Fix MCP OAuth URL normalization - handle trailing slash and hostname case differences (microsoft#255415)

* Initial plan

* Fix MCP OAuth URL normalization issue - normalize URLs before comparison

Co-authored-by: TylerLeonhardt <[email protected]>

* Remove unnecessary normalizeUrlForComparison function - URL constructor handles all normalization

Co-authored-by: TylerLeonhardt <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TylerLeonhardt <[email protected]>

Author: Copilot

src/vs/base/test/common/oauth.test.ts

@@ -749,5 +749,11 @@ suite('OAuth', () => {
 			const result = getResourceServerBaseUrlFromDiscoveryUrl(discoveryUrl);
 			assert.strictEqual(result, 'https://example.com/api%20v1');
 		});
+
+		test('should normalize hostname case consistently', () => {
+			const discoveryUrl = 'https://MCP.EXAMPLE.COM/.well-known/oauth-protected-resource';
+			const result = getResourceServerBaseUrlFromDiscoveryUrl(discoveryUrl);
+			assert.strictEqual(result, 'https://mcp.example.com/');
+		});
 	});
 });

src/vs/workbench/api/common/extHostMcp.ts

@@ -392,7 +392,8 @@ class McpHTTPHandle extends Disposable {
 		const body = await resourceMetadataResponse.json();
 		if (isAuthorizationProtectedResourceMetadata(body)) {
 			const resolvedResource = getResourceServerBaseUrlFromDiscoveryUrl(resourceMetadata);
-			if (body.resource !== resolvedResource) {
+			// Use URL constructor for normalization - it handles hostname case and trailing slashes
+			if (new URL(body.resource).toString() !== new URL(resolvedResource).toString()) {
 				throw new Error(`Protected Resource Metadata resource "${body.resource}" does not match MCP server resolved resource "${resolvedResource}". The MCP server must follow OAuth spec https://datatracker.ietf.org/doc/html/rfc9728#PRConfigurationValidation`);
 			}
 			return body;