Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✅ Deploy Preview for express-mcp-server canceled.
|
✅ Deploy Preview for mcp-example-oauth canceled.
|
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
brave-search-mcp-server | 3ee68fa | Feb 13 2026, 05:29 PM |
There was a problem hiding this comment.
Pull request overview
This PR introduces a "Hooks Folder" containing authentication hooks for AI agents (Cursor and Claude Code) to acquire scoped OAuth tokens from Descope before executing MCP tool calls. The implementation provides four authentication strategies (client credentials + token exchange, user token exchange, connections API, and CIBA), along with shell scripts for hook execution, installation scripts, comprehensive documentation, and a TypeScript library.
Changes:
- Added authentication hook implementations for Cursor and Claude Code platforms
- Implemented four OAuth authentication strategies with token caching
- Created installation scripts and comprehensive documentation
- Added test agent for validation and a TypeScript library for programmatic usage
Reviewed changes
Copilot reviewed 18 out of 19 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| hooks/typescript/tsconfig.json | TypeScript compiler configuration for the hooks library |
| hooks/typescript/src/package.json | Package metadata and build configuration for the TypeScript library |
| hooks/typescript/src/descope-auth-hooks.ts | Core TypeScript implementation of all four authentication strategies |
| hooks/test-agent/test-agent.mjs | Test suite for validating hook functionality across platforms |
| hooks/test-agent/README.md | Documentation for the test agent |
| hooks/install.sh | Installation script for Cursor hooks |
| hooks/install-claude-code.sh | Installation script for Claude Code hooks |
| hooks/docs/strategies.md | Detailed documentation of authentication strategies and API endpoints |
| hooks/docs/security.md | Security considerations for token handling and strategy selection |
| hooks/cursor/hooks.json | Cursor hook registration configuration |
| hooks/cursor/descope-auth.sh | Cursor authentication hook implementation with embedded example configs |
| hooks/claude-code/settings.json | Claude Code hook and MCP server configuration |
| hooks/claude-code/descope-mcp-wrapper.sh | MCP server wrapper for token injection in Claude Code |
| hooks/claude-code/descope-auth.config.example.json | Example configuration for Claude Code authentication |
| hooks/claude-code/descope-auth-cc.sh | Claude Code authentication hook implementation |
| hooks/README.md | Main documentation covering all features, platforms, and usage patterns |
| hooks/.gitignore | Git ignore rules for secrets and runtime artifacts |
| LICENSE | Copyright year updated to 2026 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const token = | ||
| (json as any).token ?? | ||
| (json as any).accessToken ?? | ||
| (json as any).access_token; |
There was a problem hiding this comment.
Use type guards or proper type casting instead of repeated 'as any' assertions. Consider defining an interface for the API response or using a single type assertion at the function level.
hooks/cursor/descope-auth.sh
Outdated
There was a problem hiding this comment.
Embedded JSON configuration in a bash script at lines 385-489 will cause syntax errors. These appear to be misplaced file contents that should be in separate files (descope-auth.config.example.json and settings.json).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 participant
Related Issues
Fixes <link_to_github_issue>
Related PRs
Description
Added the following Agentic Hooks:
Pre tool use - exchanging client_credentials for an access token and then using OAuth token exchange for an MCP server access token with specific scopes
This will use Resource Client Grants (today they aren't policies but rather "Resource Client Grants")
Pre tool use - exchanging a user access_token with OAuth token exchange for an MCP server access token with specific scopes
This will use Policies (related to the user)
Pre tool use - exchanging a user access_token with Connections API, for a connections token
Pre tool use - using a user access_token or a login_hint to retrieve an MCP server access token using CIBA
Must