Skip to content

Commit 0b2c0b1

Browse files
pcarletonpcarleton
committed
cleanup
1 parent 49b51f5 commit 0b2c0b1

File tree

1 file changed

+29
-35
lines changed

1 file changed

+29
-35
lines changed

src/client/auth.ts

Lines changed: 29 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import {
88
OAuthClientInformationFull,
99
OAuthProtectedResourceMetadata,
1010
OAuthErrorResponseSchema,
11-
OpenIdProviderDiscoveryMetadata,
1211
AuthorizationServerMetadata,
1312
OpenIdProviderDiscoveryMetadataSchema
1413
} from "../shared/auth.js";
@@ -659,22 +658,7 @@ export async function discoverOAuthMetadata(
659658
return OAuthMetadataSchema.parse(await response.json());
660659
}
661660

662-
/**
663-
* Discovers authorization server metadata with support for RFC 8414 OAuth 2.0 Authorization Server Metadata
664-
* and OpenID Connect Discovery 1.0 specifications.
665-
*
666-
* This function implements a fallback strategy for authorization server discovery:
667-
* 1. Attempts RFC 8414 OAuth metadata discovery first
668-
* 2. If OAuth discovery fails, falls back to OpenID Connect Discovery
669-
*
670-
* @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's
671-
* protected resource metadata, or the MCP server's URL if the
672-
* metadata was not found.
673-
* @param options - Configuration options
674-
* @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch
675-
* @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION
676-
* @returns Promise resolving to authorization server metadata, or undefined if discovery fails
677-
*/
661+
678662
/**
679663
* Builds a list of discovery URLs to try for authorization server metadata.
680664
* URLs are returned in priority order:
@@ -686,7 +670,7 @@ export function buildDiscoveryUrls(authorizationServerUrl: string | URL): { url:
686670
const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl;
687671
const hasPath = url.pathname !== '/';
688672
const urlsToTry: { url: URL; type: 'oauth' | 'oidc' }[] = [];
689-
673+
690674
// 1. OAuth metadata at the given URL
691675
urlsToTry.push({
692676
url: new URL(
@@ -695,15 +679,15 @@ export function buildDiscoveryUrls(authorizationServerUrl: string | URL): { url:
695679
),
696680
type: 'oauth'
697681
});
698-
682+
699683
// 2. OAuth metadata at root (if URL has path)
700684
if (hasPath) {
701685
urlsToTry.push({
702686
url: new URL(buildWellKnownPath('oauth-authorization-server'), url.origin),
703687
type: 'oauth'
704688
});
705689
}
706-
690+
707691
// 3. OIDC metadata endpoints
708692
if (hasPath) {
709693
// RFC 8414 style: Insert /.well-known/openid-configuration before the path
@@ -722,10 +706,26 @@ export function buildDiscoveryUrls(authorizationServerUrl: string | URL): { url:
722706
type: 'oidc'
723707
});
724708
}
725-
709+
726710
return urlsToTry;
727711
}
728712

713+
/**
714+
* Discovers authorization server metadata with support for RFC 8414 OAuth 2.0 Authorization Server Metadata
715+
* and OpenID Connect Discovery 1.0 specifications.
716+
*
717+
* This function implements a fallback strategy for authorization server discovery:
718+
* 1. Attempts RFC 8414 OAuth metadata discovery first
719+
* 2. If OAuth discovery fails, falls back to OpenID Connect Discovery
720+
*
721+
* @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's
722+
* protected resource metadata, or the MCP server's URL if the
723+
* metadata was not found.
724+
* @param options - Configuration options
725+
* @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch
726+
* @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION
727+
* @returns Promise resolving to authorization server metadata, or undefined if discovery fails
728+
*/
729729
export async function discoverAuthorizationServerMetadata(
730730
authorizationServerUrl: string | URL,
731731
{
@@ -737,49 +737,43 @@ export async function discoverAuthorizationServerMetadata(
737737
} = {}
738738
): Promise<AuthorizationServerMetadata | undefined> {
739739
const headers = { 'MCP-Protocol-Version': protocolVersion };
740-
740+
741741
// Get the list of URLs to try
742742
const urlsToTry = buildDiscoveryUrls(authorizationServerUrl);
743-
743+
744744
// Try each URL in order
745745
for (const { url: endpointUrl, type } of urlsToTry) {
746746
const response = await fetchWithCorsRetry(endpointUrl, headers, fetchFn);
747-
747+
748748
if (!response) {
749749
throw new Error(`CORS error trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`);
750750
}
751-
751+
752752
if (!response.ok) {
753753
if (response.status === 404) {
754754
continue; // Try next URL
755755
}
756756
throw new Error(`HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`);
757757
}
758-
758+
759759
// Parse and validate based on type
760760
if (type === 'oauth') {
761761
return OAuthMetadataSchema.parse(await response.json());
762762
} else {
763763
const metadata = OpenIdProviderDiscoveryMetadataSchema.parse(await response.json());
764-
764+
765765
// MCP spec requires OIDC providers to support S256 PKCE
766766
if (!metadata.code_challenge_methods_supported?.includes('S256')) {
767767
throw new Error(
768768
`Incompatible OIDC provider at ${endpointUrl}: does not support S256 code challenge method required by MCP specification`
769769
);
770770
}
771-
771+
772772
return metadata;
773773
}
774774
}
775-
776-
return undefined;
777-
}
778775

779-
function getProtocolVersionHeader(protocolVersion: string): Record<string, string> {
780-
return {
781-
'MCP-Protocol-Version': protocolVersion,
782-
};
776+
return undefined;
783777
}
784778

785779
/**

0 commit comments

Comments
 (0)