feat(oauth): add redirect URIs for mcp-remote compatibility #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com>
tommynguyen-vungle
added a commit
that referenced
this pull request
Aug 20, 2025
* feat(oauth): add redirect URIs for mcp-remote compatibility (#5) Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com> * feat(oauth): allow client registration of redirect URIs (#6) Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com> --------- Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com>
tommynguyen-vungle
added a commit
that referenced
this pull request
Aug 20, 2025
* feat(oauth): add redirect URIs for mcp-remote compatibility (#5) Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com> * feat(oauth): allow client registration of redirect URIs (#6) Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com> --------- Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com> Co-authored-by: Tommy Nguyen <tuannvm@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
The mcp-remote npm package was failing to connect to the MCP server with the error:
Fatal error: Error: Cannot find localhost callback URI from existing client information
The issue was that the OAuth authorization server metadata endpoint (/.well-known/oauth-authorization-server) was not advertising supported redirect URIs, which mcp-remote requires
to discover valid callback URLs for the OAuth flow.
Root Cause
The HandleAuthorizationServerMetadata function in internal/oauth/metadata.go was missing the redirect_uris field in the OAuth 2.0 Authorization Server Metadata response (RFC 8414).
This prevented OAuth clients like mcp-remote from discovering which callback URIs are supported for the authorization code flow.
Solution
Added redirect_uris field to the OAuth authorization server metadata response when OAUTH_REDIRECT_URI is configured:
// Add redirect URIs for mcp-remote compatibility
if h.config.RedirectURI != "" {
metadata["redirect_uris"] = []string{h.config.RedirectURI}
}
Configuration
For this fix to work, the server must be deployed with:
export OAUTH_REDIRECT_URI="https:///oauth/callback"
Testing
After deployment with the environment variable set, verify the fix works:
curl https:///.well-known/oauth-authorization-server
Should now include:
{
"redirect_uris": ["https:///oauth/callback"],
...
}
Impact
This allows clients using mcp-remote to successfully complete the OAuth authorization flow with the MCP server.