Theia API Documentation v1.73.0
    Preparing search index...

    Implements

    • OAuthClientProvider
    Index

    Constructors

    Properties

    accountPrefix: string
    active: boolean = true
    callbackService: MCPOAuthCallbackService
    callbackUrl: string
    codeVerifierValue: undefined | string
    credentialScope: string
    frontendDelegate: MCPOAuthFrontendDelegate
    interactive: boolean
    keyStore: KeyStoreService
    serverName: string
    stateValue: string

    Accessors

    • get clientMetadata(): {
          client_name?: string;
          client_uri?: string;
          contacts?: string[];
          grant_types?: string[];
          jwks?: any;
          jwks_uri?: string;
          logo_uri?: string;
          policy_uri?: string;
          redirect_uris: string[];
          response_types?: string[];
          scope?: string;
          software_id?: string;
          software_statement?: string;
          software_version?: string;
          token_endpoint_auth_method?: string;
          tos_uri?: string;
      }

      Metadata about this OAuth client.

      Returns {
          client_name?: string;
          client_uri?: string;
          contacts?: string[];
          grant_types?: string[];
          jwks?: any;
          jwks_uri?: string;
          logo_uri?: string;
          policy_uri?: string;
          redirect_uris: string[];
          response_types?: string[];
          scope?: string;
          software_id?: string;
          software_statement?: string;
          software_version?: string;
          token_endpoint_auth_method?: string;
          tos_uri?: string;
      }

    • get redirectUrl(): string

      The URL to redirect the user agent to after authorization. Return undefined for non-interactive flows that don't require user interaction (e.g., client_credentials, jwt-bearer).

      Returns string

    Methods

    • Loads information about this OAuth client, as registered already with the server, or returns undefined if the client is not registered with the server.

      Returns Promise<undefined | OAuthClientInformationMixed>

    • Returns previously saved discovery state, or undefined if none is cached.

      When available, auth restores the discovery state (authorization server URL, resource metadata, etc.) instead of performing RFC 9728 discovery, reducing latency on subsequent calls.

      Providers should clear cached discovery state on repeated authentication failures (via invalidateCredentials with scope 'discovery' or 'all') to allow re-discovery in case the authorization server has changed.

      Returns Promise<undefined | OAuthDiscoveryState>

    • If implemented, provides a way for the client to invalidate (e.g. delete) the specified credentials, in the case where the server has indicated that they are no longer valid. This avoids requiring the user to intervene manually.

      Parameters

      • scope: "all" | "client" | "tokens" | "verifier" | "discovery"

      Returns Promise<void>

    • Invoked to redirect the user agent to the given URL to begin the authorization flow.

      Parameters

      • authorizationUrl: URL

      Returns Promise<void>

    • If implemented, this permits the OAuth client to dynamically register with the server. Client information saved this way should later be read via clientInformation().

      This method is not required to be implemented if client information is statically known (e.g., pre-registered).

      Parameters

      • clientInformation: OAuthClientInformationMixed

      Returns Promise<void>

    • Saves a PKCE code verifier for the current session, before redirecting to the authorization flow.

      Parameters

      • codeVerifier: string

      Returns Promise<void>

    • Saves the OAuth discovery state after RFC 9728 and authorization server metadata discovery. Providers can persist this state to avoid redundant discovery requests on subsequent auth calls.

      This state can also be provided out-of-band (e.g., from a previous session or external configuration) to bootstrap the OAuth flow without discovery.

      Called by auth after successful discovery.

      Parameters

      • state: OAuthDiscoveryState

      Returns Promise<void>

    • Stores new OAuth tokens for the current session, after a successful authorization.

      Parameters

      • tokens: {
            access_token: string;
            expires_in?: number;
            id_token?: string;
            refresh_token?: string;
            scope?: string;
            token_type: string;
        }

      Returns Promise<void>

    • Loads any existing OAuth tokens for the current session, or returns undefined if there are no saved tokens.

      Returns Promise<
          | undefined
          | {
              access_token: string;
              expires_in?: number;
              id_token?: string;
              refresh_token?: string;
              scope?: string;
              token_type: string;
          },
      >

    • If defined, overrides the selection and validation of the RFC 8707 Resource Indicator. If left undefined, default validation behavior will be used.

      Implementations must verify the returned resource matches the MCP server.

      Parameters

      • serverUrl: string | URL
      • Optionalresource: string

      Returns Promise<undefined | URL>