@oh-my-pi/pi-coding-agent 13.12.8 → 13.12.9

package/CHANGELOG.md

@@ -2,6 +2,22 @@
 
 ## [Unreleased]
 
+## [13.12.9] - 2026-03-17
+### Added
+
+- Added `/session delete` command to delete current session with confirmation and return to session selector
+- Added session deletion in session selector via Delete key with confirmation dialog
+
+### Changed
+
+- Changed session deletion callback to return a boolean indicating success, allowing callers to distinguish between failed deletions and upstream cancellations
+
+### Fixed
+
+- Fixed OAuth redirect URI validation to preserve exact configured values without adding trailing slashes
+- Fixed session deletion error handling to display error messages in the session selector UI instead of silently failing
+- Added `oauth.redirectUri`, `oauth.clientSecret`, and `oauth.callbackPath` support for MCP server OAuth config so providers can use exact registered redirect URIs while preserving local callback listener settings ([#445](https://github.com/can1357/oh-my-pi/issues/445))
+
 ## [13.12.8] - 2026-03-16
 
 ### Breaking Changes

package/package.json

@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "@oh-my-pi/pi-coding-agent",
-	"version": "13.12.8",
+	"version": "13.12.9",
 	"description": "Coding agent CLI with read, bash, edit, write tools and session management",
 	"homepage": "https://github.com/can1357/oh-my-pi",
 	"author": "Can Boluk",
@@ -41,12 +41,12 @@
 	},
 	"dependencies": {
 		"@mozilla/readability": "^0.6",
-		"@oh-my-pi/omp-stats": "13.12.8",
-		"@oh-my-pi/pi-agent-core": "13.12.8",
-		"@oh-my-pi/pi-ai": "13.12.8",
-		"@oh-my-pi/pi-natives": "13.12.8",
-		"@oh-my-pi/pi-tui": "13.12.8",
-		"@oh-my-pi/pi-utils": "13.12.8",
+		"@oh-my-pi/omp-stats": "13.12.9",
+		"@oh-my-pi/pi-agent-core": "13.12.9",
+		"@oh-my-pi/pi-ai": "13.12.9",
+		"@oh-my-pi/pi-natives": "13.12.9",
+		"@oh-my-pi/pi-tui": "13.12.9",
+		"@oh-my-pi/pi-utils": "13.12.9",
 		"@sinclair/typebox": "^0.34",
 		"@xterm/headless": "^6.0",
 		"ajv": "^8.18",

package/src/capability/mcp.ts

@@ -31,11 +31,17 @@ export interface MCPServer {
 	auth?: {
 		type: "oauth" | "apikey";
 		credentialId?: string;
+		tokenUrl?: string;
+		clientId?: string;
+		clientSecret?: string;
 	};
-	/** OAuth configuration (clientId, callbackPort) for servers requiring explicit client credentials */
+	/** OAuth configuration (clientId, clientSecret, redirectUri, callbackPort, callbackPath) for servers requiring explicit client credentials */
 	oauth?: {
 		clientId?: string;
+		clientSecret?: string;
+		redirectUri?: string;
 		callbackPort?: number;
+		callbackPath?: string;
 	};
 	/** Transport type */
 	transport?: "stdio" | "sse" | "http";

package/src/cli/session-picker.ts

@@ -1,42 +1,52 @@
-/**
- * TUI session selector for --resume flag
- */
 import { ProcessTerminal, TUI } from "@oh-my-pi/pi-tui";
 import { SessionSelectorComponent } from "../modes/components/session-selector";
 import type { SessionInfo } from "../session/session-manager";
+import { FileSessionStorage } from "../session/session-storage";
 
 /** Show TUI session selector and return selected session path or null if cancelled */
 export async function selectSession(sessions: SessionInfo[]): Promise<string | null> {
 	const { promise, resolve } = Promise.withResolvers<string | null>();
 	const ui = new TUI(new ProcessTerminal());
 	let resolved = false;
-	const selector = new SessionSelectorComponent(
-		sessions,
-		(path: string) => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				resolve(path);
-			}
-		},
-		() => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				resolve(null);
-			}
-		},
-		() => {
-			if (!resolved) {
-				resolved = true;
-				ui.stop();
-				process.exit(0);
-			}
-		},
-	);
+	const storage = new FileSessionStorage();
 
