Fix OAuth 401 handling for config-file servers#46
Fix OAuth 401 handling for config-file servers#46caseyg wants to merge 2 commits intosteipete:mainfrom
Conversation
Remove the ad-hoc source restriction in maybeEnableOAuth() so that any HTTP server returning 401 can be promoted to OAuth mode. Previously, only servers added via ad-hoc CLI (`source.path === '<adhoc>'`) were eligible, causing config-file servers like Notion to throw a fatal 401 instead of launching the browser OAuth flow. Fixes steipete#38 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
tested manually and verified that it works 👍 |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5e1dc53813
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Address review feedback: instead of promoting all HTTP servers to OAuth on 401, probe /.well-known/oauth-protected-resource first for non-ad-hoc servers. Only promote if the server advertises OAuth support via RFC 9728 metadata. This prevents servers using static headers/PATs from being incorrectly promoted to OAuth, which would cause 60s timeout stalls. Ad-hoc servers (CLI-added) still get promoted without probing, matching the original behavior. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
caseyg
left a comment
caseyg
left a comment
There was a problem hiding this comment.
Addressed the review feedback in 9d49ca1. Non-ad-hoc servers now probe /.well-known/oauth-protected-resource (RFC 9728) before promotion. Only servers that advertise authorization_servers in their metadata get promoted to OAuth. Servers using static headers/PATs that return 401 will no longer be incorrectly promoted, avoiding the 60s timeout stall.
Ad-hoc servers (CLI-added) still get promoted without probing, preserving the original behavior.
|
@codex review |
|
Codex Review: Didn't find any major issues. 🎉 ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
Tested this with a local install into my openclaw and can confirm that Notion MCP works now 👍 |
1 participant
Summary
maybeEnableOAuth()so any HTTP server returning 401 can be promoted to OAuth modesource.path === '<adhoc>') were eligible, causing config-file servers like Notion to throw a fatal 401 instead of launching the browser OAuth flowFixes #38
Test plan
pnpm buildpassespnpm test)node dist/cli.js auth notionwith a Notion config should open browser for OAuth instead of throwing 401🤖 Generated with Claude Code