Describe the bug
After upgrading to 1.21.1 https://mcp.atlassian.com/v1/sse gives 404 when trying to open well-known urls.
To Reproduce
Steps to reproduce the behavior:
Install @modelcontextprotocol/sdk 1.21.1
import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
import type {
OAuthClientInformationFull,
OAuthClientMetadata,
OAuthTokens,
} from '@modelcontextprotocol/sdk/shared/auth.js';
import { auth } from '@modelcontextprotocol/sdk/client/auth.js';..
import * as crypto from 'node:crypto';
interface OAuthClientProviderConfig {
redirectUrl: string;
serverUrl: string;
}
interface OAuthStorageData {
tokens?: OAuthTokens;
codeVerifier?: string;
clientInformation?: OAuthClientInformationFull;
}
export class OAuthClientProviderImpl implements OAuthClientProvider {
private config: OAuthClientProviderConfig;
private innerState: string;
private storageCache: OAuthStorageData = {};
constructor(config: OAuthClientProviderConfig) {
this.config = config;
this.innerState = crypto.randomUUID();
}
state(): string | Promise<string> {
return this.innerState;
}
get redirectUrl() {
return this.config.redirectUrl;
}
get clientMetadata(): OAuthClientMetadata {
return {
redirect_uris: [this.config.redirectUrl],
client_name: 'Gaunt Sloth Assistant',
client_uri: 'https://gaunt-sloth-assistant.github.io/',
software_id: '1dd38b83-946b-4631-8855-66ee467bfd68',
scope: 'mcp:read mcp:write',
token_endpoint_auth_method: 'none',
grant_types: ['authorization_code', 'refresh_token'],
response_types: ['code'],
};
}
saveClientInformation(clientInformation: OAuthClientInformationFull): Promise<void> {
this.storageCache.clientInformation = clientInformation;
return Promise.resolve();
}
async clientInformation(): Promise<OAuthClientInformationFull | undefined> {
return Promise.resolve(this.storageCache.clientInformation);
}
async saveTokens(tokens: OAuthTokens): Promise<void> {
this.storageCache.tokens = tokens;
}
tokens(): OAuthTokens | undefined {
return this.storageCache.tokens;
}
saveCodeVerifier(codeVerifier: string): Promise<void> {
this.storageCache.codeVerifier = codeVerifier;
return Promise.resolve();
}
codeVerifier(): Promise<string> {
if (!this.storageCache.codeVerifier) {
throw new Error('No code verifier stored');
}
return Promise.resolve(this.storageCache.codeVerifier);
}
async redirectToAuthorization(authUrl: URL): Promise<void> {
console.log('Auth url:', authUrl.toString());
}
}
const url = "https://mcp.atlassian.com/v1/sse"
const authProvider = new OAuthClientProviderImpl({
redirectUrl: `http://localhost:5555/oauth/callback`,
serverUrl: url,
});
await auth(authProvider, { serverUrl: url })Expected behavior
OAuth Roundtrip working.
Logs
ServerError: HTTP 404: Invalid OAuth error response: SyntaxError: Unexpected non-whitespace character after JSON at position 4 (line 1 column 5). Raw body: 404 Not Found
Additional context
Pinning 1.20.0 fixes the issue
Describe the bug
After upgrading to 1.21.1 https://mcp.atlassian.com/v1/sse gives 404 when trying to open well-known urls.
To Reproduce
Steps to reproduce the behavior:
Install @modelcontextprotocol/sdk 1.21.1
Expected behavior
OAuth Roundtrip working.
Logs
ServerError: HTTP 404: Invalid OAuth error response: SyntaxError: Unexpected non-whitespace character after JSON at position 4 (line 1 column 5). Raw body: 404 Not FoundAdditional context
Pinning 1.20.0 fixes the issue