Fix OAuth login with query string parameters in server URLs#290
Merged
Conversation
`mcpc login https://mcp.apify.com/?tools=search-actors,docs` failed with `HTTP 404 ... POST /register` while the same URL without the query worked. The query string (e.g. Apify's `?tools=` tool filter) is a connection-level concern, not part of the server's OAuth identity. The MCP SDK copies it onto its `/.well-known/oauth-protected-resource` discovery request, which breaks discovery; the SDK then treats the MCP origin as its own authorization server and issues `POST <origin>/register`, which the MCP server has no route for. Add `getOAuthServerUrl()` to strip the query/fragment (keeping the path) and use it for the login flow and OAuth metadata discovery. Profile and keychain keys already key on the host, so login/connect lookups stay consistent. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HcHZT2MZSUoQi5GHumhiad
It is OAuth-specific by name and purpose and only used by OAuth code, so it belongs in the shared OAuth utilities module rather than the generic utils. Pure move (function + tests relocated); no behaviour change. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HcHZT2MZSUoQi5GHumhiad
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
mcpc login https://mcp.apify.com/?tools=search-actors,docsfailed withHTTP 404 ... POST /register, while the same URL without the query worked. A query like Apify's?tools=filter is a connection-level concern, not part of the server's OAuth identity — but the MCP SDK copies it onto its.well-knowndiscovery requests, which breaks discovery and makes it fall back toPOST <origin>/registeron the MCP server.getOAuthServerUrl()to strip the query/fragment (keeping the path)loginflow and OAuth metadata discoveryhttps://claude.ai/code/session_01HcHZT2MZSUoQi5GHumhiad