(t *testing.T)
| 547 | } |
| 548 | |
| 549 | func TestMCPServerConfigsOAuth2AutoDiscovery(t *testing.T) { |
| 550 | t.Parallel() |
| 551 | |
| 552 | t.Run("Success", func(t *testing.T) { |
| 553 | t.Parallel() |
| 554 | |
| 555 | ctx := testutil.Context(t, testutil.WaitLong) |
| 556 | |
| 557 | // Stand up a mock auth server that serves RFC 8414 metadata and |
| 558 | // a RFC 7591 dynamic client registration endpoint. |
| 559 | authServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 560 | switch r.URL.Path { |
| 561 | case "/.well-known/oauth-authorization-server": |
| 562 | w.Header().Set("Content-Type", "application/json") |
| 563 | _, _ = w.Write([]byte(`{ |
| 564 | "issuer": "` + r.Host + `", |
| 565 | "authorization_endpoint": "` + "http://" + r.Host + `/authorize", |
| 566 | "token_endpoint": "` + "http://" + r.Host + `/token", |
| 567 | "registration_endpoint": "` + "http://" + r.Host + `/register", |
| 568 | "response_types_supported": ["code"], |
| 569 | "scopes_supported": ["read", "write"] |
| 570 | }`)) |
| 571 | case "/register": |
| 572 | if r.Method != http.MethodPost { |
| 573 | http.Error(w, "method not allowed", http.StatusMethodNotAllowed) |
| 574 | return |
| 575 | } |
| 576 | w.Header().Set("Content-Type", "application/json") |
| 577 | w.WriteHeader(http.StatusCreated) |
| 578 | _, _ = w.Write([]byte(`{ |
| 579 | "client_id": "auto-discovered-client-id", |
| 580 | "client_secret": "auto-discovered-client-secret" |
| 581 | }`)) |
| 582 | default: |
| 583 | http.NotFound(w, r) |
| 584 | } |
| 585 | })) |
| 586 | t.Cleanup(authServer.Close) |
| 587 | |
| 588 | // Stand up a mock MCP server that serves RFC 9728 Protected |
| 589 | // Resource Metadata at the path-aware well-known URL. |
| 590 | // The URL used for the config ends with /v1/mcp, so the |
| 591 | // path-aware metadata URL is |
| 592 | // /.well-known/oauth-protected-resource/v1/mcp. |
| 593 | mcpServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 594 | switch r.URL.Path { |
| 595 | case "/.well-known/oauth-protected-resource/v1/mcp": |
| 596 | w.Header().Set("Content-Type", "application/json") |
| 597 | _, _ = w.Write([]byte(`{ |
| 598 | "resource": "` + "http://" + r.Host + `", |
| 599 | "authorization_servers": ["` + authServer.URL + `"] |
| 600 | }`)) |
| 601 | default: |
| 602 | http.NotFound(w, r) |
| 603 | } |
| 604 | })) |
| 605 | t.Cleanup(mcpServer.Close) |
| 606 |
nothing calls this directly
no test coverage detected