strapi-oauth-mcp-manager 0.1.0 → 0.1.2

package/README.md

@@ -31,11 +31,144 @@ export default () => ({
   'yt-transcript-strapi-plugin': {
     enabled: true,
   },
+  'strapi-content-mcp': {
+    enabled: true,
+  },
 });
 ```
 
+---
+
+## Quick Start: ChatGPT Setup
+
+### Step 1: Create a Strapi API Token
+
+1. Go to **Strapi Admin** → **Settings** → **API Tokens**
+2. Click **Create new API Token**
+3. Configure:
+   - **Name**: `ChatGPT MCP Access`
+   - **Token type**: `Full access` (or custom with specific permissions)
+   - **Token duration**: `Unlimited` (recommended) or set expiry
+4. Click **Save** and **copy the token** (you won't see it again)
+
+### Step 2: Create an OAuth Client in Strapi
+
+1. Go to **Strapi Admin** → **Content Manager** → **MCP OAuth Client**
+2. Click **Create new entry**
+3. Fill in the fields:
+
+| Field | Value |
+|-------|-------|
+| **name** | `ChatGPT` |
+| **clientId** | `chatgpt` |
+| **clientSecret** | Choose a secure secret (e.g., `my-super-secret-key-123`) |
+| **redirectUris** | `https://chatgpt.com/connector_platform_oauth_redirect` |
+| **strapiApiToken** | Paste the API token from Step 1 |
+| **active** | `true` |
+
+4. Click **Save**
+
+### Step 3: Configure ChatGPT
+
+1. Go to [ChatGPT](https://chatgpt.com)
+2. Click your profile → **Settings** → **Connected Apps** → **Add App**
+3. Fill in the form:
+
+| Field | Value |
+|-------|-------|
+| **Name** | `Your App Name` (e.g., "YT Transcripts") |
+| **Description** | What the app does |
+| **MCP Server URL** | `https://your-strapi-domain.com/api/yt-transcript-strapi-plugin/mcp` |
+| **Authentication** | `OAuth` |
+| **Client ID** | `chatgpt` (from Step 2) |
+| **Client Secret** | Your secret from Step 2 |
+
+4. Click **Save**
+
+### Step 4: Authorize
+
+When you first use the MCP tools in ChatGPT, it will redirect you to Strapi to authorize. Click **Authorize** to complete the OAuth flow.
+
+---
+
+## Quick Start: Claude Desktop Setup
+
+Claude Desktop uses direct Strapi API tokens (no OAuth flow needed).
+
+### Step 1: Create a Strapi API Token
+
+Same as ChatGPT Step 1 above.
+
+### Step 2: Configure Claude Desktop
+
+Edit your Claude Desktop config file:
+
+**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
+**Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
+
+```json
+{
+  "mcpServers": {
+    "yt-transcript": {
+      "command": "npx",
+      "args": [
+        "mcp-remote",
+        "https://your-strapi-domain.com/api/yt-transcript-strapi-plugin/mcp",
+        "--header",
+        "Authorization: Bearer YOUR_STRAPI_API_TOKEN"
+      ]
+    },
+    "strapi-content": {
+      "command": "npx",
+      "args": [
+        "mcp-remote",
+        "https://your-strapi-domain.com/api/strapi-content-mcp/mcp",
+        "--header",
+        "Authorization: Bearer YOUR_STRAPI_API_TOKEN"
+      ]
+    }
+  }
+}
+```
+
+Replace:
+- `your-strapi-domain.com` with your actual Strapi URL
+- `YOUR_STRAPI_API_TOKEN` with the token from Step 1
+
+### Step 3: Restart Claude Desktop
+
+Quit and reopen Claude Desktop to load the new configuration.
+
+---
+
 ## How It Works
 
+### Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                     Strapi Application                       │
+│                                                              │
+│  ┌─────────────────────────────────────────────────────┐    │
+│  │           strapi-oauth-mcp-manager                   │    │
+│  │  ┌───────────────┐  ┌───────────────────────────┐   │    │
+│  │  │ OAuth         │  │ Global Auth Middleware    │   │    │
+│  │  │ Endpoints     │  │ (protects all registered  │   │    │
+│  │  │ /authorize    │  │  MCP endpoints)           │   │    │
+│  │  │ /token        │  └───────────────────────────┘   │    │
+│  │  └───────────────┘                                   │    │
+│  └─────────────────────────────────────────────────────┘    │
+│                            │                                 │
+│         ┌──────────────────┼──────────────────┐             │
+│         ▼                  ▼                  ▼             │
+│  ┌─────────────┐   ┌─────────────┐   ┌─────────────┐       │
+│  │ MCP Plugin  │   │ MCP Plugin  │   │ MCP Plugin  │       │
+│  │     A       │   │     B       │   │     C       │       │
+│  │ (registers) │   │ (registers) │   │ (registers) │       │
+│  └─────────────┘   └─────────────┘   └─────────────┘       │
+└─────────────────────────────────────────────────────────────┘
+```
+
 ### For MCP Plugin Developers
 
 MCP plugins register with the OAuth manager to gain authentication support:
@@ -54,17 +187,40 @@ if (oauthPlugin) {
 }
 ```
 
