test tokens at the end

pcarleton · pcarleton · commit bc133dd81f1c · 2025-06-19T15:31:58.000+01:00
diff --git a/bin/test-auth-flow.ts b/bin/test-auth-flow.ts
@@ -152,6 +152,12 @@ class CLIAuthFlowTester {
             scope: this.state.oauthTokens?.scope,
           });
           break;
+          
+        case 'validate_token':
+          this.success('TOKEN VALIDATION', 'Token validated successfully', {
+            message: this.state.statusMessage?.message || 'Access token is valid',
+          });
+          break;
       }
 
       return true;
@@ -283,6 +289,10 @@ class CLIAuthFlowTester {
       // Step 6: Exchange Code for Tokens
       await this.executeStep('token_request');
       console.log("");
+      
+      // Step 7: Validate the token by calling tools/list
+      await this.executeStep('validate_token');
+      console.log("");
 
       // Final summary
       console.log("🎉 AUTHORIZATION FLOW COMPLETED SUCCESSFULLY!");
diff --git a/client/src/lib/auth-types.ts b/client/src/lib/auth-types.ts
@@ -13,6 +13,7 @@ export type OAuthStep =
   | "authorization_redirect"
   | "authorization_code"
   | "token_request"
+  | "validate_token"
   | "complete";
 
 // Message types for inline feedback
diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts
@@ -11,6 +11,8 @@ import {
   OAuthMetadataSchema,
   OAuthProtectedResourceMetadata,
 } from "@modelcontextprotocol/sdk/shared/auth.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 
 export interface StateMachineContext {
   state: AuthDebuggerState;
@@ -168,10 +170,55 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
       context.provider.saveTokens(tokens);
       context.updateState({
         oauthTokens: tokens,
-        oauthStep: "complete",
+        oauthStep: "validate_token",
       });
     },
   },
+  
+  validate_token: {
+    canTransition: async (context) => {
+      return !!context.state.oauthTokens && !!context.state.oauthTokens.access_token;
+    },
+    execute: async (context) => {
+      if (!context.state.oauthTokens?.access_token) {
+        throw new Error("No access token available for validation");
+      }
+
+      try {
+        // Create a simple client with the StreamableHTTP transport
+        const transport = new StreamableHTTPClientTransport(
+          new URL(context.serverUrl), 
+          {
+            requestInit: {
+              headers: {
+                Authorization: `Bearer ${context.state.oauthTokens.access_token}`
+              }
+            }
+          }
+        );
+        
+        const client = new Client(
+          { name: "mcp-auth-validator", version: "1.0.0" },
+          { capabilities: {} }
+        );
+        
+        // Connect and list tools to validate the token
+        await client.connect(transport);
+        const response = await client.listTools();
+        
+        // Successfully validated token
+        context.updateState({
+          oauthStep: "complete",
+          statusMessage: {
+            type: "success",
+            message: `Token validated successfully! Found ${response.tools?.length || 0} tools.`,
+          },
+        });
+      } catch (error) {
+        throw new Error(`Token validation failed: ${error instanceof Error ? error.message : String(error)}`);
+      }
+    },
+  },
 
   complete: {
     canTransition: async () => false,
