Class: Toolchest::Oauth::RegistrationsController

Inherits:
ActionController::API
  • Object
show all
Defined in:
app/controllers/toolchest/oauth/registrations_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject

POST /register — Dynamic Client Registration (RFC 7591) Applications are global (not mount-scoped). Mount scoping happens at authorization time via the resource param.



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'app/controllers/toolchest/oauth/registrations_controller.rb', line 9

def create
  name = (params[:client_name] || "MCP Client").truncate(255)
  uris = Array(params[:redirect_uris]).map(&:to_s)

  if uris.any? { |u| u.match?(/[\r\n]/) }
    return render json: {
      error: "invalid_client_metadata",
      error_description: "Redirect URIs must not contain newlines"
    }, status: :bad_request
  end

  if uris.size > 10
    return render json: {
      error: "invalid_client_metadata",
      error_description: "Too many redirect URIs (max 10)"
    }, status: :bad_request
  end

  if uris.any? { |u| u.to_s.length > 2048 }
    return render json: {
      error: "invalid_client_metadata",
      error_description: "Redirect URI too long (max 2048 characters)"
    }, status: :bad_request
  end

  application = Toolchest::OauthApplication.new(
    name: name,
    redirect_uri: uris.join("\n"),
    confidential: false
  )

  if application.save
    render json: {
      client_name: application.name,
      client_id: application.uid,
      client_id_issued_at: application.created_at.to_i,
      redirect_uris: application.redirect_uris,
      grant_types: params[:grant_types] || ["authorization_code"],
      response_types: params[:response_types] || ["code"],
      token_endpoint_auth_method: params[:token_endpoint_auth_method] || "none"
    }, status: :created
  else
    render json: {
      error: "invalid_client_metadata",
      error_description: application.errors.full_messages.join(", ")
    }, status: :bad_request
  end
end