+	const showSelector = () => {
+		const selector = new SessionSelectorComponent(
+			sessions,
+			(path: string) => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					resolve(path);
+				}
+			},
+			() => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					resolve(null);
+				}
+			},
+			() => {
+				if (!resolved) {
+					resolved = true;
+					ui.stop();
+					process.exit(0);
+				}
+			},
+			async (session: SessionInfo) => {
+				// Delete handler - SessionList will show confirmation internally
+				await storage.deleteSessionWithArtifacts(session.path);
+				return true;
+			},
+		);
+		return selector;
+	};
+
+	const selector = showSelector();
+	selector.setOnRequestRender(() => ui.requestRender());
 	ui.addChild(selector);
-	ui.setFocus(selector.getSessionList());
+	ui.setFocus(selector);
 	ui.start();
 	return promise;
 }

package/src/discovery/builtin.ts

@@ -160,8 +160,24 @@ async function loadMCPServers(ctx: LoadContext): Promise<LoadResult<MCPServer>>
 				env: serverConfig.env as Record<string, string> | undefined,
 				url: serverConfig.url as string | undefined,
 				headers: serverConfig.headers as Record<string, string> | undefined,
-				auth: serverConfig.auth as { type: "oauth" | "apikey"; credentialId?: string } | undefined,
-				oauth: serverConfig.oauth as { clientId?: string; callbackPort?: number } | undefined,
+				auth: serverConfig.auth as
+					| {
+							type: "oauth" | "apikey";
+							credentialId?: string;
+							tokenUrl?: string;
+							clientId?: string;
+							clientSecret?: string;
+					  }
+					| undefined,
+				oauth: serverConfig.oauth as
+					| {
+							clientId?: string;
+							clientSecret?: string;
+							redirectUri?: string;
+							callbackPort?: number;
+							callbackPath?: string;
+					  }
+					| undefined,
 				transport: serverConfig.type as "stdio" | "sse" | "http" | undefined,
 				_source: createSourceMeta(PROVIDER_ID, path, level),
 			});

package/src/discovery/mcp-json.ts

@@ -34,9 +34,18 @@ interface MCPConfigFile {
 			auth?: {
 				type: "oauth" | "apikey";
 				credentialId?: string;
+				tokenUrl?: string;
+				clientId?: string;
+				clientSecret?: string;
 			};
 			type?: "stdio" | "sse" | "http";
-			oauth?: { clientId?: string; callbackPort?: number };
+			oauth?: {
+				clientId?: string;
+				clientSecret?: string;
+				redirectUri?: string;
+				callbackPort?: number;
+				callbackPath?: string;
+			};
 		}
 	>;
 }
@@ -93,7 +102,8 @@ function transformMCPConfig(config: MCPConfigFile, source: SourceMeta): MCPServe
 			if (server.env) server.env = expandEnvVarsDeep(server.env);
 			if (server.url) server.url = expandEnvVarsDeep(server.url);
 			if (server.headers) server.headers = expandEnvVarsDeep(server.headers);
-
+			if (server.auth) server.auth = expandEnvVarsDeep(server.auth);
+			if (server.oauth) server.oauth = expandEnvVarsDeep(server.oauth);
 			servers.push(server);
 		}
 	}

package/src/mcp/oauth-flow.ts

@@ -6,11 +6,97 @@
  */
 
 import type { OAuthController, OAuthCredentials } from "@oh-my-pi/pi-ai";
+import type { OAuthCallbackFlowOptions } from "@oh-my-pi/pi-ai/utils/oauth/callback-server";
 import { OAuthCallbackFlow } from "@oh-my-pi/pi-ai/utils/oauth/callback-server";
 
 const DEFAULT_PORT = 3000;
 const CALLBACK_PATH = "/callback";
 
