fix: add Protected Resource Metadata endpoint (RFC 9728)
The MCP auth spec (2025-06-18+) requires /.well-known/oauth-protected-resource in addition to /.well-known/oauth-authorization-server. Claude fetches the protected resource metadata first after receiving a 401, then discovers the authorization server from it. Also fixes WWW-Authenticate header to use absolute URL pointing to the protected resource endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
8
check-oauth.sh
Executable file
8
check-oauth.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
docker exec gearbox bun -e "
|
||||
const{Database}=require('bun:sqlite');
|
||||
const db=new Database('./data/gearbox.db');
|
||||
console.log('CLIENTS:', JSON.stringify(db.query('SELECT * FROM oauth_clients ORDER BY id DESC LIMIT 5').all(), null, 2));
|
||||
console.log('CODES:', JSON.stringify(db.query('SELECT id,client_id,used,expires_at FROM oauth_codes ORDER BY id DESC LIMIT 5').all(), null, 2));
|
||||
console.log('TOKENS:', JSON.stringify(db.query('SELECT id,client_id,expires_at FROM oauth_tokens ORDER BY id DESC LIMIT 5').all(), null, 2));
|
||||
"
|
||||
Reference in New Issue
Block a user