Fix: Ensure OAuth server is listening before accessing its address #152
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The setupOAuthCallbackServerWithLongPoll function now returns a Promise that resolves only after the server has started listening. This prevents server.address() from returning null, which was causing a TypeError when trying to access the port property. Fixes the issue where mcp-remote would crash with: 'TypeError: Cannot read properties of null (reading 'port')' when initializing OAuth authentication, particularly with services like Atlassian.
When the configured OAuth callback port is already in use, the system now automatically finds an alternative available port. This prevents EADDRINUSE errors and allows multiple instances to coexist. - Added findAvailablePort support to coordinateAuth and createLazyAuthCoordinator - Clear old OAuth client registration when port changes to ensure correct redirect URL - Return actual port used for OAuth callback server - Handle port conflicts gracefully with informative error messages
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes a race condition where
server.address()could returnnullif called before the Express server finished binding to its port, causing a TypeError when trying to access theportproperty.Problem
When using mcp-remote with OAuth-enabled servers (like Atlassian), the application would crash with:
This occurred because:
app.listen()is asynchronous and returns immediatelyserver.address()returnsnulluntil the server has started listeningSolution
Modified
setupOAuthCallbackServerWithLongPollto return a Promise that resolves only after the server has successfully started listening. This ensuresserver.address()will always return a valid address object.Changes
setupOAuthCallbackServerWithLongPollasync and wrap the server creation in a PromisesetupOAuthCallbackServerto await the async functioncoordinateAuthto await the setup functionTesting
Tested locally by:
npm run buildnpm linkmcp-remote https://mcp.atlassian.com/v1/sseRelated Issues
This fixes issues reported by users when connecting to OAuth-enabled MCP servers, particularly Atlassian's MCP implementation.