+function isLoopbackHostname(hostname: string): boolean {
+	return hostname === "localhost" || hostname === "127.0.0.1";
+}
+
+function resolveRedirectUri(redirectUri: string | undefined): string | undefined {
+	const configured = redirectUri;
+	const trimmed = configured?.trim();
+	if (!trimmed) return undefined;
+	if (trimmed !== configured) {
+		throw new Error("OAuth redirect URI must not include surrounding whitespace");
+	}
+
+	const parsed = new URL(configured);
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+		throw new Error("OAuth redirect URI must use http or https");
+	}
+	return configured;
+}
+
+function parseRedirectUri(redirectUri: string | undefined): URL | undefined {
+	return redirectUri ? new URL(redirectUri) : undefined;
+}
+
+function getUriPort(uri: URL): number {
+	if (uri.port !== "") return Number(uri.port);
+	return uri.protocol === "https:" ? 443 : 80;
+}
+
+function validateRedirectConfig(config: MCPOAuthConfig, redirectUri: string | undefined): void {
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || parsed.protocol !== "https:" || !isLoopbackHostname(parsed.hostname)) {
+		return;
+	}
+
+	if (config.callbackPort === undefined) {
+		throw new Error(
+			"HTTPS loopback redirect URIs require oauth.callbackPort to point at the local HTTP callback listener behind your TLS terminator",
+		);
+	}
+
+	if (config.callbackPort === getUriPort(parsed)) {
+		throw new Error(
+			"HTTPS loopback redirect URIs cannot reuse the same local port; terminate TLS separately and forward to oauth.callbackPort",
+		);
+	}
+}
+
+function resolveCallbackPort(callbackPort: number | undefined, redirectUri: string | undefined): number {
+	if (callbackPort !== undefined) return callbackPort;
+
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || parsed.protocol !== "http:" || !isLoopbackHostname(parsed.hostname)) {
+		return DEFAULT_PORT;
+	}
+
+	const port = getUriPort(parsed);
+	return Number.isFinite(port) && port > 0 ? port : DEFAULT_PORT;
+}
+
+function resolveCallbackPath(callbackPath: string | undefined, redirectUri: string | undefined): string {
+	const trimmed = callbackPath?.trim();
+	if (trimmed) return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+
+	const parsed = parseRedirectUri(redirectUri);
+	if (parsed?.pathname) return parsed.pathname;
+	return CALLBACK_PATH;
+}
+
+function resolveCallbackHostname(redirectUri: string | undefined): string | undefined {
+	const parsed = parseRedirectUri(redirectUri);
+	if (!parsed || !isLoopbackHostname(parsed.hostname)) return undefined;
+	return parsed.hostname;
+}
+
+function resolveCallbackOptions(config: MCPOAuthConfig): OAuthCallbackFlowOptions {
+	const redirectUri = resolveRedirectUri(config.redirectUri);
+	validateRedirectConfig(config, redirectUri);
+	return {
+		preferredPort: resolveCallbackPort(config.callbackPort, redirectUri),
+		callbackPath: resolveCallbackPath(config.callbackPath, redirectUri),
+		callbackHostname: resolveCallbackHostname(redirectUri),
+		redirectUri,
+	};
+}
+
 export interface MCPOAuthConfig {
 	/** Authorization endpoint URL */
 	authorizationUrl: string;
@@ -22,8 +108,12 @@ export interface MCPOAuthConfig {
 	clientSecret?: string;
 	/** OAuth scopes (space-separated) */
 	scopes?: string;
+	/** Exact redirect URI to advertise to the provider */
+	redirectUri?: string;
 	/** Custom callback port (default: 3000) */
 	callbackPort?: number;
+	/** Custom callback path (default: /callback or redirectUri pathname) */
+	callbackPath?: string;
 }
 
 /**
@@ -39,7 +129,7 @@ export class MCPOAuthFlow extends OAuthCallbackFlow {
 		private config: MCPOAuthConfig,
 		ctrl: OAuthController,
 	) {
-		super(ctrl, config.callbackPort ?? DEFAULT_PORT, CALLBACK_PATH);
+		super(ctrl, resolveCallbackOptions(config));
 		this.#resolvedClientId = this.#resolveClientId(config);
 	}
 

package/src/mcp/types.ts

@@ -68,7 +68,10 @@ interface MCPServerConfigBase {
 	/** OAuth configuration for servers requiring explicit client credentials */
 	oauth?: {
 		clientId?: string;
+		clientSecret?: string;
+		redirectUri?: string;
 		callbackPort?: number;
+		callbackPath?: string;
 	};
 }
 

package/src/modes/components/session-selector.ts

@@ -4,6 +4,7 @@ import {
 	Input,
 	matchesKey,
 	padding,
+	replaceTabs,
 	Spacer,
 	Text,
 	truncateToWidth,
@@ -13,6 +14,7 @@ import { theme } from "../../modes/theme/theme";
 import type { SessionInfo } from "../../session/session-manager";
 import { fuzzyFilter } from "../../utils/fuzzy";
 import { DynamicBorder } from "./dynamic-border";
+import { HookSelectorComponent } from "./hook-selector";
 