-### For Users
+### Authentication Flow
 
-1. **Create an OAuth Client** in Strapi Admin:
-   - Go to Content Manager > MCP OAuth Client
-   - Add client name, ID, secret, and redirect URIs
-   - Link to a Strapi API token
+```
+ChatGPT/OAuth Client                    Strapi
+       │                                   │
+       │ 1. Request MCP endpoint           │
+       │ ─────────────────────────────────>│
+       │                                   │
+       │ 2. 401 + WWW-Authenticate header  │
+       │ <─────────────────────────────────│
+       │                                   │
+       │ 3. Discover OAuth via .well-known │
+       │ ─────────────────────────────────>│
+       │                                   │
+       │ 4. Redirect to /authorize         │
+       │ ─────────────────────────────────>│
+       │                                   │
+       │ 5. User authorizes, get code      │
+       │ <─────────────────────────────────│
+       │                                   │
+       │ 6. Exchange code for token        │
+       │ ─────────────────────────────────>│
+       │                                   │
+       │ 7. Access token returned          │
+       │ <─────────────────────────────────│
+       │                                   │
+       │ 8. MCP requests with Bearer token │
+       │ ─────────────────────────────────>│
+       │                                   │
+       │ 9. MCP response                   │
+       │ <─────────────────────────────────│
+```
 
-2. **Configure ChatGPT**:
-   - MCP Server URL: `https://your-domain/api/your-mcp-plugin/mcp`
-   - OAuth Client ID: From Strapi admin
-   - OAuth Client Secret: From Strapi admin
+---
 
 ## OAuth Endpoints
 
@@ -75,6 +231,8 @@ if (oauthPlugin) {
 | Discovery (RFC 8414) | `/api/strapi-oauth-mcp-manager/.well-known/oauth-authorization-server` |
 | Protected Resource (RFC 9728) | `/api/strapi-oauth-mcp-manager/.well-known/oauth-protected-resource` |
 
+---
+
 ## Content Types
 
 The plugin creates these content types:
@@ -86,52 +244,70 @@ The plugin creates these content types:
 | `mcp-oauth-token` | Access and refresh tokens |
 | `mcp-endpoint` | Registered MCP endpoints |
 
-## Creating an OAuth Client for ChatGPT
+---
 
-In Strapi Admin > Content Manager > MCP OAuth Client:
+## OAuth Client Configuration
 
-```json
-{
-  "name": "ChatGPT",
-  "clientId": "chatgpt",
-  "clientSecret": "your-secure-secret",
-  "redirectUris": ["https://chatgpt.com/connector_platform_oauth_redirect"],
-  "strapiApiToken": "your-strapi-api-token",
-  "active": true
-}
-```
+### Required Fields
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `name` | string | Display name for the client |
+| `clientId` | string | Unique identifier (e.g., `chatgpt`) |
+| `clientSecret` | string | Secret for token exchange |
+| `redirectUris` | string[] | Allowed redirect URIs after authorization |
+| `strapiApiToken` | string | Strapi API token to use for authenticated requests |
+| `active` | boolean | Whether the client is active |
+
+### Redirect URIs
+
+Common redirect URIs:
+
+| Client | Redirect URI |
+|--------|--------------|
+| ChatGPT | `https://chatgpt.com/connector_platform_oauth_redirect` |
+| Custom OAuth | Your app's callback URL |
+
+Wildcard patterns are supported (e.g., `https://*.example.com/callback`).
+
+---
+
+## Troubleshooting
 
-## Authentication Flow
+### "Invalid redirect_uri" Error
 
+Make sure the redirect URI in your OAuth client exactly matches what the client sends. For ChatGPT, use:
 ```
-1. Client hits MCP endpoint without auth
-2. Returns 401 with WWW-Authenticate header
-3. Client discovers OAuth endpoints via .well-known
-4. Client completes OAuth authorization code flow
-5. Client receives access token
-6. Client makes MCP requests with Bearer token
-7. OAuth manager validates and forwards to MCP plugin
+https://chatgpt.com/connector_platform_oauth_redirect
 ```
 
-## Claude Desktop (API Token)
+### "Session expired" Error
 
-For Claude Desktop, use direct Strapi API tokens:
+Sessions expire after 4 hours. The client should automatically reinitialize the connection.
 
