From f6f6418f2cad638e8390c0553fe60ed11b978185 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Wed, 18 Jun 2025 11:44:59 +0100 Subject: [PATCH 01/11] pass resource in auth debugger, reusing server url --- client/src/lib/oauth-state-machine.ts | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index 5f10a7830..0bc128b8a 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -36,11 +36,14 @@ export const oauthTransitions: Record = { resourceMetadata = await discoverOAuthProtectedResourceMetadata( context.serverUrl, ); - if ( - resourceMetadata && - resourceMetadata.authorization_servers?.length - ) { - authServerUrl = new URL(resourceMetadata.authorization_servers[0]); + if (resourceMetadata) { + if (resourceMetadata.resource !== context.serverUrl) { + throw new Error("Resource URL does not match server URL"); + } + + if (resourceMetadata.authorization_servers?.length) { + authServerUrl = new URL(resourceMetadata.authorization_servers[0]); + } } } catch (e) { if (e instanceof Error) { @@ -113,6 +116,7 @@ export const oauthTransitions: Record = { clientInformation, redirectUrl: context.provider.redirectUrl, scope, + resource: new URL(context.serverUrl), }, ); @@ -163,6 +167,7 @@ export const oauthTransitions: Record = { authorizationCode: context.state.authorizationCode, codeVerifier, redirectUri: context.provider.redirectUrl, + resource: new URL(context.serverUrl), }); context.provider.saveTokens(tokens); From f41a88d53fda8a7f01903557c8b90a1a92765812 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Wed, 18 Jun 2025 11:52:57 +0100 Subject: [PATCH 02/11] throw error on resource url mismatch to match regular auth flow --- client/src/components/OAuthFlowProgress.tsx | 2 +- client/src/lib/oauth-state-machine.ts | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/client/src/components/OAuthFlowProgress.tsx b/client/src/components/OAuthFlowProgress.tsx index b9b67c6c4..0e260556d 100644 --- a/client/src/components/OAuthFlowProgress.tsx +++ b/client/src/components/OAuthFlowProgress.tsx @@ -156,7 +156,7 @@ export const OAuthFlowProgress = ({ {authState.resourceMetadataError && (

- ℹ️ No resource metadata available from{" "} + ℹ️ Problem with resource metadata from{" "} = { context.serverUrl, ); if (resourceMetadata) { - if (resourceMetadata.resource !== context.serverUrl) { - throw new Error("Resource URL does not match server URL"); - } - if (resourceMetadata.authorization_servers?.length) { authServerUrl = new URL(resourceMetadata.authorization_servers[0]); } @@ -53,6 +49,12 @@ export const oauthTransitions: Record = { } } + if (resourceMetadata) { + if (resourceMetadata.resource !== context.serverUrl) { + throw new Error(`Resource URL from metadata does not match server URL. ${resourceMetadata.resource} != ${context.serverUrl}`); + } + } + const metadata = await discoverOAuthMetadata(authServerUrl); if (!metadata) { throw new Error("Failed to discover OAuth metadata"); From d159874fbf0a56e4123ab208e4575471f24cbf66 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Wed, 18 Jun 2025 13:48:47 +0100 Subject: [PATCH 03/11] lint & tests --- .../src/components/__tests__/AuthDebugger.test.tsx | 12 ++++++------ client/src/lib/oauth-state-machine.ts | 4 +++- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx index eb7ff3ba5..9c8c16e58 100644 --- a/client/src/components/__tests__/AuthDebugger.test.tsx +++ b/client/src/components/__tests__/AuthDebugger.test.tsx @@ -88,7 +88,7 @@ describe("AuthDebugger", () => { const defaultAuthState = EMPTY_DEBUGGER_STATE; const defaultProps = { - serverUrl: "https://example.com", + serverUrl: "https://example.com/mcp", onBack: jest.fn(), authState: defaultAuthState, updateAuthState: jest.fn(), @@ -496,11 +496,11 @@ describe("AuthDebugger", () => { it("should