 /**
  * Custom session list component with multi-line items and search
@@ -26,6 +28,8 @@ class SessionList implements Component {
 	onExit: () => void = () => {};
 	#maxVisible: number = 5; // Max sessions visible (each session is 3 lines: msg + metadata + blank)
 
+	onDeleteRequest?: (session: SessionInfo) => void;
+
 	constructor(
 		private readonly allSessions: SessionInfo[],
 		private readonly showCwd = false,
@@ -59,6 +63,18 @@ class SessionList implements Component {
 		this.#selectedIndex = Math.min(this.#selectedIndex, Math.max(0, this.#filteredSessions.length - 1));
 	}
 
+	removeSession(sessionPath: string): void {
+		const index = this.allSessions.findIndex(s => s.path === sessionPath);
+		if (index === -1) return;
+		this.allSessions.splice(index, 1);
+		// Re-filter to update filteredSessions
+		this.#filterSessions(this.#searchInput.getValue());
+		// Adjust selectedIndex if we deleted the last item or beyond
+		if (this.#selectedIndex >= this.#filteredSessions.length) {
+			this.#selectedIndex = Math.max(0, this.#filteredSessions.length - 1);
+		}
+	}
+
 	invalidate(): void {
 		// No cached state to invalidate currently
 	}
@@ -157,78 +173,105 @@ class SessionList implements Component {
 			lines.push(scrollInfo);
 		}
 
+		// Add keybinding hint
+		lines.push("");
+		lines.push(theme.fg("muted", "  [Del to delete, Enter to select, Esc to cancel]"));
+
 		return lines;
 	}
 
 	handleInput(keyData: string): void {
+		// Delete key - request delete confirmation from parent
+		if (matchesKey(keyData, "delete")) {
+			const selected = this.#filteredSessions[this.#selectedIndex];
+			if (selected && this.onDeleteRequest) {
+				this.onDeleteRequest(selected);
+			}
+			return;
+		}
+
 		// Up arrow
 		if (matchesKey(keyData, "up")) {
 			this.#selectedIndex = Math.max(0, this.#selectedIndex - 1);
+			return;
 		}
 		// Down arrow
-		else if (matchesKey(keyData, "down")) {
+		if (matchesKey(keyData, "down")) {
 			this.#selectedIndex = Math.min(this.#filteredSessions.length - 1, this.#selectedIndex + 1);
+			return;
 		}
 		// Page up - jump up by maxVisible items
-		else if (matchesKey(keyData, "pageUp")) {
+		if (matchesKey(keyData, "pageUp")) {
 			this.#selectedIndex = Math.max(0, this.#selectedIndex - this.#maxVisible);
+			return;
 		}
 		// Page down - jump down by maxVisible items
-		else if (matchesKey(keyData, "pageDown")) {
+		if (matchesKey(keyData, "pageDown")) {
 			this.#selectedIndex = Math.min(this.#filteredSessions.length - 1, this.#selectedIndex + this.#maxVisible);
+			return;
 		}
 		// Enter
-		else if (matchesKey(keyData, "enter") || matchesKey(keyData, "return") || keyData === "\n") {
+		if (matchesKey(keyData, "enter") || matchesKey(keyData, "return") || keyData === "\n") {
 			const selected = this.#filteredSessions[this.#selectedIndex];
 			if (selected && this.onSelect) {
 				this.onSelect(selected.path);
 			}
+			return;
 		}
 		// Escape - cancel
-		else if (matchesKey(keyData, "escape") || matchesKey(keyData, "esc")) {
+		if (matchesKey(keyData, "escape") || matchesKey(keyData, "esc")) {
 			if (this.onCancel) {
 				this.onCancel();
 			}
+			return;
 		}
 		// Ctrl+C - exit
-		else if (matchesKey(keyData, "ctrl+c")) {
+		if (matchesKey(keyData, "ctrl+c")) {
 			this.onExit();
+			return;
 		}
 		// Pass everything else to search input
-		else {
-			this.#searchInput.handleInput(keyData);
-			this.#filterSessions(this.#searchInput.getValue());
-		}
+		this.#searchInput.handleInput(keyData);
+		this.#filterSessions(this.#searchInput.getValue());
 	}
 }
 
