python-slack-agents 0.8.0__tar.gz → 0.8.1__tar.gz

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/CHANGELOG.md

@@ -1,4 +1,4 @@
-# Changelog
+we don# Changelog
 
 All notable changes to this project will be documented in this file.
 
@@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ## [Unreleased]
 
+## [0.8.1] - 2026-05-07
+
+### Fixed
+
+- `oauth_clients` cache is now keyed by `(server_id, redirect_uri)` instead of `server_id` alone. Two `mcp_http_oauth` providers pointing at the same MCP server but with different `OAUTH_PUBLIC_URL` values (e.g. agents sharing a database, or a single agent whose tunnel hostname rotates) used to collide on the cached client registration; the second one would reuse a row whose `redirect_uri` the IdP no longer accepted, producing `Invalid parameter: redirect_uri` from the IdP.
+- `mcp_http_oauth.Provider.call_tool` now detects an IdP `Invalid parameter: redirect_uri` (or `redirect_uri_mismatch`) rejection, deletes the stale cached client registration and the user's cached tokens, and surfaces a structured `system_error` with `code="redirect_uri_mismatch"` so the LLM can explain the situation. The next call re-registers a fresh client and prompts for re-auth.
+
+### Migration
+
+- The `oauth_clients` table primary key changed from `(server_id)` to `(server_id, redirect_uri)`. There is no automatic migration: any rows from 0.8.0 will be re-created on demand the first time each `(server_id, redirect_uri)` pair is used, leaving harmless orphan rows behind. Operators who want a clean slate can `DELETE FROM oauth_clients;` before upgrading.
+
 ## [0.8.0] - 2026-05-06
 
 ### Added

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-slack-agents
-Version: 0.8.0
+Version: 0.8.1
 Summary: A Python framework for deploying AI agents as Slack bots
 Project-URL: Homepage, https://github.com/CompareNetworks/python-slack-agents
 Project-URL: Repository, https://github.com/CompareNetworks/python-slack-agents

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "python-slack-agents"
-version = "0.8.0"
+version = "0.8.1"
 description = "A Python framework for deploying AI agents as Slack bots"
 authors = [{name = "Eric Pichon", email = "epichon@comparenetworks.com"}]
 readme = "README.md"

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/oauth/storage.py

@@ -39,11 +39,13 @@ class DBTokenStorage:
         backend: BaseStorageProvider,
         user_id: str,
         server_id: str,
+        redirect_uri: str,
         token_key: bytes,
     ) -> None:
         self._backend = backend
         self._user_id = user_id
         self._server_id = server_id
+        self._redirect_uri = redirect_uri
         self._token_key = token_key
 
     async def get_tokens(self) -> OAuthToken | None:
@@ -102,14 +104,14 @@ class DBTokenStorage:
         await self._backend.put_oauth_token(self._user_id, self._server_id, row)
 
     async def get_client_info(self) -> OAuthClientInformationFull | None:
-        row = await self._backend.get_oauth_client(self._server_id)
+        row = await self._backend.get_oauth_client(self._server_id, self._redirect_uri)
         if row is None:
             return None
         return OAuthClientInformationFull.model_validate_json(row.metadata_json)
 
     async def set_client_info(self, client_info: OAuthClientInformationFull) -> None:
         now = int(time.time())
-        existing = await self._backend.get_oauth_client(self._server_id)
+        existing = await self._backend.get_oauth_client(self._server_id, self._redirect_uri)
         created_at = existing.created_at if existing else now
         row = OAuthClientRow(
             client_id=client_info.client_id,
@@ -119,4 +121,4 @@ class DBTokenStorage:
             created_at=created_at,
             updated_at=now,
         )
-        await self._backend.put_oauth_client(self._server_id, row)
+        await self._backend.put_oauth_client(self._server_id, self._redirect_uri, row)

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/storage/base.py

@@ -94,12 +94,18 @@ class BaseStorageProvider(ABC):
         """Delete the token row for ``(user_id, server_id)`` if present."""
 
     @abstractmethod
-    async def get_oauth_client(self, server_id: str) -> OAuthClientRow | None:
-        """Return the persisted dynamic-client-registration row for ``server_id``."""
+    async def get_oauth_client(self, server_id: str, redirect_uri: str) -> OAuthClientRow | None:
+        """Return the persisted DCR row for ``(server_id, redirect_uri)`` or None."""
 
