feat: Directly use Cognito OAuth metadata endpoint instead of API Gateway redirect

clareliguori · clareliguori · commit fc7bdbcd402c · 2025-08-23T17:12:16.000-07:00
diff --git a/examples/servers/dad-jokes/cdk_stack.py b/examples/servers/dad-jokes/cdk_stack.py
@@ -112,7 +112,8 @@ def create_api_gateway(
 
         # Import Cognito User Pool from the McpAuth stack
         user_pool_id = Fn.import_value("McpAuth-UserPoolId")
-        authorization_url = Fn.import_value("McpAuth-AuthorizationServerUrl")
+        user_pool_provider_url = Fn.import_value("McpAuth-IssuerDomain")
+
         user_pool = cognito.UserPool.from_user_pool_id(
             self, "ImportedUserPool", user_pool_id
         )
@@ -200,7 +201,7 @@ def create_api_gateway(
                             {
                                 "resource_name": "Dad Jokes MCP Server",
                                 "resource": f"https://{api.rest_api_id}.execute-api.{self.region}.amazonaws.com/prod/mcp",
-                                "authorization_servers": [authorization_url],
+                                "authorization_servers": [user_pool_provider_url],
                                 "scopes_supported": ["mcp-resource-server/dad-jokes"],
                                 "bearer_methods_supported": ["header"],
                             },
diff --git a/examples/servers/dog-facts/lib/dog-facts-mcp-server.ts b/examples/servers/dog-facts/lib/dog-facts-mcp-server.ts
@@ -103,9 +103,7 @@ export class DogFactsMcpServer extends cdk.Stack {
 
     // Authorize with Cognito
     const userPoolId = cdk.Fn.importValue("McpAuth-UserPoolId");
-    const authorizationUrl = cdk.Fn.importValue(
-      "McpAuth-AuthorizationServerUrl"
-    );
+    const userPoolProviderUrl = cdk.Fn.importValue("McpAuth-IssuerDomain");
     const userPool = UserPool.fromUserPoolId(
       this,
       "ImportedUserPool",
@@ -187,7 +185,7 @@ export class DogFactsMcpServer extends cdk.Stack {
               {
                 resource_name: "Dog Facts MCP Server",
                 resource: `https://${api.restApiId}.execute-api.${this.region}.amazonaws.com/prod/mcp`,
-                authorization_servers: [authorizationUrl],
+                authorization_servers: [userPoolProviderUrl],
                 scopes_supported: ["mcp-resource-server/dog-facts"],
                 bearer_methods_supported: ["header"],
               },