 /**
- * Component that renders a session selector
+ * Component that renders a session selector with optional confirmation dialog
  */
 export class SessionSelectorComponent extends Container {
 	#sessionList: SessionList;
+	#confirmationDialog: HookSelectorComponent | null = null;
+	#messageContainer: Container;
+	#onDelete?: (session: SessionInfo) => Promise<boolean>;
+	#onRequestRender?: () => void;
 
 	constructor(
 		sessions: SessionInfo[],
 		onSelect: (sessionPath: string) => void,
 		onCancel: () => void,
 		onExit: () => void,
+		onDelete?: (session: SessionInfo) => Promise<boolean>,
 	) {
 		super();
 
+		this.#messageContainer = new Container();
+		this.#onDelete = onDelete;
 		// Add header
 		this.addChild(new Spacer(1));
 		this.addChild(new Text(theme.bold("Resume Session"), 1, 0));
 		this.addChild(new Spacer(1));
 		this.addChild(new DynamicBorder());
 		this.addChild(new Spacer(1));
-
+		this.addChild(this.#messageContainer);
 		// Create session list
 		this.#sessionList = new SessionList(sessions);
 		this.#sessionList.onSelect = onSelect;
 		this.#sessionList.onCancel = onCancel;
 		this.#sessionList.onExit = onExit;
-
+		this.#sessionList.onDeleteRequest = (session: SessionInfo) => {
+			this.#showDeleteConfirmation(session);
+		};
 		this.addChild(this.#sessionList);
 
 		// Add bottom border
@@ -236,6 +279,63 @@ export class SessionSelectorComponent extends Container {
 		this.addChild(new DynamicBorder());
 	}
 
+	setOnRequestRender(callback: () => void): void {
+		this.#onRequestRender = callback;
+	}
+
+	#clearError(): void {
+		this.#messageContainer.clear();
+	}
+
+	#showError(message: string): void {
+		this.#messageContainer.clear();
+		this.#messageContainer.addChild(new Text(theme.fg("error", `Error: ${replaceTabs(message)}`), 1, 0));
+		this.#messageContainer.addChild(new Spacer(1));
+	}
+
+	#showDeleteConfirmation(session: SessionInfo): void {
+		const displayName = session.title || session.firstMessage.slice(0, 40) || session.id;
+		this.#confirmationDialog = new HookSelectorComponent(
+			`Delete session?\n${displayName}`,
+			["Yes", "No"],
+			async (option: string) => {
+				if (option === "Yes" && this.#onDelete) {
+					this.#clearError();
+					try {
+						const deleted = await this.#onDelete(session);
+						if (deleted) {
+							this.#sessionList.removeSession(session.path);
+						}
+					} catch (err) {
+						this.#showError(err instanceof Error ? err.message : String(err));
+					}
+				}
+				// Close confirmation dialog
+				this.removeChild(this.#confirmationDialog!);
+				this.#confirmationDialog = null;
+				// Request rerender
+				this.#onRequestRender?.();
+			},
+			() => {
+				// Cancel - close confirmation dialog
+				this.removeChild(this.#confirmationDialog!);
+				this.#confirmationDialog = null;
+				// Request rerender
+				this.#onRequestRender?.();
+			},
+		);
+		// Show confirmation dialog
+		this.addChild(this.#confirmationDialog);
+	}
+
+	handleInput(keyData: string): void {
+		if (this.#confirmationDialog) {
+			this.#confirmationDialog.handleInput(keyData);
+		} else {
+			this.#sessionList.handleInput(keyData);
+		}
+	}
+
 	getSessionList(): SessionList {
 		return this.#sessionList;
 	}

package/src/modes/controllers/mcp-command-controller.ts

@@ -32,7 +32,7 @@ import {
 	searchSmitheryRegistry,
 	toConfigName,
 } from "../../mcp/smithery-registry";
-import type { MCPServerConfig, MCPServerConnection } from "../../mcp/types";
+import type { MCPAuthConfig, MCPServerConfig, MCPServerConnection } from "../../mcp/types";
 import type { OAuthCredential } from "../../session/auth-storage";
 import { shortenPath } from "../../tools/render-utils";
 import { openPath } from "../../utils/open";
@@ -400,13 +400,16 @@ export class MCPCommandController {
 						}
 