     @abstractmethod
-    async def put_oauth_client(self, server_id: str, row: OAuthClientRow) -> None:
-        """Upsert the dynamic-client-registration row for ``server_id``."""
+    async def put_oauth_client(
+        self, server_id: str, redirect_uri: str, row: OAuthClientRow
+    ) -> None:
+        """Upsert the DCR row for ``(server_id, redirect_uri)``."""
+
+    @abstractmethod
+    async def delete_oauth_client(self, server_id: str, redirect_uri: str) -> None:
+        """Delete the DCR row for ``(server_id, redirect_uri)`` if present."""
 
     async def close(self) -> None:
         """Close connections and clean up resources."""

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/storage/postgres.py

@@ -670,13 +670,14 @@ class Provider(BaseStorageProvider):
                 server_id,
             )
 
-    async def get_oauth_client(self, server_id: str) -> OAuthClientRow | None:
+    async def get_oauth_client(self, server_id: str, redirect_uri: str) -> OAuthClientRow | None:
         async with self._pool.acquire() as conn:
             row = await conn.fetchrow(
                 "SELECT client_id, client_secret, metadata_json, "
                 "authorization_server, created_at, updated_at "
-                "FROM oauth_clients WHERE server_id=$1",
+                "FROM oauth_clients WHERE server_id=$1 AND redirect_uri=$2",
                 server_id,
+                redirect_uri,
             )
         if row is None:
             return None
@@ -689,20 +690,23 @@ class Provider(BaseStorageProvider):
             updated_at=row["updated_at"],
         )
 
-    async def put_oauth_client(self, server_id: str, row: OAuthClientRow) -> None:
+    async def put_oauth_client(
+        self, server_id: str, redirect_uri: str, row: OAuthClientRow
+    ) -> None:
         async with self._pool.acquire() as conn:
             await conn.execute(
                 "INSERT INTO oauth_clients ("
-                "server_id, client_id, client_secret, metadata_json, "
-                "authorization_server, created_at, updated_at"
-                ") VALUES ($1, $2, $3, $4, $5, $6, $7) "
-                "ON CONFLICT (server_id) DO UPDATE SET "
+                "server_id, redirect_uri, client_id, client_secret, "
+                "metadata_json, authorization_server, created_at, updated_at"
+                ") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) "
+                "ON CONFLICT (server_id, redirect_uri) DO UPDATE SET "
                 "client_id=EXCLUDED.client_id, "
                 "client_secret=EXCLUDED.client_secret, "
                 "metadata_json=EXCLUDED.metadata_json, "
                 "authorization_server=EXCLUDED.authorization_server, "
                 "updated_at=EXCLUDED.updated_at",
                 server_id,
+                redirect_uri,
                 row.client_id,
                 row.client_secret,
                 row.metadata_json,
@@ -710,3 +714,11 @@ class Provider(BaseStorageProvider):
                 row.created_at,
                 row.updated_at,
             )
+
+    async def delete_oauth_client(self, server_id: str, redirect_uri: str) -> None:
+        async with self._pool.acquire() as conn:
+            await conn.execute(
+                "DELETE FROM oauth_clients WHERE server_id=$1 AND redirect_uri=$2",
+                server_id,
+                redirect_uri,
+            )

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/storage/postgres.sql

@@ -133,11 +133,13 @@ CREATE TABLE IF NOT EXISTS oauth_tokens (
 );
 
 CREATE TABLE IF NOT EXISTS oauth_clients (
-    server_id            TEXT     NOT NULL PRIMARY KEY,
+    server_id            TEXT     NOT NULL,
+    redirect_uri         TEXT     NOT NULL,
     client_id            TEXT     NOT NULL,
     client_secret        TEXT,
     metadata_json        TEXT     NOT NULL,
     authorization_server TEXT     NOT NULL,
     created_at           BIGINT   NOT NULL,
-    updated_at           BIGINT   NOT NULL
+    updated_at           BIGINT   NOT NULL,
+    PRIMARY KEY (server_id, redirect_uri)
 );