successfully fetch and display protected resource metadata", async () => { const updateAuthState = jest.fn(); const mockResourceMetadata = { - resource: "https://example.com/api", + resource: "https://example.com/mcp", authorization_servers: ["https://custom-auth.example.com"], bearer_methods_supported: ["header", "body"], - resource_documentation: "https://example.com/api/docs", - resource_policy_uri: "https://example.com/api/policy", + resource_documentation: "https://example.com/mcp/docs", + resource_policy_uri: "https://example.com/mcp/policy", }; // Mock successful metadata discovery @@ -538,7 +538,7 @@ describe("AuthDebugger", () => { // Wait for the metadata to be fetched await waitFor(() => { expect(mockDiscoverOAuthProtectedResourceMetadata).toHaveBeenCalledWith( - "https://example.com", + "https://example.com/mcp", ); }); @@ -584,7 +584,7 @@ describe("AuthDebugger", () => { // Wait for the metadata fetch to fail await waitFor(() => { expect(mockDiscoverOAuthProtectedResourceMetadata).toHaveBeenCalledWith( - "https://example.com", + "https://example.com/mcp", ); }); diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index f2e6daaca..557ebce8a 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -51,7 +51,9 @@ export const oauthTransitions: Record = { if (resourceMetadata) { if (resourceMetadata.resource !== context.serverUrl) { - throw new Error(`Resource URL from metadata does not match server URL. ${resourceMetadata.resource} != ${context.serverUrl}`); + throw new Error( + `Resource URL from metadata does not match server URL. ${resourceMetadata.resource} != ${context.serverUrl}`, + ); } } From a004e6d733009ef4cf3b20844a9590297a984b03 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Wed, 18 Jun 2025 14:53:32 +0100 Subject: [PATCH 04/11] add test --- client/src/components/__tests__/AuthDebugger.test.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx index 9c8c16e58..bc997871e 100644 --- a/client/src/components/__tests__/AuthDebugger.test.tsx +++ b/client/src/components/__tests__/AuthDebugger.test.tsx @@ -203,7 +203,7 @@ describe("AuthDebugger", () => { // Should first discover and save OAuth metadata expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com"), + new URL("https://example.com/mcp"), ); // Check that updateAuthState was called with the right info message @@ -361,7 +361,7 @@ describe("AuthDebugger", () => { }); expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com"), + new URL("https://example.com/mcp"), ); }); @@ -594,7 +594,7 @@ describe("AuthDebugger", () => { expect.objectContaining({ resourceMetadataError: mockError, // Should use the original server URL as fallback - authServerUrl: new URL("https://example.com"), + authServerUrl: new URL("https://example.com/mcp"), oauthStep: "client_registration", }), ); @@ -602,7 +602,7 @@ describe("AuthDebugger", () => { // Verify that regular OAuth metadata discovery was still called expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com"), + new URL("https://example.com/mcp"), ); }); }); From 64131a2159f84fa179fa2f402cddde4ee2715ea0 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Wed, 18 Jun 2025 15:26:08 +0100 Subject: [PATCH 05/11] make authserver url make more sense --- client/src/components/__tests__/AuthDebugger.test.tsx | 8 ++++---- client/src/lib/oauth-state-machine.ts | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx index bc997871e..fe1880e36 100644 --- a/client/src/components/__tests__/AuthDebugger.test.tsx +++ b/client/src/components/__tests__/AuthDebugger.test.tsx @@ -203,7 +203,7 @@ describe("AuthDebugger", () => { // Should first discover and save OAuth metadata expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com/mcp"), + new