mirror of
https://github.com/anomalyco/opencode.git
synced 2026-05-23 04:26:05 +00:00
e9ca7d292b
Two related OAuth issues with remote MCP servers: 1. `scope` config field was accepted but never propagated to `clientMetadata`. The MCP SDK uses `clientMetadata.scope` as its last-resort fallback when neither the WWW-Authenticate header nor the Protected Resource Metadata (scopes_supported) advertise scopes. For servers whose metadata returns no scopes (e.g. AWS Bedrock AgentCore), the authorization request was sent with no scope parameter, causing IdPs such as Okta to reject with "No scopes were requested." 2. The callback port was hardcoded to 19876 with no way to override it short of providing a full `redirectUri`. Added `callbackPort` as a shorthand in the OAuth config — when set it constructs the redirect URI as `http://127.0.0.1:<callbackPort>/mcp/oauth/callback`. `redirectUri` still takes precedence if both are provided. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| app | ||
| console | ||
| containers | ||
| core | ||
| desktop | ||
| docs | ||
| effect-drizzle-sqlite | ||
| enterprise | ||
| extensions/zed | ||
| function | ||
| http-recorder | ||
| identity | ||
| llm | ||
| opencode | ||
| plugin | ||
| script | ||
| sdk | ||
| slack | ||
| storybook | ||
| ui | ||
| web | ||