feat(auth): add additional OAuth endpoints and improve client ID handling

2026-03-26 22:30:23 +02:00
parent 56c84df342
commit 1dde7f233d
3 changed files with 13 additions and 5 deletions
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -129,7 +129,9 @@ func routes(logger *slog.Logger, cfg *config.Config, db *store.DB, provider ai.P
 	mux.Handle(cfg.MCP.Path, auth.Middleware(cfg.Auth, keyring, oauthRegistry, tokenStore, logger)(mcpHandler))
 	if oauthRegistry != nil && tokenStore != nil {
 		mux.HandleFunc("/.well-known/oauth-authorization-server", oauthMetadataHandler())
+		mux.HandleFunc("/oauth-authorization-server", oauthMetadataHandler())
 		mux.HandleFunc("/oauth/register", oauthRegisterHandler(dynClients, logger))
+		mux.HandleFunc("/authorize", oauthAuthorizeHandler(dynClients, authCodes, logger))
 		mux.HandleFunc("/oauth/authorize", oauthAuthorizeHandler(dynClients, authCodes, logger))
 		mux.HandleFunc("/oauth/token", oauthTokenHandler(oauthRegistry, tokenStore, authCodes, logger))
 	}
--- a/internal/app/oauth.go
+++ b/internal/app/oauth.go
@@ -66,7 +66,7 @@ func oauthMetadataHandler() http.HandlerFunc {
 		base := serverBaseURL(r)
 		meta := oauthServerMetadata{
 			Issuer:                            base,
-			AuthorizationEndpoint:             base + "/oauth/authorize",
+			AuthorizationEndpoint:             base + "/authorize",
 			TokenEndpoint:                     base + "/oauth/token",
 			RegistrationEndpoint:              base + "/oauth/register",
 			ScopesSupported:                   []string{"mcp"},
--- a/internal/auth/dynamic_client_store.go
+++ b/internal/auth/dynamic_client_store.go
@@ -2,7 +2,8 @@ package auth

 import (
 	"crypto/rand"
-	"encoding/hex"
+	"fmt"
+	"strings"
 	"sync"
 	"time"
 )
@@ -42,21 +43,26 @@ func (s *DynamicClientStore) Register(name string, redirectURIs []string) (Dynam
 		return DynamicClient{}, err
 	}
 	client := DynamicClient{
-		ClientID:     hex.EncodeToString(b),
+		ClientID:     fmt.Sprintf("%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]),
 		ClientName:   name,
 		RedirectURIs: append([]string(nil), redirectURIs...),
 		CreatedAt:    time.Now(),
 	}
 	s.mu.Lock()
-	s.clients[client.ClientID] = client
+	s.clients[normalizeClientID(client.ClientID)] = client
 	s.mu.Unlock()
 	return client, nil
 }

 // Lookup returns the client for the given client_id.
+// Accepts UUIDs with or without dashes.
 func (s *DynamicClientStore) Lookup(clientID string) (DynamicClient, bool) {
 	s.mu.RLock()
-	client, ok := s.clients[clientID]
+	client, ok := s.clients[normalizeClientID(clientID)]
 	s.mu.RUnlock()
 	return client, ok
 }
+
+func normalizeClientID(id string) string {
+	return strings.ReplaceAll(id, "-", "")
+}