working with quick and guided

Author: pcarleton

client/src/App.tsx

@@ -142,7 +142,7 @@ const App = () => {
     >
   >([]);
   const [isAuthDebuggerVisible, setIsAuthDebuggerVisible] = useState(false);
-  
+
   // Auth debugger state (moved from AuthDebugger component)
   const [authState, setAuthState] = useState<AuthDebuggerState>({
     isInitiatingAuth: false,
@@ -265,11 +265,17 @@ const App = () => {
   );
 
   // Auto-connect to previously saved serverURL after OAuth callback
-  const onOAuthDebugConnect = useCallback(() => {
+  const onOAuthDebugConnect = useCallback((serverUrl: string, authorizationCode?: string) => {
     setIsAuthDebuggerVisible(true);
+    if (authorizationCode) {
+      updateAuthState({
+        authorizationCode,
+        oauthStep: "token_request",
+      });
+    }
   }, []);
 
-  // Load OAuth tokens when sseUrl changes (moved from AuthDebugger)
+  // Load OAuth tokens when sseUrl changes
   useEffect(() => {
     const loadOAuthTokens = async () => {
       try {
@@ -296,20 +302,6 @@ const App = () => {
     loadOAuthTokens();
   }, [sseUrl]);
 
-  // Check for debug callback code (moved from AuthDebugger)
-  useEffect(() => {
-    const debugCode = sessionStorage.getItem(SESSION_KEYS.DEBUG_CODE);
-    if (debugCode && sseUrl) {
-      updateAuthState({
-        authorizationCode: debugCode,
-        oauthStep: "token_request",
-      });
-
-      // Now that we've processed it, clear the debug code
-      sessionStorage.removeItem(SESSION_KEYS.DEBUG_CODE);
-    }
-  }, [sseUrl]);
-
   useEffect(() => {
     fetch(`${getMCPProxyAddress(config)}/config`)
       .then((response) => response.json())
@@ -558,7 +550,7 @@ const App = () => {
   // Helper function to render OAuth callback components
   const renderOAuthCallback = (
     path: string,
-    onConnect: (serverUrl: string) => void,
+    onConnect: (serverUrl: string, authorizationCode?: string) => void,
   ) => {
     const Component =
       path === "/oauth/callback"

client/src/components/AuthDebugger.tsx

@@ -8,14 +8,14 @@ import {
   startAuthorization,
   exchangeAuthorization,
 } from "@modelcontextprotocol/sdk/client/auth.js";
-import { SESSION_KEYS } from "../lib/constants";
 import {
   OAuthMetadataSchema,
   OAuthMetadata,
   OAuthClientInformation,
 } from "@modelcontextprotocol/sdk/shared/auth.js";
 import { CheckCircle2, Circle, ExternalLink, AlertCircle } from "lucide-react";
 import { AuthDebuggerState } from "../lib/auth-types";
+import { SESSION_KEYS, getServerSpecificKey } from "../lib/constants";
 
 interface AuthDebuggerProps {
   sseUrl: string;
@@ -24,38 +24,58 @@ interface AuthDebuggerProps {
   updateAuthState: (updates: Partial<AuthDebuggerState>) => void;
 }
 
-// Enhanced version of the OAuth client provider specifically for debug flows
+// Overrides debug URL and allows saving server OAuth metadata to
+// display in debug UI.
 class DebugInspectorOAuthClientProvider extends InspectorOAuthClientProvider {
   get redirectUrl(): string {
     return `${window.location.origin}/oauth/callback/debug`;
   }
+
+  saveServerMetadata(metadata: OAuthMetadata) {
+    const key = getServerSpecificKey(
+      SESSION_KEYS.SERVER_METADATA,
+      this.serverUrl,
+    );
+    sessionStorage.setItem(key, JSON.stringify(metadata));
+  }
+
+  getServerMetadata(): OAuthMetadata | null {
+    const key = getServerSpecificKey(
+      SESSION_KEYS.SERVER_METADATA,
+      this.serverUrl,
+    );
+    const metadata = sessionStorage.getItem(key);
+    if (!metadata) {
+      return null;
+    }
+    return JSON.parse(metadata);
+  }
 }
 