 						try {
+							const oauthClientSecret = finalConfig.oauth?.clientSecret ?? "";
 							const credentialId = await this.#handleOAuthFlow(
 								oauth.authorizationUrl,
 								oauth.tokenUrl,
 								oauth.clientId ?? finalConfig.oauth?.clientId ?? "",
-								"",
+								oauthClientSecret,
 								oauth.scopes ?? "",
 								finalConfig.oauth?.callbackPort,
+								finalConfig.oauth?.callbackPath,
+								finalConfig.oauth?.redirectUri,
 							);
 							finalConfig = {
 								...finalConfig,
@@ -415,7 +418,7 @@ export class MCPCommandController {
 									credentialId,
 									tokenUrl: oauth.tokenUrl,
 									clientId: oauth.clientId ?? finalConfig.oauth?.clientId,
-									clientSecret: undefined,
+									clientSecret: finalConfig.oauth?.clientSecret,
 								},
 							};
 						} catch (oauthError) {
@@ -478,6 +481,8 @@ export class MCPCommandController {
 		clientSecret: string,
 		scopes: string,
 		callbackPort?: number,
+		callbackPath?: string,
+		redirectUri?: string,
 	): Promise<string> {
 		const authStorage = this.ctx.session.modelRegistry.authStorage;
 		let parsedAuthUrl: URL;
@@ -493,6 +498,7 @@ export class MCPCommandController {
 		}
 
 		const resolvedClientId = clientId.trim() || parsedAuthUrl.searchParams.get("client_id") || undefined;
+		const resolvedClientSecret = clientSecret.trim() || undefined;
 
 		try {
 			// Create OAuth flow
@@ -501,9 +507,11 @@ export class MCPCommandController {
 					authorizationUrl: authUrl,
 					tokenUrl: tokenUrl,
 					clientId: resolvedClientId,
-					clientSecret: clientSecret || undefined,
+					clientSecret: resolvedClientSecret,
 					scopes: scopes || undefined,
+					redirectUri,
 					callbackPort,
+					callbackPath,
 				},
 				{
 					onAuth: (info: { url: string; instructions?: string }) => {
@@ -653,7 +661,7 @@ export class MCPCommandController {
 	}
 
 	#stripOAuthAuth(config: MCPServerConfig): MCPServerConfig {
-		const next = { ...config } as MCPServerConfig & { auth?: { type: "oauth" | "apikey"; credentialId?: string } };
+		const next = { ...config } as MCPServerConfig & { auth?: MCPAuthConfig };
 		delete next.auth;
 		return next;
 	}
@@ -1261,9 +1269,7 @@ export class MCPCommandController {
 				return;
 			}
 
-			const currentAuth = (
-				found.config as MCPServerConfig & { auth?: { type: "oauth" | "apikey"; credentialId?: string } }
-			).auth;
+			const currentAuth = (found.config as MCPServerConfig & { auth?: MCPAuthConfig }).auth;
 			if (currentAuth?.type === "oauth") {
 				await this.#removeManagedOAuthCredential(currentAuth.credentialId);
 			}
@@ -1298,17 +1304,14 @@ export class MCPCommandController {
 				return;
 			}
 
-			const currentAuth = (
-				found.config as MCPServerConfig & {
-					auth?: { type: "oauth" | "apikey"; credentialId?: string; clientSecret?: string };
-				}
-			).auth;
+			const currentAuth = (found.config as MCPServerConfig & { auth?: MCPAuthConfig }).auth;
 			if (currentAuth?.type === "oauth") {
 				await this.#removeManagedOAuthCredential(currentAuth.credentialId);
 			}
 
 			const baseConfig = this.#stripOAuthAuth(found.config);
 			const oauth = await this.#resolveOAuthEndpointsFromServer(baseConfig);
+			const oauthClientSecret = found.config.oauth?.clientSecret ?? currentAuth?.clientSecret ?? "";
 
 			this.#showMessage(["", theme.fg("muted", `Reauthorizing "${name}"...`), ""].join("\n"));
 
@@ -1316,9 +1319,11 @@ export class MCPCommandController {
 				oauth.authorizationUrl,
 				oauth.tokenUrl,
 				oauth.clientId ?? found.config.oauth?.clientId ?? "",
-				"",
+				oauthClientSecret,
 				oauth.scopes ?? "",
 				found.config.oauth?.callbackPort,
+				found.config.oauth?.callbackPath,
+				found.config.oauth?.redirectUri,
 			);
 
 			const updated: MCPServerConfig = {
@@ -1328,7 +1333,7 @@ export class MCPCommandController {
 					credentialId,
 					tokenUrl: oauth.tokenUrl,
 					clientId: oauth.clientId ?? found.config.oauth?.clientId,
-					clientSecret: currentAuth?.clientSecret,
+					clientSecret: oauthClientSecret || undefined,
 				},
 			};
 			await updateMCPServer(found.filePath, name, updated);