GearBox

makiolaj/GearBox

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jean-Luc Makiola	f7c9f3dc94	fix: add Protected Resource Metadata endpoint (RFC 9728) All checks were successful CI / ci (push) Successful in 29s Details CI / e2e (push) Successful in 1m1s Details The MCP auth spec (2025-06-18+) requires /.well-known/oauth-protected-resource in addition to /.well-known/oauth-authorization-server. Claude fetches the protected resource metadata first after receiving a 401, then discovers the authorization server from it. Also fixes WWW-Authenticate header to use absolute URL pointing to the protected resource endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 11:17:21 +02:00

Author

SHA1

Message

Date

Jean-Luc Makiola

f7c9f3dc94

fix: add Protected Resource Metadata endpoint (RFC 9728)

CI / ci (push) Successful in 29s

Details

CI / e2e (push) Successful in 1m1s

Details

The MCP auth spec (2025-06-18+) requires /.well-known/oauth-protected-resource
in addition to /.well-known/oauth-authorization-server. Claude fetches
the protected resource metadata first after receiving a 401, then discovers
the authorization server from it. Also fixes WWW-Authenticate header to
use absolute URL pointing to the protected resource endpoint.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 11:17:21 +02:00

1 Commits