-const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebuggerProps) => {
-  // Load client info asynchronously when we have a debug code
-  useEffect(() => {
-    const debugCode = sessionStorage.getItem(SESSION_KEYS.DEBUG_CODE);
-    if (debugCode && sseUrl && authState.oauthStep === "token_request") {
-      // Load client info asynchronously
-      const provider = new DebugInspectorOAuthClientProvider(sseUrl);
-      provider
-        .clientInformation()
-        .then((info) => {
-          updateAuthState({ oauthClientInfo: info || null });
-        })
-        .catch((error) => {
-          console.error("Failed to load client information:", error);
-        });
+const AuthDebugger = ({
+  sseUrl,
+  onBack,
+  authState,
+  updateAuthState,
+}: AuthDebuggerProps) => {
+  // Load client info asynchronously when we're at the token_request step
+
+  const validateOAuthMetadata = async (
+    provider: DebugInspectorOAuthClientProvider,
+  ): Promise<OAuthMetadata> => {
+    const metadata = provider.getServerMetadata();
+    if (metadata) {
+      return metadata;
     }
-  }, [sseUrl, authState.oauthStep, updateAuthState]);
 
-  const validateOAuthMetadata = (
-    metadata: OAuthMetadata | null,
-  ): OAuthMetadata => {
-    if (!metadata) {
-      throw new Error("Can't advance without successfully fetching metadata");
+    const fetchedMetadata = await discoverOAuthMetadata(sseUrl);
+    if (!fetchedMetadata) {
+      throw new Error("Failed to discover OAuth metadata");
     }
-    return metadata;
+    const parsedMetadata =
+      await OAuthMetadataSchema.parseAsync(fetchedMetadata);
+
+    return parsedMetadata;
   };
 
   const validateClientInformation = async (
@@ -108,8 +128,9 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
         }
         const parsedMetadata = await OAuthMetadataSchema.parseAsync(metadata);
         updateAuthState({ oauthMetadata: parsedMetadata });
+        provider.saveServerMetadata(parsedMetadata);
       } else if (authState.oauthStep === "metadata_discovery") {
-        const metadata = validateOAuthMetadata(authState.oauthMetadata);
+        const metadata = await validateOAuthMetadata(provider);
 
         updateAuthState({ oauthStep: "client_registration" });
 
@@ -127,7 +148,7 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
         provider.saveClientInformation(fullInformation);
         updateAuthState({ oauthClientInfo: fullInformation });
       } else if (authState.oauthStep === "client_registration") {
-        const metadata = validateOAuthMetadata(authState.oauthMetadata);
+        const metadata = await validateOAuthMetadata(provider);
         const clientInformation = await validateClientInformation(provider);
         updateAuthState({ oauthStep: "authorization_redirect" });
         try {
@@ -158,7 +179,10 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
           );
         }
       } else if (authState.oauthStep === "authorization_code") {
-        if (!authState.authorizationCode || authState.authorizationCode.trim() === "") {
+        if (
+          !authState.authorizationCode ||
+          authState.authorizationCode.trim() === ""
+        ) {
           updateAuthState({
             validationError: "You need to provide an authorization code",
           });
@@ -167,7 +191,7 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
         updateAuthState({ validationError: null, oauthStep: "token_request" });
       } else if (authState.oauthStep === "token_request") {
         const codeVerifier = provider.codeVerifier();
-        const metadata = validateOAuthMetadata(authState.oauthMetadata);
+        const metadata = await validateOAuthMetadata(provider);
         const clientInformation = await validateClientInformation(provider);
 
         const tokens = await exchangeAuthorization(sseUrl, {
@@ -285,6 +309,7 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
   }, [authState.statusMessage]);
 
