feat(mcp): add OAuth redirect URI configuration for MCP servers #7379
+151
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
The following comment was made by an LLM, it may be inaccurate: No duplicate PRs found |
christso
changed the title
Collaborator
|
/review |
Contributor
|
lgtm |
christso
force-pushed
the
fix/mcp-oauth-redirect
branch
from
54b9215 to
e6a3e45
Compare
Resolves merge conflict in packages/opencode/src/mcp/index.ts by: - Using dev branch's improved error handling for browser opening - Fixing variable reference from authorizationUrl to result.authorizationUrl - Retaining BrowserOpenFailed event emission for manual URL display in headless environments
Contributor
Author
|
@rekram1-node I've basically updated this with the latest dev - there's no other changes. |
Collaborator
|
This seems like It caused some regressions. Reverting |
Contributor
Author
|
Root cause: I added a call to Workaround: Adding I will create a new PR with a proper fix that ensures the OAuth callback server startup doesn't break non-OAuth MCP connections. |
christso
added a commit
to EntityProcess/opencode
that referenced
this pull request
Jan 17, 2026
Re-implements the redirectUri option for MCP OAuth configuration, allowing users to specify a custom callback URL for OAuth flows. Key difference from original PR anomalyco#7379: the OAuth callback server is now started lazily in startAuth() only when authentication is actually needed, rather than preemptively in create() for all remote servers. This fixes the regression where non-OAuth MCP servers would fail to connect. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
5 tasks
AbbasSrour
pushed a commit
to AbbasSrour/opencode
that referenced
this pull request
Jan 18, 2026
…rs (anomalyco#7379)" This reverts commit 40b275d.
nulmind
added a commit
to mcxlab/opencode
that referenced
this pull request
Jan 18, 2026
* chore: cleanup * upgrade opentui to v0.1.73, fixing CJK word wrapping and thai text rendering (non-tmux) * Update Nix flake.lock and x86_64-linux hash * Update aarch64-darwin hash * use native text truncation for sidebar diff paths * fix: honor per-server MCP timeouts (anomalyco#8706) * chore: generate * docs: fix typos in documentation (anomalyco#8703) * fix: handle broken symlinks gracefully in grep tool (anomalyco#8612) Co-authored-by: Alex Johnson <nvidiattxpsli@gmail.com> * Prettify retry duration display in TUI (anomalyco#8608) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: rekram1-node <rekram1-node@users.noreply.github.com> * fix: show toast error message on ConfigMarkdown parse error (anomalyco#8049) Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * fix: downgrade bun to fix avx issue * Update Nix flake.lock and x86_64-linux hash * Update aarch64-darwin hash * fix: ensure frontmatter can process same content as other agents (anomalyco#8719) * fix: search bar in header * fix: tooltips cleanup * fix: recent sessions hover gutter * fix: archive icon replaces diff count on hover * fix: tooltip gutter spacing on session items and archive buttons * fix: increase delay on session list tooltips * fix: show project options on hover of row * fix: avatar background * fix: move left panel toggle over - not sure how this impacts on the titlebar when the traffic lights are there * fix: project dropdown labels and order * fix: recent sessions title color * fix: load more button font size * fix: avatar button states * fix: hide view all sessions on active project * fix: workspace name color * fix: remove more options tooltip * fix: new session tooltip position and add shortcut * fix: remove the active state from load more button after press * fix: current session background color * bun/package.json updates this may not be required * chore(desktop): Question Tools Updates * chore(desktop): Stop Killing opencode-cli on dev * fix(core): loading models.dev in dev * fix(core): filter dead worktrees * fix(app): show session busy even for active session * chore: cleanup * fix(core): more defensive project list * feat(console): Update /black plan selection, light rays effect. mobile styles (anomalyco#8731) Co-authored-by: Github Action <action@github.com> * Update aarch64-darwin hash * fix: session icon and name alignment * fix: thinking animation opacity and design * docs: add /thinking command documentation (anomalyco#8722) * feat(console): Style improvements for /black, View Transition fixes (anomalyco#8739) Co-authored-by: Github Action <action@github.com> * fix(session): ensure agent exists before processing title in session summary (anomalyco#8662) * fix: update hix hashes for all systems (anomalyco#8732) Co-authored-by: Github Action <action@github.