Add OAuth support for remote MCP servers#302
Open
rohitprasad15 wants to merge 1 commit into
Open
Conversation
HTTP MCP servers can now declare an oauth block (client_id, client_secret, scopes) in mcp.json. First use opens the system browser for consent via a localhost loopback redirect; tokens are cached in the SecretStore (profile mcp-oauth:<server>) and refreshed silently, with a one-shot forced refresh on 401. Endpoint defaults target Google's hosted Workspace MCP servers (Calendar/Gmail), which take a developer-created OAuth client and do not support dynamic client registration; authorize_url/token_url are overridable for other providers. Co-authored-by: Devika <dr.drp8226@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
HTTP MCP servers can declare an oauth block (client id/secret + scopes) in mcp.json: first use opens a one-time browser consent (PKCE + localhost redirect), tokens are cached in the SecretStore and refreshed automatically, with a forced refresh on 401. Defaults target Google's hosted Calendar/Gmail MCP servers; endpoints are overridable for other providers. Tested with 10 new unit tests; full platform suite green.