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/storage/sqlite.py

@@ -523,25 +523,27 @@ class Provider(BaseStorageProvider):
         )
         await self._db.commit()
 
-    async def get_oauth_client(self, server_id: str) -> OAuthClientRow | None:
+    async def get_oauth_client(self, server_id: str, redirect_uri: str) -> OAuthClientRow | None:
         async with self._db.execute(
             "SELECT client_id, client_secret, metadata_json, "
             "authorization_server, created_at, updated_at "
-            "FROM oauth_clients WHERE server_id=?",
-            (server_id,),
+            "FROM oauth_clients WHERE server_id=? AND redirect_uri=?",
+            (server_id, redirect_uri),
         ) as cursor:
             row = await cursor.fetchone()
         if row is None:
             return None
         return OAuthClientRow(*row)
 
-    async def put_oauth_client(self, server_id: str, row: OAuthClientRow) -> None:
+    async def put_oauth_client(
+        self, server_id: str, redirect_uri: str, row: OAuthClientRow
+    ) -> None:
         await self._db.execute(
             "INSERT INTO oauth_clients ("
-            "server_id, client_id, client_secret, metadata_json, "
+            "server_id, redirect_uri, client_id, client_secret, metadata_json, "
             "authorization_server, created_at, updated_at"
-            ") VALUES (?, ?, ?, ?, ?, ?, ?) "
-            "ON CONFLICT(server_id) DO UPDATE SET "
+            ") VALUES (?, ?, ?, ?, ?, ?, ?, ?) "
+            "ON CONFLICT(server_id, redirect_uri) DO UPDATE SET "
             "client_id=excluded.client_id, "
             "client_secret=excluded.client_secret, "
             "metadata_json=excluded.metadata_json, "
@@ -549,6 +551,7 @@ class Provider(BaseStorageProvider):
             "updated_at=excluded.updated_at",
             (
                 server_id,
+                redirect_uri,
                 row.client_id,
                 row.client_secret,
                 row.metadata_json,
@@ -558,3 +561,10 @@ class Provider(BaseStorageProvider):
             ),
         )
         await self._db.commit()
+
+    async def delete_oauth_client(self, server_id: str, redirect_uri: str) -> None:
+        await self._db.execute(
+            "DELETE FROM oauth_clients WHERE server_id=? AND redirect_uri=?",
+            (server_id, redirect_uri),
+        )
+        await self._db.commit()

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/storage/sqlite.sql

@@ -86,11 +86,13 @@ CREATE TABLE IF NOT EXISTS oauth_tokens (
 );
 
 CREATE TABLE IF NOT EXISTS oauth_clients (
-    server_id            TEXT     NOT NULL PRIMARY KEY,
+    server_id            TEXT     NOT NULL,
+    redirect_uri         TEXT     NOT NULL,
     client_id            TEXT     NOT NULL,
     client_secret        TEXT,
     metadata_json        TEXT     NOT NULL,
     authorization_server TEXT     NOT NULL,
     created_at           INTEGER  NOT NULL,
-    updated_at           INTEGER  NOT NULL
+    updated_at           INTEGER  NOT NULL,
+    PRIMARY KEY (server_id, redirect_uri)
 );

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/src/slack_agents/tools/mcp_http_oauth.py

