Graphorin API reference v0.1.0
Graphorin API reference / @graphorin/core / / OAuthServerRecord
Interface: OAuthServerRecord
Defined in: packages/core/src/contracts/oauth-server-store.ts:12
Persisted metadata for an OAuth server registration. The framework never stores raw token material here — the access, refresh, id, and client-secret tokens live in the SecretsStore and this record only holds the SecretRef URIs that resolve them.
Schema mirrors the canonical oauth_servers SQLite table provided by @graphorin/store-sqlite.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
accessTokenRef? | readonly | string | SecretRef URI for the access token. | packages/core/src/contracts/oauth-server-store.ts:34 |
authorizationEndpoint? | readonly | string | Authorization-server authorization_endpoint. | packages/core/src/contracts/oauth-server-store.ts:18 |
clientId | readonly | string | Public client identifier; safe to log. | packages/core/src/contracts/oauth-server-store.ts:30 |
clientSecretRef? | readonly | string | SecretRef URI for the confidential-client secret. | packages/core/src/contracts/oauth-server-store.ts:32 |
createdAt | readonly | number | Epoch milliseconds when the record was first created. | packages/core/src/contracts/oauth-server-store.ts:52 |
deviceAuthorizationEndpoint? | readonly | string | Authorization-server device_authorization_endpoint (RFC 8628). | packages/core/src/contracts/oauth-server-store.ts:26 |
expiresAt? | readonly | number | Epoch milliseconds when the access token stops being valid. | packages/core/src/contracts/oauth-server-store.ts:40 |
id | readonly | string | Stable, human-readable identifier (e.g. 'linear-mcp'). | packages/core/src/contracts/oauth-server-store.ts:14 |
idTokenRef? | readonly | string | SecretRef URI for the OIDC ID token. | packages/core/src/contracts/oauth-server-store.ts:38 |
issuer? | readonly | string | Issuer identifier reported in the discovery response. | packages/core/src/contracts/oauth-server-store.ts:28 |
lastRefreshedAt? | readonly | number | Epoch milliseconds of the last successful refresh. | packages/core/src/contracts/oauth-server-store.ts:48 |
lastRefreshError? | readonly | string | Last error string captured from a failing refresh attempt. | packages/core/src/contracts/oauth-server-store.ts:50 |
redirectUri? | readonly | string | Redirect URI that was used during the most recent code flow. | packages/core/src/contracts/oauth-server-store.ts:44 |
refreshTokenRef? | readonly | string | SecretRef URI for the refresh token. | packages/core/src/contracts/oauth-server-store.ts:36 |
registeredVia? | readonly | "dcr" | "manual" | Whether the client was registered via Dynamic Client Registration. | packages/core/src/contracts/oauth-server-store.ts:46 |
registrationEndpoint? | readonly | string | Authorization-server registration_endpoint (RFC 7591). | packages/core/src/contracts/oauth-server-store.ts:22 |
revocationEndpoint? | readonly | string | Authorization-server revocation_endpoint (RFC 7009). | packages/core/src/contracts/oauth-server-store.ts:24 |
scope? | readonly | string | Granted scopes (space-separated string per the OAuth spec). | packages/core/src/contracts/oauth-server-store.ts:42 |
serverUrl | readonly | string | Base URL of the OAuth-protected resource server (e.g. MCP endpoint). | packages/core/src/contracts/oauth-server-store.ts:16 |
tokenEndpoint? | readonly | string | Authorization-server token_endpoint. | packages/core/src/contracts/oauth-server-store.ts:20 |
updatedAt | readonly | number | Epoch milliseconds when the record was last updated. | packages/core/src/contracts/oauth-server-store.ts:54 |