fix(mcp): promote authType + clear OAuth tokens on credential change

waleedlatif1 · claude · waleedlatif1 · commit 78cbbec44319 · 2026-05-04T19:00:02.000-07:00
Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
diff --git a/apps/sim/app/api/mcp/servers/[id]/route.ts b/apps/sim/app/api/mcp/servers/[id]/route.ts
@@ -85,9 +85,14 @@ export const PATCH = withRouteHandler(
           }
         }
 
-        // Get the current server to check if URL is changing
+        // Get the current server to check if URL or OAuth credentials are changing
         const [currentServer] = await db
-          .select({ url: mcpServers.url })
+          .select({
+            url: mcpServers.url,
+            authType: mcpServers.authType,
+            oauthClientId: mcpServers.oauthClientId,
+            oauthClientSecret: mcpServers.oauthClientSecret,
+          })
           .from(mcpServers)
           .where(
             and(
@@ -98,6 +103,17 @@ export const PATCH = withRouteHandler(
           )
           .limit(1)
 
+        // Adding OAuth client credentials to a non-OAuth server promotes it
+        // to OAuth so the connect-with-OAuth UI becomes reachable.
+        if (
+          body.oauthClientId &&
+          currentServer &&
+          currentServer.authType !== 'oauth' &&
+          finalUpdateData.authType === undefined
+        ) {
+          finalUpdateData.authType = 'oauth'
+        }
+
         const [updatedServer] = await db
           .update(mcpServers)
           .set({
@@ -122,16 +138,25 @@ export const PATCH = withRouteHandler(
         }
 
         const urlChanged = body.url !== undefined && currentServer?.url !== body.url
-
-        if (urlChanged) {
+        const clientIdChanged =
+          body.oauthClientId !== undefined && currentServer?.oauthClientId !== body.oauthClientId
+        const clientSecretChanged =
+          oauthClientSecret !== undefined &&
+          (oauthClientSecret
+            ? finalUpdateData.oauthClientSecret !== currentServer?.oauthClientSecret
+            : currentServer?.oauthClientSecret !== null)
+        const oauthCredsChanged = clientIdChanged || clientSecretChanged
+
+        if (urlChanged || oauthCredsChanged) {
           await db.delete(mcpServerOauth).where(eq(mcpServerOauth.mcpServerId, serverId))
           logger.info(
-            `[${requestId}] Cleared OAuth credentials for server ${serverId} due to URL change`
+            `[${requestId}] Cleared OAuth credentials for server ${serverId} due to ${urlChanged ? 'URL' : 'OAuth credential'} change`
           )
         }
 
         const shouldClearCache =
           urlChanged ||
+          oauthCredsChanged ||
           body.enabled !== undefined ||
           body.headers !== undefined ||
           body.timeout !== undefined ||
