OIDSProxy and AuthProxy do not support load balancer setup

[dexalex84]

Description

Hello

I've been testing multinode setup in kubernates for the Fastmcp with OIDSProxy and found that during authentication flow I got an error: that IDP transaction id is not found.

2025-10-03T15:32:51.319664924+07:00 [10/03/25 15:32:51] ERROR IdP callback with invalid oauth_proxy.py:963
2025-10-03T15:32:51.319691443+07:00 transaction ID:
2025-10-03T15:32:51.319704126+07:00 Wwo-TN1ChiulCQlAR1NHdj5xBBy36wow
2025-10-03T15:32:51.319715307+07:00 ulhoyzJwg_4
2025-10-03T15:32:51.319715939+07:00 INFO: 127.0.0.6:40261 - "GET /auth/callback?code=xxxxx8&state=xxxx HTTP/1.1" 302 Found 

Version I'm using :

Base version
v2.12.4
Python 3.13

Setup:
Kubernates
4-8 pods with istio proxy

I have used an enhancement with KV_storage_protocol
from strawgate
#1913

That improvement helps with unknown client_id when I use 1 common Redis service for the deployment.
https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L980

This is code where it's crashed:

            transaction = self._oauth_transactions.get(txn_id)
            if not transaction:
                logger.error("IdP callback with invalid transaction ID: %s", txn_id)
                return RedirectResponse(
                    url="data:text/html,<h1>OAuth Error</h1><p>Invalid or expired transaction</p>",
                    status_code=302,
                )

so in the different pod "_oauth_transactions" is empty

This error only occurs more often when I have set more than 1 pod.
If you have 1 pod - no errors.
2 error - sometimes.
8 pods - almost every time.

Error occurs only when I click Connect in Cursor AI after clean MCP token cache or delete .fastmcp library for python fast mcpclient

Example Code

using_redis_url = f"redis://{settings.redis_host}:6379"
redis_store = RedisStore(url=using_redis_url)

auth_oidc = OIDCProxy(
    # Provider's configuration URL
    config_url=settings.oidc_config_url,
    allowed_client_redirect_uris=allowed_redirect_uri,

    # Your registered app credentials
    client_id=settings.client_id,
    client_secret=settings.secret_id,
    required_scopes=["openid", "email", "profile", "offline_access","groups" ],
    # Your FastMCP server's public URL
    base_url=settings.base_url,

    # Optional: customize the callback path (default is "/auth/callback")
    # redirect_path="/custom/callback",
    client_storage = redis_store
)

mcp = FastMCP("Superset API MCP",auth=auth_oidc)

mcp.run(host=settings.mcp_host or "0.0.0.0", port=8000, transport="http", stateless_http=True)


async with Client(f"{base_url}/mcp", auth="oauth",init_timeout=10, timeout=10) as client:
        print("Start client")
        t = await client.list_tools()
        print("Tools:")
        print(t)
        # await client.ping()
        # print("Client started")
        print(await client.call_tool("get_user_info"))

Version Information

FastMCP version:                                                                               2.12.5.dev28+fc2a5c3b
MCP version:                                                                                                  1.15.0
Python version:                                                                                               3.13.0
Platform:                                                                        macOS-15.6.1-arm64-arm-64bit-Mach-O
FastMCP root path: /Users/xxxx/Documents/Work/PythonProjects/superset-mcp-svc/.venv/lib/python3.13/site-packages


I have built it from this PR:
https://github.com/jlowin/fastmcp/pull/1913

[dexalex84]

Not sure is this is a "high-priority", maybe in OAuthProxy is not expected to work in LB mode by design, in this case this is just a feature then