import { EPIC_ME_AUTH_SERVER_URL } from './client.ts'
// π― as a bonus, create a type for the AuthInfo that extends the AuthInfo type from the SDK
// and adds userId: string to the extra object
// π― as a bonus, create a zod schema for the introspect response
// - client_id: string (the client id) - client in this context refers to the app the user's using
// - scope: string (space-separated list of scopes)
// - sub: string (the user id)
// π¨ export an async function called resolveAuthInfo that accepts the request
// π¨ if the request has an Authorization header, get the token from it
// if it doesn't, return null
// π¨ construct a URL pointing to `/oauth/introspection` on the auth server
// π¨ make a POST request to the auth server with the token in the body
// π° just gonna give this to you since it's not critical to your understanding of the topic to write yourself...
// π° const resp = await fetch(validateUrl, {
// method: 'POST',
// headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
// body: new URLSearchParams({ token }),
// })
// π¨ if the response is not ok, return null
// π¨ get json object from the response
// π° the properties you need are client_id, scope, and sub
// π¨ return the AuthInfo (π° the sub is the userId)
export function handleUnauthorized(request: Request) {
const url = new URL('/.well-known/oauth-protected-resource/mcp', request.url)
return new Response('Unauthorized', {
status: 401,
headers: {
'WWW-Authenticate': `Bearer realm="EpicMe", resource_metadata=${url.toString()}`,
},
})
}
/**
* This retrieves the protected resource configuration from the EpicMe server.
* This is how the client knows where to request authorization from.
*/
export async function handleOAuthProtectedResourceRequest(request: Request) {
const resourceServerUrl = new URL('/mcp', request.url)
return Response.json({
resource: resourceServerUrl.toString(),
authorization_servers: [EPIC_ME_AUTH_SERVER_URL],
})
}
/**
* Handles requests for OAuth authorization server metadata.
* Fetches the metadata from the auth server and forwards it to the client.
* This should only be used for backwards compatibility. Newer clients should
* use `/.well-known/oauth-protected-resource/mcp` to discover the authorization
* server and make this request directly to the authorization server instead.
*/
export async function handleOAuthAuthorizationServerRequest() {
const metadataUrl = new URL(
'/.well-known/oauth-authorization-server',
EPIC_ME_AUTH_SERVER_URL,
)
const response = await fetch(metadataUrl.toString())
const data = await response.json()
return Response.json(data)
}
