Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-16 16:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🛂 refactor: Use discoverAuthorizationServerMetadata for MCP OAuth (#8723)

Browse source 
* Use discoverAuthorizationServerMetadata instead of discoverMetadata

Uses the discoverAuthorizationServerMetadata function from the upstream
TS SDK. This has the advantage of falling back to OIDC discovery
metadata if the OAuth discovery metadata doesn't exist which is the case
with e.g. keycloak.

* chore: import order

---------

Co-authored-by: Danny Avila <danacordially@gmail.com>
This commit is contained in:
Jakub Hrozek 2025-07-29 15:09:52 +02:00 committed by GitHub
parent c4677ab3fb
commit 6671fcb714
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
packages/api/src/mcp/oauth/handler.ts
View file

@ -1,10 +1,10 @@
import { randomBytes } from 'crypto';
import { logger } from '@librechat/data-schemas';
import {
discoverOAuthMetadata,
registerClient,
startAuthorization,
exchangeAuthorization,
discoverAuthorizationServerMetadata,
discoverOAuthProtectedResourceMetadata,
} from '@modelcontextprotocol/sdk/client/auth.js';
import { OAuthMetadataSchema } from '@modelcontextprotocol/sdk/shared/auth.js';
@ -61,7 +61,7 @@ export class MCPOAuthHandler {
// Discover OAuth metadata
logger.debug(`[MCPOAuth] Discovering OAuth metadata from ${authServerUrl}`);
const rawMetadata = await discoverOAuthMetadata(authServerUrl);
const rawMetadata = await discoverAuthorizationServerMetadata(authServerUrl);
if (!rawMetadata) {
logger.error(`[MCPOAuth] Failed to discover OAuth metadata from ${authServerUrl}`);
@ -466,7 +466,10 @@ export class MCPOAuthHandler {
throw new Error('No token URL available for refresh');
} else {
/** Auto-discover OAuth configuration for refresh */
const { metadata: oauthMetadata } = await this.discoverMetadata(metadata.serverUrl);
const oauthMetadata = await discoverAuthorizationServerMetadata(metadata.serverUrl);
if (!oauthMetadata) {
throw new Error('Failed to discover OAuth metadata for token refresh');
}
if (!oauthMetadata.token_endpoint) {
throw new Error('No token endpoint found in OAuth metadata');
}
@ -584,7 +587,7 @@ export class MCPOAuthHandler {
}
/** Auto-discover OAuth configuration for refresh */
const { metadata: oauthMetadata } = await this.discoverMetadata(metadata.serverUrl);
const oauthMetadata = await discoverAuthorizationServerMetadata(metadata.serverUrl);
if (!oauthMetadata.token_endpoint) {
throw new Error('No token endpoint found in OAuth metadata');