Skip to content

Align Quick OAuth Flow and Simple Connect Flow with Guided OAuth Flow behavior #722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cliffhall merged 6 commits into from
Aug 18, 2025
Merged

Align Quick OAuth Flow and Simple Connect Flow with Guided OAuth Flow behavior #722

cliffhall merged 6 commits into from
Aug 18, 2025

Conversation

@cliffhall
Copy link
Member

@cliffhall cliffhall commented Aug 15, 2025
edited
Loading

Description

  • In oauth-state-machine.ts
    • in token_request transition
      • ensure resource is URL type, not string
      • this fixes Quick flow which was sending string, while guided was using proper URL type and working
    • In auth.ts
      • in InspectorOAuthClientProvider constructor
        • add optional scope param
        • set instance var this.scope to scope param
      • in clientMetadata getter
        • add scope param set to this.scope or ""
    • in useConnection.ts
      • in handleAuthError handler
        • move instantiation of serverAuthProvider until after scope has been determined
        • pass scope to InspectorOAuthClientProvider constructor

Motivation and Context

  • When following the OAuth Guided Flow in the Inspector UI, it works. It is possible to get to the end and then click Connect, and get an authenticated connection.
  • However when using the Quick OAuth Flow it currently fails. This is because the resource url is persisted across the guided experience as a URL type, but with the quick flow, it actually does a redirect and ends up being processed as a string. This change ensures that we always pass a URL instance to during the token_request transition.
  • When just clicking the Connect button, if a 401 Unauthorized error is returned, it attempts to run the authentication flow, but during the client registration step, it omits scope when calling the register endpoint, resulting in a message like: Error: invalid_scope. Details: Client was not registered with scope mcp:tools. This change makes sure that scope is included in client metadata when client is registered.

How Has This Been Tested?

In the Typescript SDK there is an example server that can be started in oauth mode, which allows us to test this flow.

tsx --watch src/examples/server/simpleStreamableHttp.ts --oauth

Guided Flow

guided.mov

Quick Flow

Quick.mov

Simple Connect Flow

Connect.mov

Breaking Changes

Nope.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@cliffhall
Align Quick OAuth Flow with Guided OAuth Flow behavior
0831e81 
- In oauth-state-machine.ts
  - in token_request transition
    - ensure resource is URL type, not string
    - this fixes Quick flow which was sending string, while guided was using proper URL type and working
@cliffhall
Prettier
94f44c7
@cliffhall cliffhall requested review from felixweinberger, nicolas-grekas, olaservo and pcarleton and removed request for nicolas-grekas August 15, 2025 21:21
@cliffhall cliffhall changed the title Align Quick OAuth Flow with Guided OAuth Flow behavior Align Connect / Quick OAuth Flow / Guided OAuth Flow behavior Aug 15, 2025
@cliffhall cliffhall marked this pull request as draft August 15, 2025 22:35
@cliffhall
Fix connect button behavior for Oauth by making sure that scope is in…
5323d4d 
…cluded in client metadata when client is registered.

  - In auth.ts
    - in InspectorOAuthClientProvider constructor
      - add optional scope param
      - set instance var this.scope to scope param
    - in clientMetadata getter
      - add scope param set to this.scope or ""
  - in useConnection.ts
    - in handleAuthError handler
      - move instantiation of serverAuthProvider until after scope has been determined
      - pass scope to InspectorOAuthClientProvider constructor
@cliffhall cliffhall changed the title Align Connect / Quick OAuth Flow / Guided OAuth Flow behavior Align Connect and Quick OAuth Flow with Guided OAuth Flow behavior Aug 15, 2025
@cliffhall cliffhall changed the title Align Connect and Quick OAuth Flow with Guided OAuth Flow behavior Align Simple Connect and Quick OAuth Flow with Guided OAuth Flow behavior Aug 15, 2025
@cliffhall cliffhall changed the title Align Simple Connect and Quick OAuth Flow with Guided OAuth Flow behavior Align Quick OAuth Flow and Simple Connect Flow with Guided OAuth Flow behavior Aug 15, 2025
@cliffhall cliffhall marked this pull request as ready for review August 15, 2025 22:50
olaservo
olaservo previously approved these changes Aug 18, 2025
View reviewed changes
Copy link
Member

@olaservo olaservo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍
Should we also bump SDK from 1.17.2 to 1.17.3 ? Doesn't look like there is anything directly related, but might as well?

@cliffhall cliffhall merged commit 8be6d90 into modelcontextprotocol:main Aug 18, 2025
6 checks passed
@cliffhall cliffhall deleted the align-oauth-flows branch August 18, 2025 15:18
@rcd27 rcd27 mentioned this pull request Aug 18, 2025
Open
@cliffhall cliffhall mentioned this pull request Sep 5, 2025
Closed
This was referenced Sep 22, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olaservo olaservo olaservo approved these changes

@pcarleton pcarleton Awaiting requested review from pcarleton

@felixweinberger felixweinberger Awaiting requested review from felixweinberger

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cliffhall @olaservo