@lifeaitools/clauth 1.5.8 → 1.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +12 -5
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -2870,13 +2870,18 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
2870
2870
|
}
|
|
2871
2871
|
|
|
2872
2872
|
// ── OAuth Discovery (RFC 9728 + RFC 8414) ──────────────
|
|
2873
|
-
if (reqPath
|
|
2874
|
-
reqPath === "/.well-known/oauth-protected-resource/mcp" ||
|
|
2875
|
-
reqPath === "/.well-known/oauth-protected-resource/sse") {
|
|
2873
|
+
if (reqPath.startsWith("/.well-known/oauth-protected-resource")) {
|
|
2876
2874
|
const base = oauthBase();
|
|
2875
|
+
// Derive resource URL from the well-known path suffix
|
|
2876
|
+
// /.well-known/oauth-protected-resource → /mcp
|
|
2877
|
+
// /.well-known/oauth-protected-resource/mcp → /mcp
|
|
2878
|
+
// /.well-known/oauth-protected-resource/gws → /gws
|
|
2879
|
+
// /.well-known/oauth-protected-resource/clauth → /clauth
|
|
2880
|
+
const suffix = reqPath.replace("/.well-known/oauth-protected-resource", "").replace(/^\//, "") || "mcp";
|
|
2881
|
+
const resourcePath = suffix === "sse" ? "mcp" : suffix;
|
|
2877
2882
|
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
2878
2883
|
return res.end(JSON.stringify({
|
|
2879
|
-
resource: `${base}
|
|
2884
|
+
resource: `${base}/${resourcePath}`,
|
|
2880
2885
|
authorization_servers: [base],
|
|
2881
2886
|
scopes_supported: ["mcp:tools"],
|
|
2882
2887
|
bearer_methods_supported: ["header"],
|
|
@@ -3020,9 +3025,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3020
3025
|
const authHeader = req.headers.authorization;
|
|
3021
3026
|
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
3022
3027
|
const base = oauthBase();
|
|
3028
|
+
// Path-specific resource metadata URL so claude.ai gets the right resource URI
|
|
3029
|
+
const pathName = reqPath === "/mcp" ? "mcp" : reqPath.slice(1);
|
|
3023
3030
|
res.writeHead(401, {
|
|
3024
3031
|
"Content-Type": "application/json",
|
|
3025
|
-
"WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
|
|
3032
|
+
"WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource/${pathName}"`,
|
|
3026
3033
|
...CORS,
|
|
3027
3034
|
});
|
|
3028
3035
|
return res.end(JSON.stringify({ error: "unauthorized" }));
|