fix(mcp): support OAuth for servers without RFC 8414 discovery#26912
fix(mcp): support OAuth for servers without RFC 8414 discovery#26912yanniznik wants to merge 1 commit into
Conversation
Servers like Google's MCP endpoints don't implement RFC 8414 (.well-known/oauth-authorization-server) discovery. The MCP SDK's auth() function supports a discoveryState() hook on OAuthClientProvider that lets providers supply pre-cached authorization metadata, bypassing the discovery fetch entirely. This change: - Adds authorizationEndpoint and tokenEndpoint to MCP server config - Implements discoveryState()/saveDiscoveryState() on McpOAuthProvider - Adds auth() fallback in startAuth() for servers with explicit OAuth endpoints but no existing tokens Closes anomalyco#26195
|
This PR doesn't fully meet our contributing guidelines and PR template. What needs to be fixed:
Please edit this PR description to address the above within 2 hours, or it will be automatically closed. If you believe this was flagged incorrectly, please let a maintainer know. |
|
The following comment was made by an LLM, it may be inaccurate: Based on my comprehensive search, I found one potentially related PR: Related PR:
However, #26236 seems to be a separate fix and is not a true duplicate of the current PR (#26912), which specifically adds support for servers without RFC 8414 discovery through No other duplicate or directly related open PRs addressing the same OAuth discovery issue were found. |
|
This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window. Feel free to open a new pull request that follows our guidelines. |
Summary
Fixes #26195
MCP servers like Google's endpoints don't implement RFC 8414 (
.well-known/oauth-authorization-server) discovery. The MCP SDK already supports adiscoveryState()hook onOAuthClientProviderto supply pre-cached authorization metadata, but OpenCode never implemented it.This PR:
authorizationEndpointandtokenEndpointfields to MCP server configdiscoveryState()/saveDiscoveryState()onMcpOAuthProviderto provide pre-cached OAuth metadata when configuredauth()fallback instartAuth()for servers that have explicit OAuth endpoints but no existing tokens (so the OAuth flow triggers correctly)Example config
{ "mcp": { "google-calendar": { "type": "remote", "url": "https://calendar.googleapis.com/mcp", "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", "tokenEndpoint": "https://oauth2.googleapis.com/token" } } }Then
opencode mcp auth google-calendartriggers the standard OAuth browser flow.Testing
discoveryState()inoauth-auto-connect.test.ts(6 tests, all passing)npx tsc --noEmit)