very wip draft auth spec support

Author: pcarleton

client/src/App.tsx

@@ -125,8 +125,9 @@ const App = () => {
     isInitiatingAuth: false,
     oauthTokens: null,
     loading: true,
-    oauthStep: "metadata_discovery",
+    oauthStep: "resource_metadata_discovery",
     oauthMetadata: null,
+    resourceMetadata: null,
     oauthClientInfo: null,
     authorizationUrl: null,
     authorizationCode: "",

client/src/components/AuthDebugger.tsx

@@ -179,7 +179,7 @@ const AuthDebugger = ({
       serverAuthProvider.clear();
       updateAuthState({
         oauthTokens: null,
-        oauthStep: "metadata_discovery",
+        oauthStep: "resource_metadata_discovery",
         latestError: null,
         oauthClientInfo: null,
         authorizationCode: "",

client/src/components/OAuthFlowProgress.tsx

@@ -79,6 +79,16 @@ export const OAuthFlowProgress = ({
     null,
   );
 
+  const steps: Array<OAuthStep> = [
+    "resource_metadata_discovery",
+    "metadata_discovery",
+    "client_registration",
+    "authorization_redirect",
+    "authorization_code",
+    "token_request",
+    "complete",
+  ];
+
   const currentStepIdx = steps.findIndex((s) => s === authState.oauthStep);
 
   useEffect(() => {
@@ -124,6 +134,21 @@ export const OAuthFlowProgress = ({
       </p>
 
       <div className="space-y-3">
+        <OAuthStepDetails
+          label="Resource Metadata Discovery"
+          {...getStepProps("resource_metadata_discovery")}
+        >
+          {authState.resourceMetadata && (
+            <details className="text-xs mt-2">
+              <summary className="cursor-pointer text-muted-foreground font-medium">
+                Retrieved OAuth Resource Metadata from {(new URL('/.well-known/oauth-protected-resource', serverUrl)).href}
+              </summary>
+              <pre className="mt-2 p-2 bg-muted rounded-md overflow-auto max-h-[300px]">
+                {JSON.stringify(authState.resourceMetadata, null, 2)}
+              </pre>
+            </details>
+          )}
+        </OAuthStepDetails>
         <OAuthStepDetails
           label="Metadata Discovery"
           {...getStepProps("metadata_discovery")}

client/src/lib/auth-types.ts

@@ -7,6 +7,7 @@ import {
 
 // OAuth flow steps
 export type OAuthStep =
+  | "resource_metadata_discovery"
   | "metadata_discovery"
   | "client_registration"
   | "authorization_redirect"
@@ -28,6 +29,8 @@ export interface AuthDebuggerState {
   oauthTokens: OAuthTokens | null;
   loading: boolean;
   oauthStep: OAuthStep;
+  // TODO: use sdk type
+  resourceMetadata: object | null;
   oauthMetadata: OAuthMetadata | null;
   oauthClientInfo: OAuthClientInformationFull | OAuthClientInformation | null;
   authorizationUrl: string | null;

client/src/lib/oauth-state-machine.ts

@@ -18,15 +18,34 @@ export interface StateMachineContext {
 export interface StateTransition {
   canTransition: (context: StateMachineContext) => Promise<boolean>;
   execute: (context: StateMachineContext) => Promise<void>;
-  nextStep: OAuthStep;
 }
 
 // State machine transitions
 export const oauthTransitions: Record<OAuthStep, StateTransition> = {
-  metadata_discovery: {
+  resource_metadata_discovery: {
     canTransition: async () => true,
     execute: async (context) => {
-      const metadata = await discoverOAuthMetadata(context.serverUrl);
+      // TODO: use sdk
+      const url = new URL("/.well-known/oauth-protected-resource", context.serverUrl);
+      const response = await fetch(url);
+
+      const resourceMetadata = await response.json();
+      context.updateState({
+        resourceMetadata: resourceMetadata,
+        oauthStep: "metadata_discovery",
+      });
+    },
+  },
+
+  metadata_discovery: {
+    canTransition: async (context) => !!context.state.resourceMetadata,
+    execute: async (context) => {
+      // TODO: use sdk
+      let authServerUrl = context.serverUrl;
+      if (context.state.resourceMetadata?.authorization_servers?.[0]) {
+        authServerUrl = context.state.resourceMetadata.authorization_servers[0];
+      }
+      const metadata = await discoverOAuthMetadata(authServerUrl);
       if (!metadata) {
         throw new Error("Failed to discover OAuth metadata");
       }
@@ -37,7 +56,6 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         oauthStep: "client_registration",
       });
     },
-    nextStep: "client_registration",
   },
 
   client_registration: {
@@ -62,7 +80,6 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         oauthStep: "authorization_redirect",
       });
     },
-    nextStep: "authorization_redirect",
   },
 
   authorization_redirect: {
@@ -93,7 +110,6 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         oauthStep: "authorization_code",
       });
     },
-    nextStep: "authorization_code",
   },
 
   authorization_code: {
@@ -114,7 +130,6 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         oauthStep: "token_request",
       });
     },
-    nextStep: "token_request",
   },
 
   token_request: {
@@ -144,15 +159,13 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         oauthStep: "complete",
       });
     },
-    nextStep: "complete",
   },
 
   complete: {
     canTransition: async () => false,
     execute: async () => {
       // No-op for complete state
     },
-    nextStep: "complete",
   },
 };