URL("https://example.com/"), ); // Check that updateAuthState was called with the right info message @@ -361,7 +361,7 @@ describe("AuthDebugger", () => { }); expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com/mcp"), + new URL("https://example.com/"), ); }); @@ -594,7 +594,7 @@ describe("AuthDebugger", () => { expect.objectContaining({ resourceMetadataError: mockError, // Should use the original server URL as fallback - authServerUrl: new URL("https://example.com/mcp"), + authServerUrl: new URL("https://example.com/"), oauthStep: "client_registration", }), ); @@ -602,7 +602,7 @@ describe("AuthDebugger", () => { // Verify that regular OAuth metadata discovery was still called expect(mockDiscoverOAuthMetadata).toHaveBeenCalledWith( - new URL("https://example.com/mcp"), + new URL("https://example.com/"), ); }); }); diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index 557ebce8a..cbf8048e7 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -29,7 +29,8 @@ export const oauthTransitions: Record = { metadata_discovery: { canTransition: async () => true, execute: async (context) => { - let authServerUrl = new URL(context.serverUrl); + // Default to discovering from the server's URL + let authServerUrl = new URL("/", context.serverUrl); let resourceMetadata: OAuthProtectedResourceMetadata | null = null; let resourceMetadataError: Error | null = null; try { From 8ea57f322007dc7e1d0463fc30b82954008d49a4 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Thu, 19 Jun 2025 16:04:40 +0100 Subject: [PATCH 06/11] use latest typescript sdk --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index a54bf6647..da7d57b4a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "@modelcontextprotocol/inspector-cli": "^0.14.3", "@modelcontextprotocol/inspector-client": "^0.14.3", "@modelcontextprotocol/inspector-server": "^0.14.3", - "@modelcontextprotocol/sdk": "^1.12.1", + "@modelcontextprotocol/sdk": "^1.13.0", "concurrently": "^9.0.1", "open": "^10.1.0", "shell-quote": "^1.8.2", @@ -2005,9 +2005,9 @@ "link": true }, "node_modules/@modelcontextprotocol/sdk": { - "version": "1.12.1", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.12.1.tgz", - "integrity": "sha512-KG1CZhZfWg+u8pxeM/mByJDScJSrjjxLc8fwQqbsS8xCjBmQfMNEBTotYdNanKekepnfRI85GtgQlctLFpcYPw==", + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.13.0.tgz", + "integrity": "sha512-P5FZsXU0kY881F6Hbk9GhsYx02/KgWK1DYf7/tyE/1lcFKhDYPQR9iYjhQXJn+Sg6hQleMo3DB7h7+p4wgp2Lw==", "dependencies": { "ajv": "^6.12.6", "content-type": "^1.0.5", diff --git a/package.json b/package.json index 7e7be67f8..782ae83ce 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "@modelcontextprotocol/inspector-cli": "^0.14.3", "@modelcontextprotocol/inspector-client": "^0.14.3", "@modelcontextprotocol/inspector-server": "^0.14.3", - "@modelcontextprotocol/sdk": "^1.12.1", + "@modelcontextprotocol/sdk": "^1.13.0", "concurrently": "^9.0.1", "open": "^10.1.0", "shell-quote": "^1.8.2", From 32cca1d0238117e183a5cc06e79a42ac0a07cc60 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Fri, 20 Jun 2025 11:15:02 +0100 Subject: [PATCH 07/11] more lenient resource checking --- client/src/lib/oauth-state-machine.ts | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index cbf8048e7..03b3a5f37 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -37,10 +37,8 @@ export const oauthTransitions: Record = { resourceMetadata = await discoverOAuthProtectedResourceMetadata( context.serverUrl, ); - if (resourceMetadata) { - if (resourceMetadata.authorization_servers?.length) { - authServerUrl = new URL(resourceMetadata.authorization_servers[0]); - } + if (resourceMetadata.authorization_servers?.length) { + authServerUrl = new URL(resourceMetadata.authorization_servers[0]); } } catch (e) { if (e instanceof Error) { @@ -50,12 +48,11 @@ export const oauthTransitions: Record = { } } - if (resourceMetadata) { - if (resourceMetadata.resource !