@@ -317,6 +317,7 @@ class Provider(BaseToolProvider):
         self._public_url = (
             getattr(framework_ctx, "_public_url", None) or os.environ.get("OAUTH_PUBLIC_URL", "")
         ).rstrip("/")
+        self._redirect_uri = f"{self._public_url}/oauth/callback"
         # Tools are discovered eagerly via ensure_authenticated() when the user first
         # talks to the agent (or after restart, using the cached token). Until then
         # this stays empty.
@@ -377,6 +378,7 @@ class Provider(BaseToolProvider):
             backend=self._framework_ctx.storage,
             user_id=user_id,
             server_id=self._server_id,
+            redirect_uri=self._redirect_uri,
             token_key=self._token_key,
         )
         # Make sure the metadata cache is populated FIRST. We need it for the
@@ -408,7 +410,7 @@ class Provider(BaseToolProvider):
                 exc_info=True,
             )
         client_metadata = OAuthClientMetadata(
-            redirect_uris=[f"{self._public_url}/oauth/callback"],
+            redirect_uris=[self._redirect_uri],
             client_name=f"slack-agents/{self._framework_ctx.agent_name}",
             token_endpoint_auth_method="none",
             grant_types=["authorization_code", "refresh_token"],
@@ -471,12 +473,12 @@ class Provider(BaseToolProvider):
         Idempotent — does nothing if a client is already cached for this server.
         """
         backend = self._framework_ctx.storage
-        if await backend.get_oauth_client(self._server_id) is not None:
+        if await backend.get_oauth_client(self._server_id, self._redirect_uri) is not None:
             return
         if self._cached_asm is None or self._cached_asm.registration_endpoint is None:
             return
         body: dict = {
-            "redirect_uris": [f"{self._public_url}/oauth/callback"],
+            "redirect_uris": [self._redirect_uri],
             "client_name": f"slack-agents/{self._framework_ctx.agent_name}",
             "token_endpoint_auth_method": "none",
             "grant_types": ["authorization_code", "refresh_token"],
@@ -490,12 +492,13 @@ class Provider(BaseToolProvider):
             resp = await http.post(registration_url, json=body)
             resp.raise_for_status()
             client_info = OAuthClientInformationFull.model_validate_json(resp.content)
-        # Persist via DBTokenStorage. Client info is keyed only by server_id
-        # so the user_id passed here doesn't matter for this code path.
+        # Persist via DBTokenStorage. Client info is shared across users for
+        # this (server_id, redirect_uri); the user_id passed here is irrelevant.
         await DBTokenStorage(
             backend=backend,
             user_id="__system__",
             server_id=self._server_id,
+            redirect_uri=self._redirect_uri,
             token_key=self._token_key,
         ).set_client_info(client_info)
         registered_scope = getattr(client_info, "scope", None) or "(none)"
@@ -646,6 +649,7 @@ class Provider(BaseToolProvider):
             backend=self._framework_ctx.storage,
             user_id=user_id,
             server_id=self._server_id,
+            redirect_uri=self._redirect_uri,
             token_key=self._token_key,
         )
         had_token_before = await token_storage.get_tokens() is not None
@@ -713,6 +717,28 @@ class Provider(BaseToolProvider):
         try:
             return await self._call_mcp_with_token(user_conversation_context, tool_name, arguments)
         except Exception as e:
+            # Specific recovery: IdP rejected our authorize request because the
+            # client's registered redirect_uri doesn't match what we sent.
+            # Means the cached `oauth_clients` row's redirect_uri is stale —
+            # delete it so the next call re-registers, and surface a clear
+            # message naming the cause.
+            if _is_redirect_uri_mismatch(e):
+                await self._handle_redirect_uri_mismatch(user_id)
+                return make_tool_error(
+                    error=ERROR_SYSTEM_ERROR,
+                    code="redirect_uri_mismatch",
+                    server=self._server_id,
+                    tool=tool_name,
+                    recovery=RECOVERY_RETRY,
+                    message=(
+                        "The agent's OAUTH_PUBLIC_URL doesn't match the "
+                        "redirect_uri registered with the OAuth client at "
+                        "the IdP. The cached client registration has been "
+                        "cleared — the next call will register a fresh "
+                        "client and prompt for re-auth."
+                    ),
+                    details={"redirect_uri": self._redirect_uri},
+                )
             denied = _find_user_authorization_denied(e)
             if denied is None:
                 # No IdP-level denial signaled. Did we get a final 403 from the
@@ -754,6 +780,20 @@ class Provider(BaseToolProvider):
                 user_id=user_id,
             )
 