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(app): persist workspace order and collapsed state * feat(app): persist workspace branch * fix(app): sidebar toggle on desktop * release: v1.1.23 * feat: add litellmProxy provider option for explicit LiteLLM compatibility (anomalyco#8658) Co-authored-by: Mark Henderson <Mark.Henderson99@hotmail.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * feat: add Carbonfox theme (anomalyco#8723) * chore: generate * fix:subagent reasoningEffort not being applied (anomalyco#8646) Co-authored-by: Bot <bot@example.com> * Revert "fix:subagent reasoningEffort not being applied (anomalyco#8646)" This reverts commit f4086ac. * fix: project avatar border radius * feat(console): Fix /black page View Transition Safari issue (anomalyco#8755) * fix(agent): default agent selection in acp and headless mode (anomalyco#8678) Signed-off-by: assagman <ahmetsercansagman@gmail.com> * fix: stop changing main model/agent from subtasks invocation (anomalyco#7681) Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * chore: generate * zen: black admin * wip: zen * fix: nix desktop workflow (anomalyco#8747) Co-authored-by: Github Action <action@github.com> * fix(app): persist workspace order and collapsed state * feat(app): skeleton loader for sessions * feat(app): unified search for commands and files * strip itemIds in more cases * chore: cleanup * fix(mcp): show auth URL when browser cannot open in remote sessions (anomalyco#7884) * chore: generate * tweak: set opencode as user agent for most interefence requests * test: fix transform test * docs: clarify question tool guidance (anomalyco#8778) * fix(tui): add tab navigation in questions (anomalyco#8777) * fix(tui): dim question option prefixes (anomalyco#8776) * fix(tui): correct theme count tip (anomalyco#8779) * stop select dialog event propagation * fix: adjust websearch tool to emphasize that it ISNT 2024, give more info as to current date * feat: add version to session header and /status dialog (anomalyco#8802) * chore: update GitHub stars and commits statistics (anomalyco#8793) * feat(mcp): add OAuth redirect URI configuration for MCP servers (anomalyco#7379) * chore: generate * fix: rm user message when dealing w/ image attachments, use proper tool attachment instead * wip: zen * Update node_modules hash (aarch64-linux) * Update node_modules hash (x86_64-linux) * test: fix test now that image fix went in * Update node_modules hash (x86_64-darwin) * update gpt models prompt * fix(app): persist workspace order and collapsed state * fix: avatar radius and current project * fix: search bar size and padding, and shortcut style * fix: add default icon to sessions * fix: view all sessions state styles * fix: updated project/sessions list width this was originally 280px and included the 64px project avatar rail on the left, so the sessions list portion was actually 280 - 64 = 216px wide (as seen in line 1362: Math.max(layout.sidebar.width() - 64, 0)px). i kept the logic the same in case it broke anything, i just updated the new width to account for new projects avatar panel * bug: moved createMemo down * chore: generate * ignore: update download stats 2026-01-16 * fix: responsive menu desktop * feat(console): /black shader improvements, performance, details (anomalyco#8871) * fix: web mobile menu there is a small shift/misalignment in the side panel on web, not investigating too much as this whole area is in development and may change to make the projects avatar list always in view. * fix: make hamburger centred with project avatars * fix: desktop hamburger shift * fix: session icon and label alignment * fix: expand workspaces by default when enabled * Revert "fix: expand workspaces by default when enabled" This reverts commit 1fd496a. * fix: updating panel min size and button max-width * fix: load more label alignment * fix: truncate the workspace name on hover * Revert "stop select dialog event propagation" This reverts commit 46be47d. * Revert "fix: rm user message when dealing w/ image attachments, use proper tool attachment instead" This reverts commit de2de09. * Revert "test: fix test now that image fix went in" This reverts commit fffa718. * wip: zen * feat(desktop): Terminal Splits (anomalyco#8767) * chore(sdk): update @hey-api/openapi-ts to 0.90.4 (anomalyco#8921) * Revert "chore(sdk): update @hey-api/openapi-ts to 0.90.4" (anomalyco#8927) * Update node_modules hash (aarch64-darwin) * fix: fix the itemId stripping logic, this time it should fix that id issue w/ gpt models fr * Reapply "chore(sdk): update @hey-api/openapi-ts to 0.90.4" (anomalyco#8927) This reverts commit 91b8ba2. * Update node_modules hash (x86_64-linux) * fix(docs): Broken URL (anomalyco#8918) * fix: use dynamic import for session event in config.ts to avoid circular dep * Update node_modules hash (x86_64-darwin) * fix: ensure that tool attachments arent sent as user messages (anomalyco#8944) * upgrade opentui to v0.1.74, fix tmux kitty keyboard regression * Update node_modules hash (aarch64-linux) * Update node_modules hash (x86_64-darwin) * fix(app): scroll jumping when expanding workspaces * fix(app): can't expand workspaces * fix(app): open workspace if navigating to session in workspace * feat(app): edit project and session titles * Revert "feat(desktop): Terminal Splits (anomalyco#8767)" This reverts commit 88fd6a2. * release: v1.1.24 * fix(bun): reinstall plugins when cache module missing (anomalyco#8815) * chore: generate * fix(app): center dialog on page instead of session * fix(app): handle new session correctly * chore: cleanup server routes (anomalyco#8965) Co-authored-by: Leka74 <leke.dobruna@gmail.com> Co-authored-by: Leka74 <791494+Leka74@users.noreply.github.com> * chore: generate * fix(app): support anthropic models on azure cognitive services (anomalyco#8335) * Revert "fix(app): support anthropic models on azure cognitive services" (anomalyco#8966) * fix(app): truncate workspace title * fix(app): remember last opened project * Revert "fix: ensure that tool attachments arent sent as user messages (anomalyco#8944)" This reverts commit 8fd1b92. * tweak: wording * test: fix * release: v1.1.25 * fix: make home/end keys work in menu list modal windows (resolves anomalyco#7190) (anomalyco#8347) * chore: cleanup transform code a tad * chore: generate * fix: keep primary model after subagent runs (anomalyco#8951) * fix: open help dialog with tui/open-help route (anomalyco#8596) * wip: black * wip: black * chore: generate * fix: centralize OSC 52 clipboard support for SSH sessions (anomalyco#8974) * fix(nix): add desktop application entry (anomalyco#8972) * chore: cleanup nix (anomalyco#8964) * fix(desktop): Stream bash output + strip-asni (anomalyco#8961) * Update flake.lock * Update node_modules hash (x86_64-linux) * Update node_modules hash (x86_64-darwin) * Update node_modules hash (aarch64-darwin) * fix(opencode): add oauth polling safety margin in copilot device authentication (anomalyco#8986) * chore: generate * zen: fix opus unicode characters closes anomalyco#8967 * fix: recent sessions gutter * fix: (desktop) command palette width * feat: add Keybind component for displaying keyboard shortcuts * refactor: use Keybind component in titlebar search button * refactor: use Keybind component in search modal list * fix: display arrow keys as symbols in keybind formatting * fix: increase keybind border-radius in search modal * fix: add left padding to command items in search modal * fix: adjust command item left padding in search modal * feat: add hideIcon and class options to List search, customize search modal input * fix: reduce command item left padding in search modal * fix: refine search modal styling and list component * fix: limit search modal max-height to 480px * fix: remove the secondary text from commands * fix: remove smooth scroll behavior from list component * fix: truncate long search queries in empty state * fix: prevent text clipping on search button descenders * fix(nix): resolve hash race condition in parallel matrix jobs (anomalyco#8995) * Update node_modules hashes * fix: gpt id stuff fr fr this time :/ (anomalyco#9006) * docs: Add OpenWork to ecosystem (anomalyco#8741) * chore: generate * Revert "feat(mcp): add OAuth redirect URI configuration for MCP servers (anomalyco#7379)" This reverts commit 40b275d. * chore: generate * test: add azure test case * fix(app): archive session sometimes flaky * fix(desktop): Added a Windows-only guard that makes window.getComputedStyle fall back to document.documentElement (anomalyco#9054) * fix: mdns discover hostname (anomalyco#9039) * chore: generate * fix: escape CSS selector keys to handle special characters (anomalyco#9030) * ignore: update download stats 2026-01-17 * docs: add firmware provider to providers docs (anomalyco#8993) * docs(config): explain that `autoupdate` doesn't work when installed with a package manager (anomalyco#9092) * fix: don't try to open command palette if a dialog is already open (anomalyco#9116) * docs: document the plural forms * docs: add use_github_token to example (anomalyco#9120) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: rekram1-node <rekram1-node@users.noreply.github.com> * tui: fix model state persistence when model store is not ready * fix: align project avatar notification dot * fix: update desktop initializing splash logo * fix: shrink project notification dot and mask * fix: command pallete file list item spacing * fix: remove loading text after splash * fix: show project name in avatar hover * fix: reduce prompt dock bottom spacing * fix: adjust recent sessions popover padding * fix: keep project avatar hover styles while popover open * fix: adjust session list tooltip trigger and delay * fix: remove max width on sidebar new buttons * fix: adjust project path tooltip placement Move the desktop project path tooltip above the header and tune spacing/offset; add content style hooks to Tooltip for max-width and horizontal shift. * fix: increase max-width of session name tooltip * Revert "fix: increase max-width of session name tooltip" This reverts commit c3ab76c. * fix: remove max-width of session name tooltip * Hide variants hint when list empty (anomalyco#9179) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: rekram1-node <rekram1-node@users.noreply.github.com> * refactor(tui): unify command registry and derive slash commands (anomalyco#9115) * core: prevent env variables in config from being replaced with actual values When opencode.json was missing a $schema, the config loader would add it and write the file back - but with env variables like {env:API_KEY} replaced with their actual secret values. This made it impossible to safely commit opencode.json to version control. Now the original config text is preserved when adding $schema, keeping variable placeholders intact. * feat: bind vim-style line-by-line scrolling (anomalyco#8980) Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * chore: generate * fix(windows): fix jdtls download on Windows (anomalyco#9195) * feat: apply_patch tool for openai models (anomalyco#9127) * chore: generate * feat(tool): increase question header and label limits (anomalyco#9201) * chore: generate * fix(acp): use single global event subscription and route by sessionID (anomalyco#5628) Co-authored-by: noamzbr <noamzbr@users.noreply.github.com> Co-authored-by: noam-v <noam@bespo.ai> * fix: restore persisted model/agent when loading ACP session (anomalyco#7809) Co-authored-by: noam-v <noam@bespo.ai> * feat(cli): uninstall opencode installed via windows package managers (anomalyco#8571) * feat(desktop): implement session unshare button (anomalyco#8660) * ignore: update download stats 2026-01-18 * fix(app): remove redundant toast for thinking effort changes (anomalyco#9181) * refactor(desktop): improve layout and styling of session search button (anomalyco#9251) * fix: import issue in patch module * refactor(installation): update scoop installation method (anomalyco#9243) Signed-off-by: Chawye Hsu <su+git@chawyehsu.com> * fix(acp): preserve file attachment metadata during session replay (anomalyco#6342) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: generate * feat(nix): overhaul nix flake and packages (anomalyco#9032) * feat(hook): command execute before hook (anomalyco#9267) * fix: update gitlab-ai-provider to 1.3.2 (anomalyco#9279) * fix(tool): treat .fbs files as text instead of images (anomalyco#9276) Co-authored-by: Claude <noreply@anthropic.com> * docs: note untracked files in review * Update node_modules hashes --------- Signed-off-by: assagman <ahmetsercansagman@gmail.com> Signed-off-by: Chawye Hsu <su+git@chawyehsu.com> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: Sebastian Herrlinger <hasta84@gmail.com> Co-authored-by: Github Action <action@github.com> Co-authored-by: Dax <mail@thdxr.com> Co-authored-by: Aryan "LAG" Gupta <aryangupta4feb@gmail.com> Co-authored-by: andrew-kramer-inno <andrew.kramer.dev@gmail.com> Co-authored-by: Alex Johnson <nvidiattxpsli@gmail.com> Co-authored-by: opencode-agent[bot] <219766164+opencode-agent[bot]@users.noreply.github.com> Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: rekram1-node <rekram1-node@users.noreply.github.com> Co-authored-by: Maciek Szczesniak <maciek@id43.net> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: David Hill <iamdavidhill@gmail.com> Co-authored-by: dbpolito <danielbpolito@gmail.com> Co-authored-by: Aaron Iker <aaron@anoma.ly> Co-authored-by: Nhan Nguyen <nhan13574@gmail.com> Co-authored-by: Qunhong Zeng <871206929@qq.com> Co-authored-by: Ricardo Valero de la Rosa <55701657+ricardo-valero@users.noreply.github.com> Co-authored-by: opencode <opencode@sst.dev> Co-authored-by: seilk <88271769+seilk@users.noreply.github.com> Co-authored-by: Mark Henderson <Mark.Henderson99@hotmail.com> Co-authored-by: outside.observer <perkintahmaz50@gmail.com> Co-authored-by: Jeong Juahn <johnnyapu15@gmail.com> Co-authored-by: Bot <bot@example.com> Co-authored-by: Sercan Sagman <ahmetsercansagman@gmail.com> Co-authored-by: Frank <frank@anoma.ly> Co-authored-by: Dan Lapid <dan.lapid@gmail.com> Co-authored-by: Kit Langton <kit.langton@gmail.com> Co-authored-by: Akshar Patel <123344143+AksharP5@users.noreply.github.com> Co-authored-by: Hyeonjong <164347098+hyeonjongyang@users.noreply.github.com> Co-authored-by: Christopher Tso <christso@gmail.com> Co-authored-by: Cole Leavitt <75138914+coleleavitt@users.noreply.github.com> Co-authored-by: Bernat Pericàs <bernatpericasserra97@gmail.com> Co-authored-by: kenryu42 <61741059+kenryu42@users.noreply.github.com> Co-authored-by: Leka74 <leke.dobruna@gmail.com> Co-authored-by: Leka74 <791494+Leka74@users.noreply.github.com> Co-authored-by: Unies Ananda Raja <82792286+uanandaraja@users.noreply.github.com> Co-authored-by: Ariane Emory <97994360+ariane-emory@users.noreply.github.com> Co-authored-by: Seth Carlton <sethcarlton@users.noreply.github.com> Co-authored-by: b3nw <b3nw@users.noreply.github.com> Co-authored-by: Caleb Norton <n0603919@outlook.com> Co-authored-by: Amir Hasanbasic <43892661+hamir-suspect@users.noreply.github.com> Co-authored-by: Jérôme Benoit <jerome.benoit@piment-noir.org> Co-authored-by: ben <ben@prologe.io> Co-authored-by: Eric Guo <eric.guocz@gmail.com> Co-authored-by: Javier Aceña <40375118+j0nl1@users.noreply.github.com> Co-authored-by: Slone <50995948+Slone123c@users.noreply.github.com> Co-authored-by: Colby Gilbert <colbygilbert95@gmail.com> Co-authored-by: Rahul Mishra <blankparticle@gmail.com> Co-authored-by: Nathan Flurry <NathanFlurry@users.noreply.github.com> Co-authored-by: Patrick Schiel <p.schiel@gmail.com> Co-authored-by: Bowen Dwelle <bdwelle@gmail.com> Co-authored-by: Noam Bressler <noamzbr@gmail.com> Co-authored-by: noamzbr <noamzbr@users.noreply.github.com> Co-authored-by: noam-v <noam@bespo.ai> Co-authored-by: Mani Sundararajan <10191300+itsrainingmani@users.noreply.github.com> Co-authored-by: OpeOginni <107570612+OpeOginni@users.noreply.github.com> Co-authored-by: Chawye Hsu <chawyehsu@hotmail.com> Co-authored-by: Lior <lior.shkiller@gmail.com> Co-authored-by: Spoon <212802214+spoons-and-mirrors@users.noreply.github.com> Co-authored-by: Vladimir Glafirov <vglafirov@gitlab.com> Co-authored-by: zerone0x <hi@trine.dev> Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR implements custom OAuth redirect URI configuration for MCP servers, allowing users to override the default callback URL to match their OAuth server's requirements.
Changes
redirectUriconfig parameter to MCP OAuth settingsparseRedirectUri()helper function to extract port and pathhttp://127.0.0.1:19876/mcp/oauth/callbackwhen not specifiedUser Configuration
{ "mcp": { "my-server": { "type": "remote", "url": "https://api.example.com", "oauth": { "clientId": "my-client-id", "redirectUri": "https://custom.example.com/callback" // NEW } } } }Files Changed
packages/opencode/src/config/config.ts- AddedredirectUrito OAuth config schemapackages/opencode/src/mcp/oauth-provider.ts- ImplementparseRedirectUri()and use configured URIpackages/opencode/src/mcp/oauth-callback.ts- Dynamic server configuration with port/path parsingpackages/opencode/src/mcp/index.ts- PassredirectUrithrough OAuth flowpackages/opencode/src/cli/cmd/mcp.ts- PassredirectUrito OAuth provider in debug commandpackages/opencode/test/mcp/oauth-callback.test.ts- Comprehensive test suiteTesting
Related
Closes #7377 - [FEATURE]: Allow custom OAuth redirect URI configuration for MCP servers
Design Rationale
OpenCode already supports overriding
clientIdfor flexible OAuth client configuration. Since OAuth servers validate both client ID and redirect URI, supporting customredirectUriis essential for feature completeness. This removes the asymmetry where users could point to any OAuth server/client but were constrained to a hardcoded callback URL.GitHub OAuth:
Keycloak:
