mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-06 03:00:16 -04:00
3fa4bb4c12
* feat(auth): add OAuth 2.1 provider for MCP connector support * fix(auth): rename redirect_u_r_ls column to redirect_urls * chore(db): regenerate oauth migration with correct column naming * fix(auth): reorder CORS headers and handle missing redirectURI * fix(auth): redirect to login without stale callbackUrl on account switch * chore: run lint * fix(auth): override credentials header on OAuth CORS entries * fix(auth): preserve OAuth flow when switching accounts on consent page * fix(auth): add session and user-id checks to authorize-params endpoint * fix(auth): add expiry check, credentials, MCP CORS, and scope in WWW-Authenticate * feat(mcp): add tool annotations for Connectors Directory compliance
62 lines
1.8 KiB
TypeScript
62 lines
1.8 KiB
TypeScript
import { type NextRequest, NextResponse } from 'next/server'
|
|
|
|
function getOrigin(request: NextRequest): string {
|
|
return request.nextUrl.origin
|
|
}
|
|
|
|
export function createMcpAuthorizationServerMetadataResponse(request: NextRequest): NextResponse {
|
|
const origin = getOrigin(request)
|
|
const resource = `${origin}/api/mcp/copilot`
|
|
|
|
return NextResponse.json(
|
|
{
|
|
issuer: origin,
|
|
authorization_endpoint: `${origin}/api/auth/oauth2/authorize`,
|
|
token_endpoint: `${origin}/api/auth/oauth2/token`,
|
|
registration_endpoint: `${origin}/api/auth/oauth2/register`,
|
|
jwks_uri: `${origin}/api/auth/jwks`,
|
|
token_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post', 'none'],
|
|
grant_types_supported: ['authorization_code', 'refresh_token'],
|
|
response_types_supported: ['code'],
|
|
code_challenge_methods_supported: ['S256'],
|
|
scopes_supported: ['openid', 'profile', 'email', 'offline_access', 'mcp:tools'],
|
|
resource,
|
|
x_sim_auth: {
|
|
type: 'api_key',
|
|
header: 'x-api-key',
|
|
},
|
|
},
|
|
{
|
|
headers: {
|
|
'Cache-Control': 'no-store',
|
|
},
|
|
}
|
|
)
|
|
}
|
|
|
|
export function createMcpProtectedResourceMetadataResponse(request: NextRequest): NextResponse {
|
|
const origin = getOrigin(request)
|
|
const resource = `${origin}/api/mcp/copilot`
|
|
const authorizationServerIssuer = origin
|
|
|
|
return NextResponse.json(
|
|
{
|
|
resource,
|
|
// RFC 9728 expects issuer identifiers here, not metadata URLs.
|
|
authorization_servers: [authorizationServerIssuer],
|
|
bearer_methods_supported: ['header'],
|
|
scopes_supported: ['mcp:tools'],
|
|
// Non-standard extension for API-key-only clients.
|
|
x_sim_auth: {
|
|
type: 'api_key',
|
|
header: 'x-api-key',
|
|
},
|
|
},
|
|
{
|
|
headers: {
|
|
'Cache-Control': 'no-store',
|
|
},
|
|
}
|
|
)
|
|
}
|