Conversation
…on tests The MCP SDK types use discriminated unions (e.g., text | image content). TypeScript requires type narrowing before accessing type-specific properties. This fixes typecheck failures introduced by SDK type changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add OIDC discovery to fetch endpoints from /.well-known/openid-configuration with 5-minute caching and fallback to default /oauth/* paths - Include redirect_uri in authorization request (required for OIDC 1.0) - Pass redirect_uri to token exchange (must match authorization request) - Skip /oauth/callback in auth prehandler - Add excludedPaths option for custom routes to bypass authorization (e.g., health checks) This enables compatibility with OAuth providers like Ory Hydra that use non-standard endpoint paths (e.g., /oauth2/auth instead of /oauth/authorize). Closes platformatic#95 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…on tests The MCP SDK types use discriminated unions (e.g., text | image content). TypeScript requires type narrowing before accessing type-specific properties. This fixes typecheck failures introduced by SDK type changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…pport - Add mcpSetResourceSubscribeHandler and mcpSetResourceUnsubscribeHandler decorators for custom subscription management - Implement resources/subscribe and resources/unsubscribe JSON-RPC methods - Add query parameter URI fallback: when exact match fails and URI has query params, try base URI for resources with uriSchema - Return METHOD_NOT_FOUND when handlers not configured (clear signal) This enables MCP clients to subscribe/unsubscribe to resource changes while keeping subscription storage application-managed. Closes platformatic#96 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fork version 1.2.2-getlarge.1 with: - OIDC discovery and redirect_uri support - Resource subscription handlers - Query parameter URI matching Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit adds several OAuth/DCR improvements: Patch 3.1: Skip /oauth/register in auth prehandler - DCR endpoint must be accessible before client has credentials - Fixes chicken-and-egg problem with dynamic registration Patch 3.2: Add introspectionAuth configuration - Supports bearer (API key), basic (client credentials), or none - Required for Ory Hydra admin introspection endpoint - Backwards compatible - defaults to no auth header Patch 3.3: Pass DCR request body through to dynamicClientRegistration - Client metadata is now merged with defaults (client wins) - Allows clients to specify their own redirect_uris, client_name, etc. Patch 4: Add dcrHooks for DCR proxy pattern - upstreamEndpoint: Required, bypasses OIDC discovery to avoid loops - onRequest: Hook to transform/enrich DCR request - onResponse: Hook to clean/transform DCR response (e.g., remove empty fields) - Returns 501 when not configured (prevents infinite loop) Breaking change: /oauth/register now returns 501 unless dcrHooks is configured. This prevents infinite loops when OIDC discovery points back to the MCP server. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
getlarge
changed the title
Parameterized resources (URIs with RFC 6570 {param} syntax) are now
served via resources/templates/list instead of resources/list, per the
MCP spec. Template detection happens at query time using a simple regex.
The ResourceTemplate response shape maps uri to uriTemplate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clients can now explicitly terminate sessions via DELETE with the Mcp-Session-Id header, per the MCP transport spec. The handler force-closes active SSE streams, unsubscribes from the message broker, and deletes the session from the store. Returns 204 on success. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
11 new tests covering: - resources/templates/list shape, filtering, empty list, read, mixed split - DELETE /mcp: 204 success, 400 missing header, 404 not found, SSE stream closure, store cleanup, disabled SSE guard Also fixes auth-compatibility test to use a concrete URI so it stays in resources/list after the template filtering change. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…on-delete feat: add resources/templates/list and session DELETE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR combines all fork changes for publishing
@getlarge/fastify-mcpwith Ory Hydra compatibility.Changes
1. OIDC Discovery and redirect_uri support (upstream PR platformatic#97)
/.well-known/openid-configurationwith 5-min cacheredirect_urito authorization and token exchange requestsexcludedPathsconfiguration option/oauth/callbackin auth prehandler2. Resource subscriptions support (upstream PR platformatic#98)
mcpSetResourcesSubscribeHandlerandmcpSetResourcesUnsubscribeHandleruriSchema3. DCR hooks and introspection auth (upstream PR platformatic#100)
Skip
/oauth/registerin auth prehandlerDCR endpoint must be accessible before client has credentials.
Add
introspectionAuthconfigurationSupports bearer (API key), basic (client credentials), or none for token introspection.
Add
dcrHooksfor DCR proxy patternEnables MCP server to act as a DCR proxy with request/response transformation.
4. Package rename
@getlarge/fastify-mcpfor fork publishingBreaking Changes
/oauth/registerreturns 501 unlessdcrHooksis configured (prevents infinite loops)Tests
Upstream PRs
🤖 Generated with Claude Code