+    async def _handle_redirect_uri_mismatch(self, user_id: str) -> None:
+        """Drop the cached `oauth_clients` row + the user's tokens after the
+        IdP rejected the registered redirect_uri. The next call re-registers
+        a fresh client and runs first-auth.
+        """
+        await self._framework_ctx.storage.delete_oauth_client(self._server_id, self._redirect_uri)
+        await self._framework_ctx.storage.delete_oauth_token(user_id, self._server_id)
+        logger.warning(
+            "oauth: cleared stale registration after IdP redirect_uri mismatch "
+            "(server=%s redirect_uri=%s)",
+            self._server_id,
+            self._redirect_uri,
+        )
+
     async def _cached_scope_set(self, user_id: str) -> set[str]:
         """Return the set of scopes on the user's currently-cached token, or
         an empty set if there's no cached token. Used to detect when a 403
@@ -765,6 +805,7 @@ class Provider(BaseToolProvider):
                 backend=self._framework_ctx.storage,
                 user_id=user_id,
                 server_id=self._server_id,
+                redirect_uri=self._redirect_uri,
                 token_key=self._token_key,
             ).get_tokens()
             if cached and cached.scope:
@@ -820,6 +861,7 @@ class Provider(BaseToolProvider):
                     backend=self._framework_ctx.storage,
                     user_id=user_id,
                     server_id=self._server_id,
+                    redirect_uri=self._redirect_uri,
                     token_key=self._token_key,
                 ).get_tokens()
                 if cached and cached.scope:
@@ -995,6 +1037,18 @@ def _detect_missing_scopes(
     return None
 
 
+def _is_redirect_uri_mismatch(exc: BaseException) -> bool:
+    """Detect an IdP rejection of our authorize redirect_uri so the caller can
+    drop the stale cached client registration. Matches Keycloak's "Invalid
+    parameter: redirect_uri" and the RFC 6749 standard `redirect_uri_mismatch`.
+    """
+    for leaf in _flatten_exceptions(exc):
+        msg = str(leaf).lower()
+        if "invalid parameter: redirect_uri" in msg or "redirect_uri_mismatch" in msg:
+            return True
+    return False
+
+
 def _message_from_tool_error(tr: ToolResult) -> str:
     """Extract the human-readable `message` field from a structured tool-error
     ToolResult, for paths (like ensure_authenticated) that surface errors

{python_slack_agents-0.8.0 → python_slack_agents-0.8.1}/tests/test_mcp_http_oauth.py

@@ -179,6 +179,7 @@ class TestCallToolHappyPath:
             backend=framework_ctx.storage,
             user_id="U1",
             server_id="my-mcp",
+            redirect_uri=p._redirect_uri,
             token_key=p._token_key,
         )
         await store.set_tokens(
@@ -305,6 +306,7 @@ class TestScopeMergeHook:
             backend=framework_ctx.storage,
             user_id="U1",
             server_id="my-mcp",
+            redirect_uri=p._redirect_uri,
             token_key=p._token_key,
         ).set_tokens(
             OAuthToken(
@@ -406,6 +408,7 @@ class TestScopeNotGrantedDetection:
             backend=framework_ctx.storage,
             user_id="U1",
             server_id="my-mcp",
+            redirect_uri=p._redirect_uri,
             token_key=p._token_key,
         ).set_tokens(
             OAuthToken(
@@ -467,5 +470,157 @@ class TestScopeNotGrantedDetection:
         assert "offline_access" not in details["required_scopes"]
 
