Adding MCPOAuthProvider implementing the MCPSDK OAuthClientProvider

[Nayana-Parameswarappa]

Summary

Adding MCPOAuthProvider implementing the MCPSDK OAuthClientProvider.
https://github.com/modelcontextprotocol/typescript-sdk

Related Issues

#20118

Pre-Merge Checklist

• [] Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @Nayana-Parameswarappa, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new OAuth client provider to the core package, enabling the application to interact with OAuth 2.0 authorization servers. This foundational component abstracts the complexities of the OAuth flow, allowing for secure authentication and authorization by managing client credentials, tokens, and redirect handling.

Highlights

• New OAuth Client Provider: Introduced MCPOAuthClientProvider which implements the MCPSDK OAuthClientProvider interface, providing core functionality for handling OAuth client-side operations such as saving client information, tokens, code verifiers, and managing authorization redirects.

Changelog

• packages/core/src/mcp/mcp-oauth-provider.test.ts
  • Added a new test file to verify the functionality of the MCPOAuthClientProvider across a full OAuth flow.
• packages/core/src/mcp/mcp-oauth-provider.ts
  • Created the MCPOAuthClientProvider class, which implements the OAuthClientProvider interface and provides methods for managing OAuth client information, tokens, code verifiers, and authorization redirects.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new MCPOAuthClientProvider class, which implements the OAuthClientProvider from the MCP SDK, along with its corresponding tests. The implementation is clean and serves as a data container for an OAuth flow. I have a couple of suggestions to improve maintainability by reducing type duplication in the new mcp-oauth-provider.ts file. Otherwise, the changes look good.

[jacob314]

Approved once nit comments are addressed.

[jacob314]

(From /review-frontend audited by Jacob Richman)

Code Review Summary

The pull request introduces a new MCPOAuthClientProvider class that cleanly implements the OAuthClientProvider interface from the MCP SDK. It serves well as a data container for the OAuth flow. The tests are solid and cover the full OAuth flow as expected.

I do have a couple of suggestions focused on maintainability and readability.

Improvements

1. Type Definition Duplication:
   The type definition for the callback server is defined inline three separate times in packages/core/src/mcp/mcp-oauth-provider.ts (in the property declaration, the setter, and the getter):

   {
     port: Promise<number>;
     waitForResponse: () => Promise<OAuthAuthorizationResponse>;
     close: () => Promise<void>;
   }

   To improve maintainability, consider extracting this into a named interface or type. For example:

   export interface CallbackServer {
     port: Promise<number>;
     waitForResponse: () => Promise<OAuthAuthorizationResponse>;
     close: () => Promise<void>;
   }

   You can then reuse CallbackServer for the _cbServer property, saveCallbackServer, and getSavedCallbackServer.

2. Constructor and _onRedirect Initialization:
   Currently, _onRedirect is defined outside the constructor but assigned inside it, checking for undefined:

     constructor(
       // ...
       onRedirect?: (url: URL) => void,
     ) {
       this._onRedirect =
         onRedirect ||
         ((url) => {
           debugLogger.log(`Redirect to: ${url.toString()}`);
         });
     }
   
     private _onRedirect: (url: URL) => void;

   Since you're using TypeScript parameter properties (e.g., private readonly _redirectUrl), you can simplify this by providing a default parameter directly in the constructor signature:

     constructor(
       private readonly _redirectUrl: string | URL,
       private readonly _clientMetadata: OAuthClientMetadata,
       private readonly _state?: string | undefined,
       private readonly _onRedirect: (url: URL) => void = (url) => {
           debugLogger.log(`Redirect to: ${url.toString()}`);
       }
     ) {}

Conclusion

Overall, the implementation and tests look good. Implementing the above suggestions will help reduce code duplication and simplify the class setup.

[jacob314]