== context.serverUrl) { - throw new Error( - `Resource URL from metadata does not match server URL. ${resourceMetadata.resource} != ${context.serverUrl}`, - ); - } + // TODO: use SDK function selectResourceURL here once new version bump lands + if (resourceMetadata && resourceMetadata.resource !== context.serverUrl) { + resourceMetadataError = new Error( + `Warning: metadata resource ${resourceMetadata.resource} does not match serverUrl ${context.serverUrl}`, + ); } const metadata = await discoverOAuthMetadata(authServerUrl); From d6fed2affdc92131eba1d589e1a3d6263e92ec9e Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Thu, 19 Jun 2025 16:59:15 +0100 Subject: [PATCH 08/11] pick resource, and store in state --- client/src/lib/auth-types.ts | 1 + client/src/lib/oauth-state-machine.ts | 24 ++++++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/client/src/lib/auth-types.ts b/client/src/lib/auth-types.ts index 5e8113ef8..9a28265b1 100644 --- a/client/src/lib/auth-types.ts +++ b/client/src/lib/auth-types.ts @@ -30,6 +30,7 @@ export interface AuthDebuggerState { oauthStep: OAuthStep; resourceMetadata: OAuthProtectedResourceMetadata | null; resourceMetadataError: Error | null; + resource: string | null; authServerUrl: URL | null; oauthMetadata: OAuthMetadata | null; oauthClientInfo: OAuthClientInformationFull | OAuthClientInformation | null; diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index 03b3a5f37..d7eea3ef6 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -7,6 +7,9 @@ import { exchangeAuthorization, discoverOAuthProtectedResourceMetadata, } from "@modelcontextprotocol/sdk/client/auth.js"; +import { + resourceUrlFromServerUrl +} from "@modelcontextprotocol/sdk/shared/auth-utils.js"; import { OAuthMetadataSchema, OAuthProtectedResourceMetadata, @@ -37,7 +40,7 @@ export const oauthTransitions: Record = { resourceMetadata = await discoverOAuthProtectedResourceMetadata( context.serverUrl, ); - if (resourceMetadata.authorization_servers?.length) { + if (resourceMetadata?.authorization_servers?.length) { authServerUrl = new URL(resourceMetadata.authorization_servers[0]); } } catch (e) { @@ -48,11 +51,15 @@ export const oauthTransitions: Record = { } } - // TODO: use SDK function selectResourceURL here once new version bump lands - if (resourceMetadata && resourceMetadata.resource !== context.serverUrl) { - resourceMetadataError = new Error( - `Warning: metadata resource ${resourceMetadata.resource} does not match serverUrl ${context.serverUrl}`, - ); + let resource: string| undefined; + if (resourceMetadata) { + resource = resourceUrlFromServerUrl(context.serverUrl); + // TODO: use SDK function selectResourceURL once version bump lands to be consistent + if (resource !== resourceMetadata.resource) + resourceMetadataError = new Error( + `Warning: metadata resource ${resourceMetadata.resource} does not match serverUrl ${context.serverUrl}`, + ); + } } const metadata = await discoverOAuthMetadata(authServerUrl); @@ -63,6 +70,7 @@ export const oauthTransitions: Record = { context.provider.saveServerMetadata(parsedMetadata); context.updateState({ resourceMetadata, + resource, resourceMetadataError, authServerUrl, oauthMetadata: parsedMetadata, @@ -118,7 +126,7 @@ export const oauthTransitions: Record = { clientInformation, redirectUrl: context.provider.redirectUrl, scope, - resource: new URL(context.serverUrl), + resource: context.state.resource, }, ); @@ -169,7 +177,7 @@ export const oauthTransitions: Record = { authorizationCode: context.state.authorizationCode, codeVerifier, redirectUri: context.provider.redirectUrl, - resource: new URL(context.serverUrl), + resource: context.state.resource, }); context.provider.saveTokens(tokens); From 8562cba5b09f5bdc1d52896eb90aaa85c263bf95 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Fri, 20 Jun 2025 11:27:47 +0100 Subject: [PATCH 09/11] fixing tests and types --- .../src/components/__tests__/AuthDebugger.test.tsx | 1 + client/src/lib/auth-types.ts | 3 ++- client/src/lib/oauth-state-machine.ts | 14 ++++++-------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx index fe1880e36..9bbf88631 100644 --- a/client/src/components/__tests__/AuthDebugger.test.tsx +++ b/client/src/components/__tests__/AuthDebugger.test.tsx @@ -320,6 +320,7 @@ describe("AuthDebugger", () => { isInitiatingAuth: false, resourceMetadata: null, resourceMetadataError: null, + resource: null, oauthTokens: null, oauthStep: "metadata_discovery", latestError: null, diff --git a/client/src/lib/auth-types.ts b/client/src/lib/auth-types.ts index 9a28265b1..f8f927c68 100644 --- a/client/src/lib/auth-types.ts +++ b/client/src/lib/auth-types.ts @@ -30,7 +30,7 @@ export interface AuthDebuggerState { oauthStep: OAuthStep; resourceMetadata: OAuthProtectedResourceMetadata | null; resourceMetadataError: Error | null; - resource: string | null; + resource: URL | null; authServerUrl: URL | null; oauthMetadata: OAuthMetadata | null; oauthClientInfo: OAuthClientInformationFull | OAuthClientInformation | null; @@ -48,6 +48,7 @@ export const EMPTY_DEBUGGER_STATE: AuthDebuggerState = { oauthMetadata: null, resourceMetadata: null, resourceMetadataError: null, + resource: null, authServerUrl: null, oauthClientInfo: null, authorizationUrl: null, diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index d7eea3ef6..884caf1fb 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -7,9 +7,7 @@ import { exchangeAuthorization, discoverOAuthProtectedResourceMetadata, } from "@modelcontextprotocol/sdk/client/auth.js"; -import { - resourceUrlFromServerUrl -} from "@modelcontextprotocol/sdk/shared/auth-utils.js"; +import { resourceUrlFromServerUrl } from "@modelcontextprotocol/sdk/shared/auth-utils.js"; import { OAuthMetadataSchema, OAuthProtectedResourceMetadata, @@ -51,11 +49,11 @@ export const oauthTransitions: Record = { } } - let resource: string| undefined; + let resource: URL | undefined; if (resourceMetadata) { - resource = resourceUrlFromServerUrl(context.serverUrl); // TODO: use SDK function selectResourceURL once version bump lands to be consistent - if (resource !== resourceMetadata.resource) + resource = resourceUrlFromServerUrl(new URL(context.serverUrl)); + if (resource.href !== resourceMetadata.resource) { resourceMetadataError = new Error( `Warning: metadata resource ${resourceMetadata.resource} does not match serverUrl ${context.serverUrl}`, ); @@ -126,7 +124,7 @@ export const oauthTransitions: Record = { clientInformation, redirectUrl: context.provider.redirectUrl, scope, - resource: context.state.resource, + resource: context.state.resource ?? undefined, }, ); @@ -177,7 +175,7 @@ export const oauthTransitions: Record = { authorizationCode: context.state.authorizationCode, codeVerifier, redirectUri: context.provider.redirectUrl, - resource: context.state.resource, + resource: context.state.resource ?? undefined, }); context.provider.saveTokens(tokens); From 5e3f63f39f160399d9ffc43d85d7dec595ec0ab7 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Mon, 23 Jun 2025 15:12:33 +0100 Subject: [PATCH 10/11] [auth] use sdk function for selecting resource (#537) * use sdk function * bump typescript sdk --- client/src/lib/oauth-state-machine.ts | 17 ++++++----------- package-lock.json | 9 ++++----- package.json | 2 +- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index 884caf1fb..13443542a 