 
+class TestRedirectUriMismatchDetection:
+    """The `_is_redirect_uri_mismatch` helper recognises the IdP's rejection of
+    a stale cached client registration so we can wipe and re-register on the
+    next call."""
+
+    def test_recognises_keycloak_invalid_parameter(self):
+        from slack_agents.tools.mcp_http_oauth import _is_redirect_uri_mismatch
+
+        exc = Exception("Invalid parameter: redirect_uri")
+        assert _is_redirect_uri_mismatch(exc) is True
+
+    def test_recognises_redirect_uri_mismatch_phrase(self):
+        from slack_agents.tools.mcp_http_oauth import _is_redirect_uri_mismatch
+
+        exc = Exception("error: redirect_uri_mismatch")
+        assert _is_redirect_uri_mismatch(exc) is True
+
+    def test_recognises_inside_exception_chain(self):
+        from slack_agents.tools.mcp_http_oauth import _is_redirect_uri_mismatch
+
+        try:
+            try:
+                raise ValueError("Invalid parameter: redirect_uri")
+            except ValueError as inner:
+                raise RuntimeError("oauth flow failed") from inner
+        except RuntimeError as outer:
+            assert _is_redirect_uri_mismatch(outer) is True
+
+    def test_unrelated_error_returns_false(self):
+        from slack_agents.tools.mcp_http_oauth import _is_redirect_uri_mismatch
+
+        assert _is_redirect_uri_mismatch(Exception("network down")) is False
+        # "redirect_uri" alone is not enough — needs a mismatch verb too.
+        assert _is_redirect_uri_mismatch(Exception("redirect_uri set")) is False
+
+
+class TestRedirectUriMismatchRecovery:
+    """When `_handle_redirect_uri_mismatch` runs, the cached DCR row and the
+    user's tokens are both deleted so the next call re-registers and re-auths."""
+
+    async def test_deletes_client_row_and_user_tokens(self, framework_ctx):
+        from slack_agents.oauth.storage import DBTokenStorage
+        from slack_agents.storage.base import OAuthClientRow
+
+        p = McpHttpOAuthProvider(
+            url="https://srv.example.com/mcp",
+            allowed_functions=[".*"],
+            framework_ctx=framework_ctx,
+            server_id="my-mcp",
+        )
+        # Seed cached registration + a user token.
+        import time as _time
+
+        now = int(_time.time())
+        await framework_ctx.storage.put_oauth_client(
+            "my-mcp",
+            p._redirect_uri,
+            OAuthClientRow(
+                client_id="cid",
+                client_secret=None,
+                metadata_json="{}",
+                authorization_server="https://idp.example.com",
+                created_at=now,
+                updated_at=now,
+            ),
+        )
+        await DBTokenStorage(
+            backend=framework_ctx.storage,
+            user_id="U1",
+            server_id="my-mcp",
+            redirect_uri=p._redirect_uri,
+            token_key=p._token_key,
+        ).set_tokens(
+            OAuthToken(
+                access_token="t",
+                token_type="Bearer",
+                expires_in=3600,
+                refresh_token=None,
+                scope="",
+            )
+        )
+
+        await p._handle_redirect_uri_mismatch("U1")
+
+        assert await framework_ctx.storage.get_oauth_client("my-mcp", p._redirect_uri) is None
+        assert await framework_ctx.storage.get_oauth_token("U1", "my-mcp") is None
+
+    async def test_call_tool_returns_structured_error_on_mismatch(self, framework_ctx):
+        import json as _json
+
+        from slack_agents.oauth.storage import DBTokenStorage
+        from slack_agents.storage.base import OAuthClientRow
+
+        p = McpHttpOAuthProvider(
+            url="https://srv.example.com/mcp",
+            allowed_functions=[".*"],
+            framework_ctx=framework_ctx,
+            server_id="my-mcp",
+        )
+        # Seed registration + token so we can verify they get cleared.
+        import time as _time
+
+        now = int(_time.time())
+        await framework_ctx.storage.put_oauth_client(
+            "my-mcp",
+            p._redirect_uri,
+            OAuthClientRow("cid", None, "{}", "https://idp", now, now),
+        )
+        await DBTokenStorage(
+            backend=framework_ctx.storage,
+            user_id="U1",
+            server_id="my-mcp",
+            redirect_uri=p._redirect_uri,
+            token_key=p._token_key,
+        ).set_tokens(
+            OAuthToken(
+                access_token="t",
+                token_type="Bearer",
+                expires_in=3600,
+                refresh_token=None,
+                scope="",
+            )
+        )
+
+        with patch.object(
+            p,
+            "_call_mcp_with_token",
+            AsyncMock(side_effect=Exception("Invalid parameter: redirect_uri")),
+        ):
+            result = await p.call_tool(
+                tool_name="t",
+                arguments={},
+                user_conversation_context={
+                    "user_id": "U1",
+                    "channel_id": "C1",
+                    "channel_name": "c",
+                    "thread_id": None,
+                },
+                storage=framework_ctx.storage,
+            )
+
+        assert result["is_error"] is True
+        payload = _json.loads(result["content"])
+        assert payload["error"] == "system_error"
+        assert payload["code"] == "redirect_uri_mismatch"
+        assert payload["server"] == "my-mcp"
+        assert payload["details"]["redirect_uri"] == p._redirect_uri
+        # Stale state was cleared.
+        assert await framework_ctx.storage.get_oauth_client("my-mcp", p._redirect_uri) is None
+        assert await framework_ctx.storage.get_oauth_token("U1", "my-mcp") is None
+
+
 # Need this import at module level for the test above.
 import httpx  # noqa: E402