resolve comments

2026-02-04 20:25:05 -05:00 · 2026-02-04 11:42:34 -05:00
parent d543381f38
commit ca082d1566
5 changed files with 14 additions and 17 deletions
--- a/internal/server/api.go
+++ b/internal/server/api.go
@@ -233,12 +233,11 @@ func toolInvokeHandler(s *Server, w http.ResponseWriter, r *http.Request) {

 	params, err := parameters.ParseParams(tool.GetParameters(), data, claimsFromAuth)
 	if err != nil {
-		// If auth error, return 401
-		errMsg := fmt.Sprintf("error parsing authenticated parameters from ID token: %w", err)
+		// If auth error, return 401 or 403
 		var clientServerErr *util.ClientServerError
-		if errors.As(err, &clientServerErr) && clientServerErr.Code == http.StatusUnauthorized {
-			s.logger.DebugContext(ctx, errMsg)
-			_ = render.Render(w, r, newErrResponse(err, http.StatusUnauthorized))
+		if errors.As(err, &clientServerErr) && (clientServerErr.Code == http.StatusUnauthorized || clientServerErr.Code == http.StatusForbidden) {
+			s.logger.DebugContext(ctx, fmt.Sprintf("error parsing authenticated parameters from ID token: %s", err))
+			_ = render.Render(w, r, newErrResponse(err, clientServerErr.Code))
 			return
 		}
 		err = fmt.Errorf("provided parameters were invalid: %w", err)
--- a/internal/server/mcp.go
+++ b/internal/server/mcp.go
@@ -448,12 +448,7 @@ func httpHandler(s *Server, w http.ResponseWriter, r *http.Request) {
 		case jsonrpc.INVALID_REQUEST:
 			var clientServerErr *util.ClientServerError
 			if errors.As(err, &clientServerErr) {
-				switch clientServerErr.Code {
-				case http.StatusUnauthorized:
-					w.WriteHeader(http.StatusUnauthorized)
-				case http.StatusForbidden:
-					w.WriteHeader(http.StatusForbidden)
-				}
+				w.WriteHeader(clientServerErr.Code)
 			}
 		}
 	}
--- a/internal/server/mcp/v20241105/method.go
+++ b/internal/server/mcp/v20241105/method.go
@@ -123,8 +123,9 @@ func toolsCallHandler(ctx context.Context, id jsonrpc.RequestId, resourceMgr *re
 	}
 	if clientAuth {
 		if accessToken == "" {
-			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, "missing access token in the 'Authorization' header", nil), util.NewClientServerError(
-				"missing access token in the 'Authorization' header",
+			errMsg := "missing access token in the 'Authorization' header"
+			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, errMsg, nil), util.NewClientServerError(
+				errMsg,
 				http.StatusUnauthorized,
 				nil,
 			)
--- a/internal/server/mcp/v20250326/method.go
+++ b/internal/server/mcp/v20250326/method.go
@@ -123,8 +123,9 @@ func toolsCallHandler(ctx context.Context, id jsonrpc.RequestId, resourceMgr *re
 	}
 	if clientAuth {
 		if accessToken == "" {
-			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, "missing access token in the 'Authorization' header", nil), util.NewClientServerError(
-				"missing access token in the 'Authorization' header",
+			errMsg := "missing access token in the 'Authorization' header"
+			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, errMsg, nil), util.NewClientServerError(
+				errMsg,
 				http.StatusUnauthorized,
 				nil,
 			)
--- a/internal/server/mcp/v20251125/method.go
+++ b/internal/server/mcp/v20251125/method.go
@@ -116,8 +116,9 @@ func toolsCallHandler(ctx context.Context, id jsonrpc.RequestId, resourceMgr *re
 	}
 	if clientAuth {
 		if accessToken == "" {
-			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, "missing access token in the 'Authorization' header", nil), util.NewClientServerError(
-				"missing access token in the 'Authorization' header",
+			errMsg := "missing access token in the 'Authorization' header"
+			return jsonrpc.NewError(id, jsonrpc.INVALID_REQUEST, errMsg, nil), util.NewClientServerError(
+				errMsg,
 				http.StatusUnauthorized,
 				nil,
 			)