inspector icon indicating copy to clipboard operation
inspector copied to clipboard
verified publisher icon modelcontextprotocol

Regression when using OAuth mcp servers

Open stephenlacy opened this issue 8 months ago • 7 comments

Describe the bug This commit b7ec3829d4bf8e8e148d817fbeb2c65435b7752a seems to have introduced a side-effect where an OAuth mcp server is not queried correctly. Calling connect on a server with a valid .well-known/oauth-authorization-server is instead going to the local server: http://localhost:6277/.well-known/oauth-authorization-server.

To Reproduce Steps to reproduce the behavior:

  1. Checkout the prior commit 8b38d6b18f65e06f83d6625637654862c65a87fe
  2. Run any sse mcp server with an OAuth metadata endpoint and attempt to connect to it
  3. Observe that the request correctly goes to the mcp server's base url
  4. Checkout b7ec3829d4bf8e8e148d817fbeb2c65435b7752a
  5. Run the same sse mcp server with an OAuth metadata endpoint and attempt to connect to it
  6. Observe that the request now goes to the proxy not the intended metadata endpoint

Logs The first three requests are from the prior commit and are correct 8b38d6b18f65e06f83d6625637654862c65a87fe The second group of sse requests are from the regression, the requests are now going to the proxy only. Image

stephenlacy avatar May 08 '25 18:05 stephenlacy

For those wondering in the meantime, just use the previous minor version: npx @modelcontextprotocol/[email protected] and it will work fine :)

Lp-Francois avatar May 14 '25 15:05 Lp-Francois

Thank you @Lp-Francois ! I was tearing my hair out on this "simple" example that wasn't working! https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-server

Taytay avatar May 14 '25 20:05 Taytay

Thank you @Lp-Francois ! I was tearing my hair out on this "simple" example that wasn't working! https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-server

@Taytay I ran into the exact same problem with the Cloudflare demo :)

Lp-Francois avatar May 14 '25 21:05 Lp-Francois

Thank you! I've been beating my head against this thinking it was something in my code until I came across this. I get the same error for SSE and Streamable HTTP.

jbasdf avatar May 17 '25 15:05 jbasdf

You can also comment out authProvider for each configuration object: https://github.com/modelcontextprotocol/inspector/blob/main/client/src/lib/hooks/useConnection.ts#L316 and run a local build

stephenlacy avatar May 17 '25 19:05 stephenlacy

Glad to see I am not the only one loosing hair over this :) Quick one - does 0.11.0 really fix this for you? Running a custom OAuthAuthorizationServerProvider and while a custom test script works without a problem I cannot get this to work with the inspector 0.11.0 or 0.12.0. Using transport streamable http

bttopfer avatar May 20 '25 12:05 bttopfer

I’m using streamable transport in the node sdk which has backwards compatibility to sse. At least enough compatibility for v11 to let me select SSE and the connect button triggers a check for the well known directory and then starts and complete the oauth flow.

At which point I have to switch to v12 and select streamable. Because v11 does not send the auth header to streamable endpoints

Seeing these issues makes me confident almost nobody is making these services yet haha, I’m just happy to figure this out and have it working

zackify avatar May 20 '25 12:05 zackify

I believe this was fixed in 0.13.0: https://github.com/modelcontextprotocol/inspector/releases

Please re-open if you're still running into issues.

olaservo avatar Jun 02 '25 02:06 olaservo