-```json
-{
-  "mcpServers": {
-    "your-mcp": {
-      "command": "npx",
-      "args": [
-        "mcp-remote",
-        "https://your-domain/api/your-mcp-plugin/mcp",
-        "--header",
-        "Authorization: Bearer YOUR_STRAPI_API_TOKEN"
-      ]
-    }
-  }
-}
-```
+### Claude Desktop Not Connecting
+
+1. Check that `mcp-remote` is installed: `npx mcp-remote --version`
+2. Verify your API token is valid in Strapi Admin
+3. Check the Strapi logs for authentication errors
+4. Ensure your Strapi instance is accessible from your machine
+
+### OAuth Flow Not Starting
+
+1. Verify the OAuth client is set to `active: true`
+2. Check that the `strapiApiToken` in the OAuth client is valid
+3. Look at Strapi logs for detailed error messages
+
+---
+
+## Compatible MCP Plugins
+
+These plugins support `strapi-oauth-mcp-manager`:
+
+- [yt-transcript-strapi-plugin](https://www.npmjs.com/package/yt-transcript-strapi-plugin) - YouTube transcript tools
+- [strapi-content-mcp](https://www.npmjs.com/package/strapi-content-mcp) - Strapi content management tools
+
+---
 
 ## Requirements
 

package/dist/server/index.js

@@ -417,7 +417,18 @@ const oauthController = ({ strapi }) => ({
       ctx.body = { error: "invalid_client", error_description: "Unknown client_id" };
       return;
     }
-    const allowedRedirects = client.redirectUris;
+    let allowedRedirects = [];
+    if (Array.isArray(client.redirectUris)) {
+      allowedRedirects = client.redirectUris;
+    } else if (typeof client.redirectUris === "string") {
+      try {
+        allowedRedirects = JSON.parse(client.redirectUris);
+      } catch {
+        allowedRedirects = [client.redirectUris];
+      }
+    }
+    strapi.log.debug(`[${PLUGIN_ID}] Checking redirect_uri: ${redirect_uri}`);
+    strapi.log.debug(`[${PLUGIN_ID}] Allowed redirects (${typeof client.redirectUris}): ${JSON.stringify(allowedRedirects)}`);
     if (!matchRedirectUri(redirect_uri, allowedRedirects)) {
       strapi.log.warn(`[${PLUGIN_ID}] Invalid redirect_uri: ${redirect_uri}`);
       strapi.log.warn(`[${PLUGIN_ID}] Allowed patterns: ${allowedRedirects.join(", ")}`);

package/dist/server/index.mjs

@@ -416,7 +416,18 @@ const oauthController = ({ strapi }) => ({
       ctx.body = { error: "invalid_client", error_description: "Unknown client_id" };
       return;
     }
-    const allowedRedirects = client.redirectUris;
+    let allowedRedirects = [];
+    if (Array.isArray(client.redirectUris)) {
+      allowedRedirects = client.redirectUris;
+    } else if (typeof client.redirectUris === "string") {
+      try {
+        allowedRedirects = JSON.parse(client.redirectUris);
+      } catch {
+        allowedRedirects = [client.redirectUris];
+      }
+    }
+    strapi.log.debug(`[${PLUGIN_ID}] Checking redirect_uri: ${redirect_uri}`);
+    strapi.log.debug(`[${PLUGIN_ID}] Allowed redirects (${typeof client.redirectUris}): ${JSON.stringify(allowedRedirects)}`);
     if (!matchRedirectUri(redirect_uri, allowedRedirects)) {
       strapi.log.warn(`[${PLUGIN_ID}] Invalid redirect_uri: ${redirect_uri}`);
       strapi.log.warn(`[${PLUGIN_ID}] Allowed patterns: ${allowedRedirects.join(", ")}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "strapi-oauth-mcp-manager",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Centralized OAuth 2.0 authentication manager for Strapi MCP plugins. Supports ChatGPT, Claude, and custom OAuth clients.",
   "keywords": [
     "strapi",