8000 Initial support of dynamic auth providers for MCP by TylerLeonhardt · Pull Request #249501 · microsoft/vscode · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Initial support of dynamic auth providers for MCP #249501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 22, 2025
Merged

Initial support of dynamic auth providers for MCP #249501

merged 2 commits into from
May 22, 2025
+1,163 −52

Conversation

TylerLeonhardt
Copy link
Member
@TylerLeonhardt TylerLeonhardt commented May 22, 2025
edited
Loading

With this change, we support being able to on-the-fly create an Auth Provider based on an oauth-authorization-server's metadata.

MCP then leverages this because by following the MCP spec we can figure out the oauth server metadata and then request a token from that server.

The tokens are persisted and will be refreshed on demand... all based on the OAuth spec.

Fixes #247759

@TylerLeonhardt
Initial support of dynamic auth providers for MCP
51ef9bf 
With this change, we support being able to on-the-fly create an Auth Provider based on an oauth-authorization-server's metadata.

MCP then leverages this because by following the MCP spec we can figure out the oauth server metadata and then request a token from that server.

The tokens are persisted and will be refreshed on demand... all based on the OAuth spec.
@TylerLeonhardt TylerLeonhardt self-assigned this May 22, 2025
@TylerLeonhardt TylerLeonhardt enabled auto-merge (squash) May 22, 2025 00:19
@TylerLeonhardt TylerLeonhardt requested a review from connor4312 May 22, 2025 00:21
@vs-code-engineering vs-code-engineering bot added this to the May 2025 milestone May 22, 2025
connor4312
connor4312 reviewed May 22, 2025
View reviewed changes
connor4312
connor4312 reviewed May 22, 2025
View reviewed changes
@TylerLeonhardt TylerLeonhardt merged commit 3089b82 into main May 22, 2025
8 checks passed
@TylerLeonhardt TylerLeonhardt deleted the tyler/yeasty-stoat branch May 22, 2025 17:11
@lkchao-majority
Copy link
lkchao-majority commented May 23, 2025
edited
Loading

Hi @TylerLeonhardt,
Nice work!

I am contacting you to share some feedback if you don't mind.

  1. When trying to reach my own MCP server with Google OAuth, VS Code is inserting an unexpected value into my callback request state, making it fail.
# request using VS Code native MCP oauth support
GET /google/callback?state=vscode-insiders%3A%2F%2Fdynamicauthprovider%2F ...
400 Bad Request

# request using mcp-remote
GET /google/callback?state=<randomstring>..
302 Found
  1. When trying to connect to Atlassian or Linear MCP servers, VS Code is hanging while waiting for authorization after signing in.
    Waiting for server to respond to \initialize` request...`

Any idea what could be the issue? Thanks

@TylerLeonhardt
Copy link
Member Author
TylerLeonhardt commented May 23, 2025
edited
Loading

@lkchao-majority can you open these as two new issues and we'll work through them? Please provide the platform you're on and what you're MCP config looks like in VS Code.

  1. we use the state to redirect back to VS Code... since a lot of identity providers don't like the vscode://... I wanna know more about how you've setup OAuth for your server. Are you using a protected resource flow that delegates to Google or have you implemented an OAuth authorization server that will do a nested OAuth flow for Google?
  2. I have tested both these MCP servers... Atlassian currently has a bad schema in one of their tools and we have a bug that doesn't let you disable that tool. That should be fixed soon. Linear did work for me. I did add some logging that'll be out Monday so hopefully we can look closer.

jeanp413
jeanp413 reviewed May 26, 2025
View reviewed changes
src/vs/workbench/api/common/extHostAuthentication.ts
Comment on lines +114 to +116
if (isDisposable(provider)) {
provider.dispose();
}
Copy link
Contributor
@jeanp413 jeanp413 May 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TylerLeonhardt this is causing a Maximum call stack size exceeded error in the extension host, from the github authentication extension when running vscode in the browser, the extension should be responsible of disposing any of its resources rather than vscode doing it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, I've removed that in #249845

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeanp413 jeanp413 jeanp413 left review comments

@connor4312 connor4312 connor4312 approved these changes

Assignees

@TylerLeonhardt TylerLeonhardt

Labels
None yet
Projects
None yet
Milestone
May 2025
Development

Successfully merging this pull request may close these issues.

Support MCP Server Authorization
4 participants
@TylerLeonhardt @lkchao-majority @connor4312 @jeanp413
0