Skip to content

Commit a6fd8f5

Browse files
committed
permit all 4xx status codes to continue probing
1 parent ab060e1 commit a6fd8f5

File tree

2 files changed

+27
-8
lines changed

2 files changed

+27
-8
lines changed

src/client/auth.test.ts

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -688,7 +688,7 @@ describe("OAuth Authorization", () => {
688688
describe("buildDiscoveryUrls", () => {
689689
it("generates correct URLs for server without path", () => {
690690
const urls = buildDiscoveryUrls("https://auth.example.com");
691-
691+
692692
expect(urls).toHaveLength(2);
693693
expect(urls.map(u => ({ url: u.url.toString(), type: u.type }))).toEqual([
694694
{
@@ -704,7 +704,7 @@ describe("OAuth Authorization", () => {
704704

705705
it("generates correct URLs for server with path", () => {
706706
const urls = buildDiscoveryUrls("https://auth.example.com/tenant1");
707-
707+
708708
expect(urls).toHaveLength(4);
709709
expect(urls.map(u => ({ url: u.url.toString(), type: u.type }))).toEqual([
710710
{
@@ -728,7 +728,7 @@ describe("OAuth Authorization", () => {
728728

729729
it("handles URL object input", () => {
730730
const urls = buildDiscoveryUrls(new URL("https://auth.example.com/tenant1"));
731-
731+
732732
expect(urls).toHaveLength(4);
733733
expect(urls[0].url.toString()).toBe("https://auth.example.com/.well-known/oauth-authorization-server/tenant1");
734734
});
@@ -761,7 +761,7 @@ describe("OAuth Authorization", () => {
761761
ok: false,
762762
status: 404,
763763
});
764-
764+
765765
// Second OAuth URL (root) succeeds
766766
mockFetch.mockResolvedValueOnce({
767767
ok: true,
@@ -774,7 +774,7 @@ describe("OAuth Authorization", () => {
774774
);
775775

776776
expect(metadata).toEqual(validOAuthMetadata);
777-
777+
778778
// Verify it tried the URLs in the correct order
779779
const calls = mockFetch.mock.calls;
780780
expect(calls.length).toBe(2);
@@ -808,14 +808,32 @@ describe("OAuth Authorization", () => {
808808
).rejects.toThrow("does not support S256 code challenge method required by MCP specification");
809809
});
810810

811-
it("throws on non-404 errors", async () => {
811+
it("continues on 4xx errors", async () => {
812+
mockFetch.mockResolvedValueOnce({
813+
ok: false,
814+
status: 400,
815+
});
816+
817+
mockFetch.mockResolvedValueOnce({
818+
ok: true,
819+
status: 200,
820+
json: async () => validOpenIdMetadata,
821+
});
822+
823+
const metadata = await discoverAuthorizationServerMetadata("https://mcp.example.com");
824+
825+
expect(metadata).toEqual(validOpenIdMetadata);
826+
827+
});
828+
829+
it("throws on non-4xx errors", async () => {
812830
mockFetch.mockResolvedValueOnce({
813831
ok: false,
814832
status: 500,
815833
});
816834

817835
await expect(
818-
discoverAuthorizationServerMetadata("https://mcp.example.com", undefined)
836+
discoverAuthorizationServerMetadata("https://mcp.example.com")
819837
).rejects.toThrow("HTTP 500");
820838
});
821839

src/client/auth.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -762,7 +762,8 @@ export async function discoverAuthorizationServerMetadata(
762762
}
763763

764764
if (!response.ok) {
765-
if (response.status === 404) {
765+
// Continue looking for any 4xx response code.
766+
if (response.status >= 400 && response.status < 500) {
766767
continue; // Try next URL
767768
}
768769
throw new Error(`HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`);

0 commit comments

Comments
 (0)