   const renderOAuthFlow = useCallback(() => {
+    const provider = new DebugInspectorOAuthClientProvider(sseUrl);
     const steps = [
       {
         key: "not_started",
@@ -294,14 +319,14 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
       {
         key: "metadata_discovery",
         label: "Metadata Discovery",
-        metadata: authState.oauthMetadata && (
+        metadata: provider.getServerMetadata() && (
           <details className="text-xs mt-2">
             <summary className="cursor-pointer text-muted-foreground font-medium">
               Retrieved OAuth Metadata from {sseUrl}
               /.well-known/oauth-authorization-server
             </summary>
             <pre className="mt-2 p-2 bg-muted rounded-md overflow-auto max-h-[300px]">
-              {JSON.stringify(authState.oauthMetadata, null, 2)}
+              {JSON.stringify(provider.getServerMetadata(), null, 2)}
             </pre>
           </details>
         ),
@@ -491,15 +516,17 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
             authState.authorizationUrl && (
               <Button
                 variant="outline"
-                onClick={() => window.open(authState.authorizationUrl!, "_blank")}
+                onClick={() =>
+                  window.open(authState.authorizationUrl!, "_blank")
+                }
               >
                 Open in New Tab
               </Button>
             )}
         </div>
       </div>
     );
-  }, [authState, sseUrl]);
+  }, [authState, sseUrl, proceedToNextStep, updateAuthState]);
 
   return (
     <div className="w-full p-4">
@@ -581,4 +608,4 @@ const AuthDebugger = ({ sseUrl, onBack, authState, updateAuthState }: AuthDebugg
   );
 };
 
-export default AuthDebugger;
+export default AuthDebugger;

client/src/components/OAuthDebugCallback.tsx

@@ -7,7 +7,7 @@ import {
 } from "@/utils/oauthUtils.ts";
 
 interface OAuthCallbackProps {
-  onConnect: (serverUrl: string) => void;
+  onConnect: (serverUrl: string, authorizationCode?: string) => void;
 }
 
 const OAuthDebugCallback = ({ onConnect }: OAuthCallbackProps) => {
@@ -50,18 +50,17 @@ const OAuthDebugCallback = ({ onConnect }: OAuthCallbackProps) => {
         return notifyError("Missing authorization code");
       }
 
-      sessionStorage.setItem(SESSION_KEYS.DEBUG_CODE, params.code);
+      // Instead of storing in sessionStorage, pass the code directly
+      // to the auth state manager through onConnect
+      onConnect(serverUrl, params.code);
 
-      // Finally, trigger navigation back to auth debugger
+      // Show success message
       toast({
         title: "Success",
         description:
-          "Authorization code received. Please return to the Auth Debugger.",
+          "Authorization code received. Returning to the Auth Debugger.",
         variant: "default",
       });
-
-      // Call onConnect to navigate back to the auth debugger
-      onConnect(serverUrl);
     };
 
     handleCallback().finally(() => {
@@ -99,4 +98,4 @@ const OAuthDebugCallback = ({ onConnect }: OAuthCallbackProps) => {
   );
 };
 
-export default OAuthDebugCallback;
+export default OAuthDebugCallback;

client/src/lib/auth.ts

@@ -8,7 +8,7 @@ import {
 import { SESSION_KEYS, getServerSpecificKey } from "./constants";
 
 export class InspectorOAuthClientProvider implements OAuthClientProvider {
-  constructor(private serverUrl: string) {
+  constructor(protected serverUrl: string) {
     // Save the server URL to session storage
     sessionStorage.setItem(SESSION_KEYS.SERVER_URL, serverUrl);
   }

client/src/lib/constants.ts

@@ -6,11 +6,7 @@ export const SESSION_KEYS = {
   SERVER_URL: "mcp_server_url",
   TOKENS: "mcp_tokens",
   CLIENT_INFORMATION: "mcp_client_information",
-  /**
-   * Temporary storage for OAuth authorization code during debug flow
-   * Used when authentication is done in a separate tab
-   */
-  DEBUG_CODE: "mcp_code",
+  SERVER_METADATA: "mcp_server_metadata",
 } as const;
 
 // Generate server-specific session storage keys