@lifeaitools/clauth 1.5.15 → 1.5.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +8 -40
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -2878,40 +2878,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
2878
2878
|
return res.end();
|
|
2879
2879
|
}
|
|
2880
2880
|
|
|
2881
|
-
// ── OAuth Discovery (
|
|
2882
|
-
if (reqPath.startsWith("/.well-known/oauth-protected-resource")
|
|
2883
|
-
|
|
2884
|
-
|
|
2885
|
-
|
|
2886
|
-
const suffix = reqPath.replace("/.well-known/oauth-protected-resource", "").replace(/^\//, "") || "mcp";
|
|
2887
|
-
if (suffix !== "mcp" && suffix !== "") {
|
|
2888
|
-
// Path-specific OAuth metadata requested for a non-mcp path — 404 it
|
|
2889
|
-
res.writeHead(404, { "Content-Type": "application/json", ...CORS });
|
|
2890
|
-
return res.end(JSON.stringify({ error: "not_found" }));
|
|
2891
|
-
}
|
|
2892
|
-
const base = oauthBase();
|
|
2893
|
-
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
2894
|
-
return res.end(JSON.stringify({
|
|
2895
|
-
resource: `${base}/mcp`,
|
|
2896
|
-
authorization_servers: [base],
|
|
2897
|
-
scopes_supported: ["mcp:tools"],
|
|
2898
|
-
bearer_methods_supported: ["header"],
|
|
2899
|
-
}));
|
|
2900
|
-
}
|
|
2901
|
-
|
|
2902
|
-
if (reqPath === "/.well-known/oauth-authorization-server") {
|
|
2903
|
-
const base = oauthBase();
|
|
2904
|
-
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
2905
|
-
return res.end(JSON.stringify({
|
|
2906
|
-
issuer: base,
|
|
2907
|
-
authorization_endpoint: `${base}/authorize`,
|
|
2908
|
-
token_endpoint: `${base}/token`,
|
|
2909
|
-
registration_endpoint: `${base}/register`,
|
|
2910
|
-
response_types_supported: ["code"],
|
|
2911
|
-
grant_types_supported: ["authorization_code"],
|
|
2912
|
-
code_challenge_methods_supported: ["S256"],
|
|
2913
|
-
scopes_supported: ["mcp:tools"],
|
|
2914
|
-
}));
|
|
2881
|
+
// ── OAuth Discovery — disabled (causes claude.ai OAuth loop) ──────────────
|
|
2882
|
+
if (reqPath.startsWith("/.well-known/oauth-protected-resource") ||
|
|
2883
|
+
reqPath === "/.well-known/oauth-authorization-server") {
|
|
2884
|
+
res.writeHead(404, { "Content-Type": "application/json", ...CORS });
|
|
2885
|
+
return res.end(JSON.stringify({ error: "not_found" }));
|
|
2915
2886
|
}
|
|
2916
2887
|
|
|
2917
2888
|
// ── Dynamic Client Registration (RFC 7591) ──────────────
|
|
@@ -3071,16 +3042,13 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3071
3042
|
}
|
|
3072
3043
|
|
|
3073
3044
|
if (rpcMethod === "initialize") {
|
|
3074
|
-
//
|
|
3075
|
-
const clientVersion = req.headers["mcp-protocol-version"] || body.params?.protocolVersion || "2025-03-26";
|
|
3076
|
-
const SUPPORTED = ["2025-11-25", "2025-03-26"];
|
|
3077
|
-
const protocolVersion = SUPPORTED.includes(clientVersion) ? clientVersion : "2025-03-26";
|
|
3045
|
+
// Always return 2025-03-26 — returning 2025-11-25 causes claude.ai to require OAuth
|
|
3078
3046
|
const result = {
|
|
3079
|
-
protocolVersion,
|
|
3047
|
+
protocolVersion: "2025-03-26",
|
|
3080
3048
|
serverInfo: { name: serverNameForPath(reqPath), version: VERSION },
|
|
3081
3049
|
capabilities: { tools: {} }
|
|
3082
3050
|
};
|
|
3083
|
-
res.writeHead(200, { "Content-Type": "application/json",
|
|
3051
|
+
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
3084
3052
|
return res.end(JSON.stringify({ jsonrpc: "2.0", id, result }));
|
|
3085
3053
|
}
|
|
3086
3054
|
|