Skip to content

Remove lstrip in each OAuth endpoint#770

Closed
hongkunyoo wants to merge 1 commit intomodelcontextprotocol:mainfrom
hongkunyoo:main
Closed

Remove lstrip in each OAuth endpoint#770
hongkunyoo wants to merge 1 commit intomodelcontextprotocol:mainfrom
hongkunyoo:main

Conversation

@hongkunyoo
Copy link

@hongkunyoo hongkunyoo commented May 21, 2025
edited
Loading

lstrip strips left / which results in ISSUER_URLauthorize

Motivation and Context

/.well-known/oauth-authorization-server output is weirld.

  • expected: "authorization_endpoint": "https://$MY_ISSUER/authorize",
  • actual: "authorization_endpoint": "https://$MY_ISSUERauthorize",

It seems lstrip is unnecessary for each OAuth endpoint

How Has This Been Tested?

Check following result:

curl $MY_MCP_SERVER/.well-known/oauth-authorization-server

{
  "issuer": "$MY_ISSUER",
  "authorization_endpoint": "$MY_ISSUERauthorize",   # / is missing between $MY_ISSUER and authorize
  "token_endpoint": "$MY_ISSUERtoken",
  "registration_endpoint": "$MY_ISSUERregister",
  "scopes_supported": [
    "openid"
  ],
  "response_types_supported": [
    "code"
  ],
  "grant_types_supported": [
    "authorization_code",
    "refresh_token"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post"
  ],
  "revocation_endpoint": "$MY_ISSUERrevoke",
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_post"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ]
}

Breaking Changes

No

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@hongkunyoo
Remove lstrip in each oauth endpoint
41a240a 
`lstrip` strips left `/` which results in `ISSUER_URLauthorize`
@Kludex
Copy link
Member

Kludex commented May 21, 2025

Right, this is half of what is needed. We need to urllib.parse.urljoin here... And we can't build using AnyHttpUrl

@Rodriguespn Rodriguespn mentioned this pull request May 22, 2025
Merged
9 tasks
@Rodriguespn
Copy link
Contributor

Rodriguespn commented May 22, 2025

Hey @hongkunyoo, thank you for setting this up! I also bumped into this issue, great job 🙌

I tested your solution for URLs like http:localhost:8000 (like the one on this GitHub OAuth example) and got http:localhost:8000//authorize. Althought this will work on every modern browser, it's not the ideal solution, so I created this PR inspired on your's that uses built-in python posixpath to fix this for all URL

#779

@hongkunyoo
Copy link
Author

hongkunyoo commented May 22, 2025

Closing this PR since better proposal exists: #779

@hongkunyoo hongkunyoo closed this May 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hongkunyoo @Kludex @Rodriguespn