Skip to content

Commit 89c4ec3

Browse files
allenzhou101allenzhou101
committed
Add baseUrl param to override issuerUrl for fallback construction
1 parent d93814f commit 89c4ec3

File tree

1 file changed

+12
-4
lines changed

1 file changed

+12
-4
lines changed

src/server/auth/router.ts

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,13 @@ export type AuthRouterOptions = {
1717
*/
1818
issuerUrl: URL;
1919

20+
/**
21+
* The base URL of the authorization server to use for the metadata endpoints.
22+
*
23+
* If not provided, the issuer URL will be used as the base URL.
24+
*/
25+
baseUrl?: URL;
26+
2027
/**
2128
* An optional URL of a page containing human-readable information that developers might want or need to know when using the authorization server.
2229
*/
@@ -41,6 +48,7 @@ export type AuthRouterOptions = {
4148
*/
4249
export function mcpAuthRouter(options: AuthRouterOptions): RequestHandler {
4350
const issuer = options.issuerUrl;
51+
const baseUrl = options.baseUrl;
4452

4553
// Technically RFC 8414 does not permit a localhost HTTPS exemption, but this will be necessary for ease of testing
4654
if (issuer.protocol !== "https:" && issuer.hostname !== "localhost" && issuer.hostname !== "127.0.0.1") {
@@ -62,18 +70,18 @@ export function mcpAuthRouter(options: AuthRouterOptions): RequestHandler {
6270
issuer: issuer.href,
6371
service_documentation: options.serviceDocumentationUrl?.href,
6472

65-
authorization_endpoint: new URL(authorization_endpoint, issuer).href,
73+
authorization_endpoint: new URL(authorization_endpoint, baseUrl || issuer).href,
6674
response_types_supported: ["code"],
6775
code_challenge_methods_supported: ["S256"],
6876

69-
token_endpoint: new URL(token_endpoint, issuer).href,
77+
token_endpoint: new URL(token_endpoint, baseUrl || issuer).href,
7078
token_endpoint_auth_methods_supported: ["client_secret_post"],
7179
grant_types_supported: ["authorization_code", "refresh_token"],
7280

73-
revocation_endpoint: revocation_endpoint ? new URL(revocation_endpoint, issuer).href : undefined,
81+
revocation_endpoint: revocation_endpoint ? new URL(revocation_endpoint, baseUrl || issuer).href : undefined,
7482
revocation_endpoint_auth_methods_supported: revocation_endpoint ? ["client_secret_post"] : undefined,
7583

76-
registration_endpoint: registration_endpoint ? new URL(registration_endpoint, issuer).href : undefined,
84+
registration_endpoint: registration_endpoint ? new URL(registration_endpoint, baseUrl || issuer).href : undefined,
7785
};
7886

7987
const router = express.Router();

0 commit comments

Comments
 (0)