Merge pull request #715 from modelcontextprotocol/fweinberger/fix-sensitive-local-storage

fweinberger/fix sensitive local storage

Author: cliffhall

client/src/lib/auth.ts

@@ -110,10 +110,17 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider {
   }
 
   saveClientInformation(clientInformation: OAuthClientInformation) {
+    // Remove client_secret before storing (not needed after initial OAuth flow)
+    const safeInfo = Object.fromEntries(
+      Object.entries(clientInformation).filter(
+        ([key]) => key !== "client_secret",
+      ),
+    ) as OAuthClientInformation;
+
     // Save the dynamically registered client information to session storage
     saveClientInformationToSessionStorage({
       serverUrl: this.serverUrl,
-      clientInformation,
+      clientInformation: safeInfo,
       isPreregistered: false,
     });
   }