feat(mcp): OAuth 2.1 authorization for remote MCP servers#1161
Merged
Conversation
Contributor
Quality GateResult: ✅ all floors passed
Config: .github/quality-gate.yml. Workflow: |
Remote MCP servers gated behind OAuth 2.1 could not be connected: the MCP client only supported static bearer/basic/header auth and treated a 401 as a generic error, so servers such as the AWS MCP server never authorized. Add the full MCP authorization flow, reusing the existing auth package primitives. On a 401 the client parses the WWW-Authenticate challenge, discovers the protected-resource and authorization-server metadata, registers a public client via dynamic client registration, runs a PKCE authorization code flow through a localhost callback with the resource indicator, and stores the resulting tokens in the encrypted auth store. Tokens refresh transparently via the shared refreshable token provider, and a 401 that survives a refresh surfaces an actionable error so the agent can re-authorize. New surfaces: - @mcp-login built-in tool with login, status and logout subcommands, so the agent can authorize a server after a tool call reports it is unauthorized. - /mcp login and /mcp logout commands, both wired into the completer. - /mcp status shows an authorization-required state with a login hint. The SSE transport also uses stored OAuth tokens; automatic 401 detection is scoped to the streamable HTTP transport. The Anthropic and OpenAI OAuth logins are unchanged: the token provider constructor only delegates to a shared implementation with the default refresh path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Remote MCP servers gated behind OAuth 2.1 could not be connected. The MCP client only supported static bearer/basic/header auth and treated a
401as a generic error, so servers such as the AWS MCP server never authorized (mirroring how/mcpre-authorizes in other clients was impossible).What this adds
The full MCP authorization flow, reusing the existing
auth/primitives (PKCE, loopback callback, encrypted store, single-flight refresh,DoWithRefresh):401, parse theWWW-Authenticatechallenge, discover protected-resource metadata (RFC 9728) and authorization-server metadata (RFC 8414), register a public client via Dynamic Client Registration (RFC 7591), run a PKCE authorization-code flow through a localhost callback with the resource indicator (RFC 8707), and persist tokens.401surviving a refresh surfaces an actionable error so the agent can re-authorize mid-session.New surfaces
@mcp-loginbuilt-in tool (login/status/logout) so the agent authorizes a server after a tool call reports it is unauthorized. Auto-registers into the completer, palette and tool catalog viaGetPlugins./mcp loginand/mcp logoutcommands, wired into the completer./mcp statusshows an authorization-required state with a login hint.Security
~/.chatcli/auth-profiles.json,0600). Only non-secret metadata (endpoints, issuer, publicclient_id) lives in~/.chatcli/mcp_oauth/<server>.json.Compatibility
auth/tests pass./mcp loginvia well-known discovery.Tests
OAuthRequiredErrorwith the parsed challenge.go vet, andgolangci-lintall green. i18n keys added for en, en-US and pt-BR.