Don't set client secret expiry if public client

jerome3o-anthropic · jerome3o-anthropic · commit 8a222e8b385e · 2025-02-23T10:59:05.000Z
diff --git a/src/server/auth/handlers/register.ts b/src/server/auth/handlers/register.ts
@@ -75,10 +75,11 @@ export function clientRegistrationHandler({
       }
 
       const clientMetadata = parseResult.data;
+      const isPublicClient = clientMetadata.token_endpoint_auth_method !== 'none'
 
       // Generate client credentials
       const clientId = crypto.randomUUID();
-      const clientSecret = clientMetadata.token_endpoint_auth_method !== 'none'
+      const clientSecret = isPublicClient
         ? crypto.randomBytes(32).toString('hex')
         : undefined;
       const clientIdIssuedAt = Math.floor(Date.now() / 1000);
@@ -88,7 +89,11 @@ export function clientRegistrationHandler({
         client_id: clientId,
         client_secret: clientSecret,
         client_id_issued_at: clientIdIssuedAt,
-        client_secret_expires_at: clientSecretExpirySeconds > 0 ? clientIdIssuedAt + clientSecretExpirySeconds : 0
+        client_secret_expires_at: isPublicClient 
+          ? clientSecretExpirySeconds > 0 
+            ? clientIdIssuedAt + clientSecretExpirySeconds 
+            : 0
+          : undefined,
       };
 
       clientInfo = await clientsStore.registerClient!(clientInfo);
