From 1dde7f233d03dcd15fabde1f2f272af5c9c264c8 Mon Sep 17 00:00:00 2001 From: Hein Date: Thu, 26 Mar 2026 22:30:23 +0200 Subject: [PATCH] feat(auth): add additional OAuth endpoints and improve client ID handling --- internal/app/app.go | 2 ++ internal/app/oauth.go | 2 +- internal/auth/dynamic_client_store.go | 14 ++++++++++---- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/internal/app/app.go b/internal/app/app.go index 59e6bd7..3dba584 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -129,7 +129,9 @@ func routes(logger *slog.Logger, cfg *config.Config, db *store.DB, provider ai.P mux.Handle(cfg.MCP.Path, auth.Middleware(cfg.Auth, keyring, oauthRegistry, tokenStore, logger)(mcpHandler)) if oauthRegistry != nil && tokenStore != nil { mux.HandleFunc("/.well-known/oauth-authorization-server", oauthMetadataHandler()) + mux.HandleFunc("/oauth-authorization-server", oauthMetadataHandler()) mux.HandleFunc("/oauth/register", oauthRegisterHandler(dynClients, logger)) + mux.HandleFunc("/authorize", oauthAuthorizeHandler(dynClients, authCodes, logger)) mux.HandleFunc("/oauth/authorize", oauthAuthorizeHandler(dynClients, authCodes, logger)) mux.HandleFunc("/oauth/token", oauthTokenHandler(oauthRegistry, tokenStore, authCodes, logger)) } diff --git a/internal/app/oauth.go b/internal/app/oauth.go index 878fe75..e0f8c23 100644 --- a/internal/app/oauth.go +++ b/internal/app/oauth.go @@ -66,7 +66,7 @@ func oauthMetadataHandler() http.HandlerFunc { base := serverBaseURL(r) meta := oauthServerMetadata{ Issuer: base, - AuthorizationEndpoint: base + "/oauth/authorize", + AuthorizationEndpoint: base + "/authorize", TokenEndpoint: base + "/oauth/token", RegistrationEndpoint: base + "/oauth/register", ScopesSupported: []string{"mcp"}, diff --git a/internal/auth/dynamic_client_store.go b/internal/auth/dynamic_client_store.go index c137915..1641043 100644 --- a/internal/auth/dynamic_client_store.go +++ b/internal/auth/dynamic_client_store.go @@ -2,7 +2,8 @@ package auth import ( "crypto/rand" - "encoding/hex" + "fmt" + "strings" "sync" "time" ) @@ -42,21 +43,26 @@ func (s *DynamicClientStore) Register(name string, redirectURIs []string) (Dynam return DynamicClient{}, err } client := DynamicClient{ - ClientID: hex.EncodeToString(b), + ClientID: fmt.Sprintf("%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]), ClientName: name, RedirectURIs: append([]string(nil), redirectURIs...), CreatedAt: time.Now(), } s.mu.Lock() - s.clients[client.ClientID] = client + s.clients[normalizeClientID(client.ClientID)] = client s.mu.Unlock() return client, nil } // Lookup returns the client for the given client_id. +// Accepts UUIDs with or without dashes. func (s *DynamicClientStore) Lookup(clientID string) (DynamicClient, bool) { s.mu.RLock() - client, ok := s.clients[clientID] + client, ok := s.clients[normalizeClientID(clientID)] s.mu.RUnlock() return client, ok } + +func normalizeClientID(id string) string { + return strings.ReplaceAll(id, "-", "") +}