📮 feat: Custom OAuth Headers Support for MCP Server Config (#10014)

* add oauth_headers field to mcp options * wrap fetch to pass oauth headers * fix order * consolidate headers passing * fix tests
2025-12-16 16:30:15 +01:00 · 2025-10-11 17:17:12 +02:00 · 2025-10-11 17:17:12 +02:00 · 5ce67b5b71
commit 5ce67b5b71
parent cbd217efae
8 changed files with 304 additions and 35 deletions
--- a/api/server/controllers/UserController.js
+++ b/api/server/controllers/UserController.js
@ -327,16 +327,23 @@ const maybeUninstallOAuthMCP = async (userId, pluginKey, appConfig) => {
  const revocationEndpointAuthMethodsSupported =
    serverConfig.oauth?.revocation_endpoint_auth_methods_supported ??
    clientMetadata.revocation_endpoint_auth_methods_supported;
+  const oauthHeaders = serverConfig.oauth_headers ?? {};

  if (tokens?.access_token) {
    try {
-      await MCPOAuthHandler.revokeOAuthToken(serverName, tokens.access_token, 'access', {
-        serverUrl: serverConfig.url,
-        clientId: clientInfo.client_id,
-        clientSecret: clientInfo.client_secret ?? '',
-        revocationEndpoint,
-        revocationEndpointAuthMethodsSupported,
-      });
+      await MCPOAuthHandler.revokeOAuthToken(
+        serverName,
+        tokens.access_token,
+        'access',
+        {
+          serverUrl: serverConfig.url,
+          clientId: clientInfo.client_id,
+          clientSecret: clientInfo.client_secret ?? '',
+          revocationEndpoint,
+          revocationEndpointAuthMethodsSupported,
+        },
+        oauthHeaders,
+      );
    } catch (error) {
      logger.error(`Error revoking OAuth access token for ${serverName}:`, error);
    }
@ -344,13 +351,19 @@ const maybeUninstallOAuthMCP = async (userId, pluginKey, appConfig) => {

  if (tokens?.refresh_token) {
    try {
-      await MCPOAuthHandler.revokeOAuthToken(serverName, tokens.refresh_token, 'refresh', {
-        serverUrl: serverConfig.url,
-        clientId: clientInfo.client_id,
-        clientSecret: clientInfo.client_secret ?? '',
-        revocationEndpoint,
-        revocationEndpointAuthMethodsSupported,
-      });
+      await MCPOAuthHandler.revokeOAuthToken(
+        serverName,
+        tokens.refresh_token,
+        'refresh',
+        {
+          serverUrl: serverConfig.url,
+          clientId: clientInfo.client_id,
+          clientSecret: clientInfo.client_secret ?? '',
+          revocationEndpoint,
+          revocationEndpointAuthMethodsSupported,
+        },
+        oauthHeaders,
+      );
    } catch (error) {
      logger.error(`Error revoking OAuth refresh token for ${serverName}:`, error);
    }