Class: MCP::Client::OAuth::Provider

Inherits:

Object

• Object
• MCP::Client::OAuth::Provider

Defined in:

lib/mcp/client/oauth/provider.rb

Overview

Pluggable OAuth client configuration handed to ‘MCP::Client::HTTP` via the `oauth:` keyword. Inspired by the OAuthClientProvider in the TypeScript SDK and httpx.Auth-based provider in the Python SDK.

Required keyword arguments:

• ‘client_metadata` - Hash sent to the authorization server’s Dynamic Client Registration endpoint. Must include at minimum ‘redirect_uris`, `grant_types`, `response_types`, and `token_endpoint_auth_method`.

• ‘redirect_uri` - String: the redirect URI used for the authorization request. Must be one of `redirect_uris` in `client_metadata`.

• ‘redirect_handler` - Callable invoked with the fully-built authorization URL (a `URI`). Implementations typically open the user’s browser.

• ‘callback_handler` - Callable invoked after `redirect_handler`. Returns `[code, state]` where `code` is the authorization code and `state` is the `state` parameter received on the redirect URI.

Optional keyword arguments:

• ‘scope` - String of space-separated scopes to request when the server’s ‘WWW-Authenticate` does not specify one.

• ‘storage` - Object responding to `tokens`, `save_tokens(tokens)`, `client_information`, and `save_client_information(info)`. Defaults to an `InMemoryStorage`.

Defined Under Namespace

Classes: InsecureRedirectURIError, UnregisteredRedirectURIError

Instance Attribute Summary

• #callback_handler ⇒ Object readonly

  Returns the value of attribute callback_handler.

• #client_metadata ⇒ Object readonly

  Returns the value of attribute client_metadata.

• #redirect_handler ⇒ Object readonly

  Returns the value of attribute redirect_handler.

• #redirect_uri ⇒ Object readonly

  Returns the value of attribute redirect_uri.

• #scope ⇒ Object readonly

  Returns the value of attribute scope.

• #storage ⇒ Object readonly

  Returns the value of attribute storage.

Instance Method Summary

• #access_token ⇒ Object
• #clear_tokens! ⇒ Object
• #client_information ⇒ Object
• #initialize(client_metadata:, redirect_uri:, redirect_handler:, callback_handler:, scope: nil, storage: nil) ⇒ Provider constructor

  A new instance of Provider.

• #save_client_information(info) ⇒ Object
• #save_tokens(tokens) ⇒ Object
• #tokens ⇒ Object

Constructor Details

#initialize(client_metadata:, redirect_uri:, redirect_handler:, callback_handler:, scope: nil, storage: nil) ⇒ Provider

Returns a new instance of Provider.

# File 'lib/mcp/client/oauth/provider.rb', line 48

def initialize(
  client_metadata:,
  redirect_uri:,
  redirect_handler:,
  callback_handler:,
  scope: nil,
  storage: nil
)
  unless Discovery.secure_url?(redirect_uri)
    raise InsecureRedirectURIError,
      "redirect_uri #{redirect_uri.inspect} must use https or be a loopback http URL " \
        "(localhost, 127.0.0.0/8, or ::1) per the MCP authorization Communication Security requirement."
  end

  registered = Array(client_metadata[:redirect_uris] || client_metadata["redirect_uris"])
  unless registered.include?(redirect_uri)
    raise UnregisteredRedirectURIError,
      "redirect_uri #{redirect_uri.inspect} must be listed in client_metadata[:redirect_uris] " \
        "(got #{registered.inspect}); otherwise the authorization server will reject the authorization request."
  end

  @client_metadata = client_metadata
  @redirect_uri = redirect_uri
  @redirect_handler = redirect_handler
  @callback_handler = callback_handler
  @scope = scope
  @storage = storage || InMemoryStorage.new
end

Instance Attribute Details

#callback_handler ⇒ Object (readonly)

Returns the value of attribute callback_handler.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def callback_handler
  @callback_handler
end

#client_metadata ⇒ Object (readonly)

Returns the value of attribute client_metadata.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def client_metadata
  @client_metadata
end

#redirect_handler ⇒ Object (readonly)

Returns the value of attribute redirect_handler.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def redirect_handler
  @redirect_handler
end

#redirect_uri ⇒ Object (readonly)

Returns the value of attribute redirect_uri.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def redirect_uri
  @redirect_uri
end

#scope ⇒ Object (readonly)

Returns the value of attribute scope.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def scope
  @scope
end

#storage ⇒ Object (readonly)

Returns the value of attribute storage.

# File 'lib/mcp/client/oauth/provider.rb', line 41

def storage
  @storage
end

Instance Method Details

#access_token ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 77

def access_token
  tokens&.dig("access_token") || tokens&.dig(:access_token)
end

#clear_tokens! ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 97

def clear_tokens!
  @storage.save_tokens(nil)
end

#client_information ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 89

def client_information
  @storage.client_information
end

#save_client_information(info) ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 93

def save_client_information(info)
  @storage.save_client_information(info)
end

#save_tokens(tokens) ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 85

def save_tokens(tokens)
  @storage.save_tokens(tokens)
end

#tokens ⇒ Object

# File 'lib/mcp/client/oauth/provider.rb', line 81

def tokens
  @storage.tokens
end