feat(client): add getAuthorizationCode() to OAuthClientProvider for headless OAuth flows#1662
Open
rechedev9 wants to merge 3 commits intomodelcontextprotocol:mainfrom
Open
Conversation
🦋 Changeset detectedLatest commit: e5b191e The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
@modelcontextprotocol/client
@modelcontextprotocol/server
@modelcontextprotocol/express
@modelcontextprotocol/hono
@modelcontextprotocol/node
commit: |
…eadless OAuth flows - Add optional `getAuthorizationCode()` method to `OAuthClientProvider` interface - Update `withOAuth` middleware to automatically complete the authorization code exchange when the provider implements `getAuthorizationCode()` after a REDIRECT - Handle 403 responses the same as 401 in `withOAuth` (upscoping) - Update conformance `ConformanceOAuthProvider` to implement `getAuthorizationCode()` - Update conformance `withOAuthRetry` to use the new method name and remove TODO Closes modelcontextprotocol#1370
rechedev9
force-pushed
the
fix/oauth-retry-middleware-1370
branch
from
6b9cb53 to
57c7c85
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resolves #1370.
The conformance test helpers contained a TODO noting that the OAuth retry logic (handling REDIRECT results and completing the code exchange inline) should be moved into the SDK itself. This PR does exactly that.
getAuthorizationCode?(): string | Promise<string>method to theOAuthClientProviderinterfacewithOAuthmiddleware to automatically complete the authorization code exchange when the provider implementsgetAuthorizationCode()after an auth REDIRECT — no manual intervention required403responses the same as401inwithOAuth(a 403 can indicate the server requires a broader scope / upscoping)ConformanceOAuthProvider.getAuthCode()→getAuthorizationCode()to implement the updated interfacewithOAuthRetryconformance helper to use the new method name and remove the TODO commentBreaking Changes
getAuthorizationCode()is an optional method onOAuthClientProvider. Existing providers without it continue to work — on REDIRECT,withOAuthfalls back to throwingUnauthorizedErroras before.Test plan
should retry request after successful auth on 403 responseshould throw UnauthorizedError on persistent 403 after re-authshould complete auth code flow when provider implements getAuthorizationCodeshould throw UnauthorizedError when auth returns REDIRECT and provider has no getAuthorizationCodepnpm typecheck:allpasses