Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-16 16:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
LibreChat/api/server
History
Exact
Danny Avila 24c76c6cb9
🛜 feat: Support Legacy OAuth Servers without .well-known Metadata (#10917) 
Adds support for MCP servers like StackOverflow that use OAuth but don't
provide standard discovery metadata at .well-known endpoints.

Changes:
- Add fallback OAuth endpoints (/authorize, /token, /register) when
  discoverAuthorizationServerMetadata returns undefined
- Add POST fallback in OAuth detection when HEAD returns non-401
  (StackOverflow returns 405 for HEAD, 401 for POST)
- Detect OAuth requirement from WWW-Authenticate: Bearer header even
  without resource_metadata URL
- Add fallback /token endpoint for token refresh when metadata
  discovery fails
- Add registration_endpoint to OAuthMetadata type

This mirrors the MCP SDK's behavior where it gracefully falls back to
default OAuth endpoint paths when .well-known metadata isn't available.

Tests:
- Add unit tests for detectOAuth.ts (POST fallback, Bearer detection)
- Add unit tests for handler.ts (fallback metadata, fallback refresh)
- Add StackOverflow to integration test servers

Fixes OAuth flow for servers that:
- Return 405 for HEAD requests (only support POST)
- Return 401 with simple "Bearer" in WWW-Authenticate
- Don't have .well-known/oauth-authorization-server endpoint
- Use standard /authorize, /token, /register paths
2025-12-11 12:31:24 -05:00
..
controllers 📦 refactor: Request Message Sanitization for Smaller Final Response (#10792) 2025-12-03 14:26:49 -05:00
middleware 📦 refactor: Request Message Sanitization for Smaller Final Response (#10792) 2025-12-03 14:26:49 -05:00
routes 🛜 feat: Support Legacy OAuth Servers without .well-known Metadata (#10917) 2025-12-11 12:31:24 -05:00
services 🔧 fix: Error handling in Firebase and Local file deletion (#10894) 2025-12-10 15:06:48 -05:00
utils refactor: Optimize & Standardize Tokenizer Usage (#10777) 2025-12-02 12:22:04 -05:00
cleanup.js 🤖 refactor: Improve Agent Handoff Context Tracking (#10553) 2025-11-17 16:57:51 -05:00
experimental.js refactor: Optimize & Standardize Tokenizer Usage (#10777) 2025-12-02 12:22:04 -05:00
index.js refactor: Optimize & Standardize Tokenizer Usage (#10777) 2025-12-02 12:22:04 -05:00
index.spec.js 🛜 refactor: Streamline App Config Usage (#9234) 2025-08-26 12:10:18 -04:00
socialLogins.js ⚙️ refactor: Only register OpenID Strategy if Config Succeeded (#9094) 2025-08-16 14:49:03 -04:00