fix reconnection needing oauth flow (#649)

* fix: reconnecting servers

* feat: add button to demo to interact with server

* changeset

Author: mattzcarey

.changeset/deep-sloths-sit.md

@@ -0,0 +1,5 @@
+---
+"agents": patch
+---
+
+fix auth url not being cleared on a successful oauth callback causing endless reconnection

examples/mcp-client/src/client.tsx

@@ -93,6 +93,36 @@ function App() {
     );
   };
 
+  const handleGetTools = async (serverId: string) => {
+    try {
+      const response = await agentFetch(
+        {
+          agent: "my-agent",
+          host: agent.host,
+          name: sessionId!,
+          path: "get-tools"
+        },
+        {
+          body: JSON.stringify({ serverId }),
+          method: "POST"
+        }
+      );
+      const data = (await response.json()) as { tools: any[]; error?: string };
+
+      if (data.error) {
+        throw new Error(data.error);
+      }
+
+      console.log("Server tools:", data.tools);
+      alert(`Server Tools:\n\n${JSON.stringify(data.tools, null, 2)}`);
+    } catch (error) {
+      console.error("Failed to get tools:", error);
+      alert(
+        `Failed to get tools: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  };
+
   return (
     <div className="container">
       <div className="status-indicator">
@@ -140,6 +170,11 @@ function App() {
                   Authorize
                 </button>
               )}
+              {server.state === "ready" && (
+                <button type="button" onClick={() => handleGetTools(id)}>
+                  List Tools
+                </button>
+              )}
               <button type="button" onClick={() => handleDisconnect(id)}>
                 Disconnect
               </button>

examples/mcp-client/src/server.ts

@@ -47,6 +47,28 @@ export class MyAgent extends Agent<Env, never> {
       return new Response("Ok", { status: 200 });
     }
 
+    if (reqUrl.pathname.endsWith("get-tools") && request.method === "POST") {
+      try {
+        const { serverId } = (await request.json()) as { serverId: string };
+        const allTools = this.mcp.listTools();
+        const tools = allTools.filter((tool) => tool.serverId === serverId);
+        return new Response(JSON.stringify({ tools }), {
+          headers: { "Content-Type": "application/json" },
+          status: 200
+        });
+      } catch (error) {
+        return new Response(
+          JSON.stringify({
+            error: error instanceof Error ? error.message : String(error)
+          }),
+          {
+            headers: { "Content-Type": "application/json" },
+            status: 500
+          }
+        );
+      }
+    }
+
     return new Response("Not found", { status: 404 });
   }
 }

packages/agents/src/index.ts

@@ -502,6 +502,8 @@ export class Agent<
             this.broadcastMcpServers();
 
             if (result.authSuccess) {
+              this.clearMcpServerAuthUrl(result.serverId);
+
               this.mcp
                 .establishConnection(result.serverId)
                 .catch((error) => {
@@ -1609,6 +1611,19 @@ export class Agent<
     this.broadcastMcpServers();
   }
 
+  /**
+   * Clear the auth_url for an MCP server after successful OAuth authentication
+   * This prevents the agent from continuously asking for OAuth on reconnect
+   * @param id The server ID to clear auth_url for
+   */
+  private clearMcpServerAuthUrl(id: string) {
+    this.sql`
+      UPDATE cf_agents_mcp_servers
+      SET auth_url = NULL
+      WHERE id = ${id}
+    `;
+  }
+
   getMcpServers(): MCPServersState {
     const mcpState: MCPServersState = {
       prompts: this.mcp.listPrompts(),

packages/agents/src/tests/mcp/oauth2-mcp-client.test.ts

@@ -291,6 +291,69 @@ describe("OAuth2 MCP Client", () => {
     });
   });
 
+  it("should clear auth_url from database after successful OAuth callback", async () => {
+    const agentId = env.TestOAuthAgent.newUniqueId();
+    const agentStub = env.TestOAuthAgent.get(agentId);
+
+    await agentStub.setName("default");
+    await agentStub.onStart();
+
+    const serverId = nanoid(8);
+    const serverName = "test-oauth-server";
+    const serverUrl = "http://example.com/mcp";
+    const clientId = "test-client-id";
+    const authUrl = "http://example.com/oauth/authorize";
+    const callbackBaseUrl = `http://example.com/agents/test-o-auth-agent/${agentId.toString()}/callback`;
+
+    // Insert MCP server with auth_url
+    agentStub.sql`
+      INSERT INTO cf_agents_mcp_servers (id, name, server_url, client_id, auth_url, callback_url, server_options)
+      VALUES (
+        ${serverId},
+        ${serverName},
+        ${serverUrl},
+        ${clientId},
+        ${authUrl},
+        ${callbackBaseUrl},
+        ${null}
+      )
+    `;
+
+    // Verify auth_url exists before callback
+    const serverBefore = await agentStub.getMcpServerFromDb(serverId);
+    expect(serverBefore).not.toBeNull();
+    expect(serverBefore?.auth_url).toBe(authUrl);
+
+    // Setup mock connection and OAuth state
+    await agentStub.setupMockMcpConnection(
+      serverId,
+      serverName,
+      serverUrl,
+      callbackBaseUrl
+    );
+    await agentStub.setupMockOAuthState(serverId, "test-code", "test-state");
+
+    // Simulate successful OAuth callback
+    const authCode = "test-auth-code";
+    const state = "test-state";
+    const callbackUrl = `${callbackBaseUrl}/${serverId}?code=${authCode}&state=${state}`;
+    const request = new Request(callbackUrl, { method: "GET" });
+
+    const response = await agentStub.fetch(request);
+    expect(response.status).toBe(200);
+
+    // Verify auth_url is cleared after successful callback
+    const serverAfter = await agentStub.getMcpServerFromDb(serverId);
+    expect(serverAfter).not.toBeNull();
+    expect(serverAfter?.auth_url).toBeNull();
+
+    // Verify the server record still exists with other data intact
+    expect(serverAfter?.id).toBe(serverId);
+    expect(serverAfter?.name).toBe(serverName);
+    expect(serverAfter?.server_url).toBe(serverUrl);
+    expect(serverAfter?.client_id).toBe(clientId);
+  });
+
   describe("OAuth Redirect Behavior", () => {
     async function setupOAuthTest(config: {
       successRedirect?: string;