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -6,8 +6,8 @@ import { startAuthorization, exchangeAuthorization, discoverOAuthProtectedResourceMetadata, + selectResourceURL, } from "@modelcontextprotocol/sdk/client/auth.js"; -import { resourceUrlFromServerUrl } from "@modelcontextprotocol/sdk/shared/auth-utils.js"; import { OAuthMetadataSchema, OAuthProtectedResourceMetadata, @@ -49,16 +49,11 @@ export const oauthTransitions: Record = { } } - let resource: URL | undefined; - if (resourceMetadata) { - // TODO: use SDK function selectResourceURL once version bump lands to be consistent - resource = resourceUrlFromServerUrl(new URL(context.serverUrl)); - if (resource.href !== resourceMetadata.resource) { - resourceMetadataError = new Error( - `Warning: metadata resource ${resourceMetadata.resource} does not match serverUrl ${context.serverUrl}`, - ); - } - } + const resource = selectResourceURL( + context.serverUrl, + context.provider, + resourceMetadata, + ); const metadata = await discoverOAuthMetadata(authServerUrl); if (!metadata) { diff --git a/package-lock.json b/package-lock.json index 09db8c0d5..695f6a024 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "@modelcontextprotocol/inspector-cli": "^0.14.3", "@modelcontextprotocol/inspector-client": "^0.14.3", "@modelcontextprotocol/inspector-server": "^0.14.3", - "@modelcontextprotocol/sdk": "^1.13.0", + "@modelcontextprotocol/sdk": "^1.13.1", "concurrently": "^9.0.1", "open": "^10.1.0", "shell-quote": "^1.8.2", @@ -2005,10 +2005,9 @@ "link": true }, "node_modules/@modelcontextprotocol/sdk": { - "version": "1.13.0", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.13.0.tgz", - "integrity": "sha512-P5FZsXU0kY881F6Hbk9GhsYx02/KgWK1DYf7/tyE/1lcFKhDYPQR9iYjhQXJn+Sg6hQleMo3DB7h7+p4wgp2Lw==", - "license": "MIT", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.13.1.tgz", + "integrity": "sha512-8q6+9aF0yA39/qWT/uaIj6zTpC+Qu07DnN/lb9mjoquCJsAh6l3HyYqc9O3t2j7GilseOQOQimLg7W3By6jqvg==", "dependencies": { "ajv": "^6.12.6", "content-type": "^1.0.5", diff --git a/package.json b/package.json index a21363a73..7b89edb87 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "@modelcontextprotocol/inspector-cli": "^0.14.3", "@modelcontextprotocol/inspector-client": "^0.14.3", "@modelcontextprotocol/inspector-server": "^0.14.3", - "@modelcontextprotocol/sdk": "^1.13.0", + "@modelcontextprotocol/sdk": "^1.13.1", "concurrently": "^9.0.1", "open": "^10.1.0", "shell-quote": "^1.8.2", From ab816bd933bf5fe5e811607857a5012b7b0b853d Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Mon, 23 Jun 2025 15:21:38 +0100 Subject: [PATCH 11/11] fix some tests --- client/src/components/__tests__/AuthDebugger.test.tsx | 1 + client/src/lib/oauth-state-machine.ts | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx index 9bbf88631..fa9f2f7da 100644 --- a/client/src/components/__tests__/AuthDebugger.test.tsx +++ b/client/src/components/__tests__/AuthDebugger.test.tsx @@ -41,6 +41,7 @@ jest.mock("@modelcontextprotocol/sdk/client/auth.js", () => ({ startAuthorization: jest.fn(), exchangeAuthorization: jest.fn(), discoverOAuthProtectedResourceMetadata: jest.fn(), + selectResourceURL: jest.fn(), })); // Import the functions to get their types diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index 13443542a..d87b3ecd6 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -49,10 +49,11 @@ export const oauthTransitions: Record = { } } - const resource = selectResourceURL( + const resource: URL | undefined = await selectResourceURL( context.serverUrl, context.provider, - resourceMetadata, + // we default to null, so swap it for undefined if not set + resourceMetadata ?? undefined, ); const metadata = await discoverOAuthMetadata(authServerUrl);