Skip to content

Fix Quick OAuth Flow to use automatic callback instead of debug callback #599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix Quick OAuth Flow to use automatic callback instead of debug callback #599

wants to merge 2 commits into from
+20 −8

Conversation

phernandez
Copy link

This PR fixes an issue where the "Quick OAuth Flow" button was using the debug callback URL (/oauth/callback/debug) instead of the automatic callback URL (/oauth/callback), requiring users to manually copy-paste authorization codes.

Changes Made

  1. Updated OAuthStateMachine to accept an optional provider parameter

    • Maintains backward compatibility by defaulting to DebugInspectorOAuthClientProvider
    • Handles provider-specific methods (saveServerMetadata, getServerMetadata) gracefully

  2. Updated AuthDebugger.tsx to use the appropriate provider for each flow:

    • Quick OAuth Flow: Uses InspectorOAuthClientProvider/oauth/callback (automatic)
    • Guided OAuth Flow: Uses DebugInspectorOAuthClientProvider/oauth/callback/debug (manual)

Testing

  • ✅ Build passes without TypeScript errors
  • ✅ Maintains backward compatibility for existing guided flow
  • ✅ Quick OAuth Flow now uses automatic callback for seamless UX
  • ✅ Tested end-to-end: OAuth flow completes automatically and redirects back to inspector

Important Note about Magic Links

When using magic link authentication (like Supabase), ensure the magic link is opened in the same tab as the MCP Inspector to preserve the proxy authentication token context. If the magic link opens in a new tab, copy the URL and paste it into the original inspector tab.

This behavior affects all OAuth flows in the inspector, not just this fix, as the proxy auth token is required for the inspector to communicate with its proxy server.

Before

Quick OAuth Flow redirected to /oauth/callback/debug requiring manual code copying, making it identical to the Guided OAuth Flow.

After

Quick OAuth Flow redirects to /oauth/callback for automatic callback handling, providing the seamless authentication experience users expect from a "quick" flow.

Fixes #598

phernandez and others added 2 commits July 9, 2025 18:37
@phernandez
Fix Quick OAuth Flow to use automatic callback instead of debug callback
5716bd0 
- Update OAuthStateMachine to accept provider parameter
- Use InspectorOAuthClientProvider for Quick OAuth Flow (automatic /oauth/callback)
- Keep DebugInspectorOAuthClientProvider for Guided OAuth Flow (manual /oauth/callback/debug)
- Handle provider-specific methods gracefully for backward compatibility

Fixes issue where Quick OAuth Flow was using debug callback requiring manual code copying
instead of the automatic callback that redirects seamlessly back to the inspector.
@olaservo
Merge branch 'main' into main
fc0cb3c
@olaservo olaservo requested a review from pcarleton July 16, 2025 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcarleton pcarleton Awaiting requested review from pcarleton

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Quick OAuth Flow uses debug callback URL instead of automatic callback
2 participants
@phernandez @olaservo