Generate authorization server urls during API resolution.#2070
Open
Generate authorization server urls during API resolution.#2070
Conversation
Then we can pass this into the OAuth implementation.
6 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request fixes the OAuth Authorization Server URL generation by moving it from the OAuth handler into the API host resolution logic. This addresses issue #2046 where the authorization server URLs were not being correctly generated for different GitHub host types (github.com, GHEC, and GHES).
Changes:
- Added
AuthorizationServerURLmethod to theAPIHostResolverinterface and its implementations inpkg/utils/api.go - Updated
NewAuthHandlerto acceptcontext.ContextandAPIHostResolverparameters, using the resolver to get the authorization server URL instead of using a hardcoded constant - Added comprehensive test coverage for the new authorization server URL resolution across different host types
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/utils/api.go | Added AuthorizationServerURL method to interface and implementation; generates appropriate OAuth URLs for dotcom, GHEC, and GHES hosts |
| pkg/http/oauth/oauth.go | Modified NewAuthHandler to accept APIHostResolver and use it to dynamically resolve authorization server URLs; removed hardcoded DefaultAuthorizationServer constant |
| pkg/http/server.go | Updated call to NewAuthHandler to pass context and API host resolver |
| pkg/http/oauth/oauth_test.go | Updated all test calls with new parameters; added comprehensive test suite for authorization server URL resolution across host types |
| pkg/scopes/fetcher_test.go | Updated mock APIHostResolver implementation to include new AuthorizationServerURL method |
If we do this at start time, we won't know which GHEC tenant we're on.
…b/github-mcp-server into oauth-authorization-server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Handle generation of the OAuth Authorization Server URL when we're parsing URLs for the underlying clients.
Why
As highlighted in #2046, we're not generating the OAuth Authorization Server URLs correctly.
This PR moves the generation into the
APIHostResolverimplementation and uses that in the OAuthHandler.What changed
MCP impact
Prompts tested (tool changes only)
Security / limits
Tool renaming
deprecated_tool_aliases.goNote: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.
Lint & tests
./script/lint./script/testDocs