: number; total_clients: number; }>; export declare function rotateRefreshTokenTransactionally(params: { refreshToken: string; newRefreshToken: string; scope: string; resource?: string; }, supabase?: SupabaseRpcOnly): Promise; export {};