@Summary Handle MCP server OAuth2 callback @x-apidocgen {"skip": true} EXPERIMENTAL: this endpoint is experimental and is subject to change. Exchanges the authorization code for tokens and stores them. nolint:revive // HTTP handler writes to ResponseWriter.
(rw http.ResponseWriter, r *http.Request)
| 965 | // |
| 966 | //nolint:revive // HTTP handler writes to ResponseWriter. |
| 967 | func (api *API) mcpServerOAuth2Callback(rw http.ResponseWriter, r *http.Request) { |
| 968 | ctx := r.Context() |
| 969 | apiKey := httpmw.APIKey(r) |
| 970 | |
| 971 | mcpServerID, ok := parseMCPServerConfigID(rw, r) |
| 972 | if !ok { |
| 973 | return |
| 974 | } |
| 975 | |
| 976 | //nolint:gocritic // Any authenticated user can complete OAuth2 for an enabled MCP server. |
| 977 | config, err := api.Database.GetMCPServerConfigByID(dbauthz.AsSystemRestricted(ctx), mcpServerID) |
| 978 | if err != nil { |
| 979 | if httpapi.Is404Error(err) { |
| 980 | httpapi.ResourceNotFound(rw) |
| 981 | return |
| 982 | } |
| 983 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 984 | Message: "Failed to get MCP server config.", |
| 985 | Detail: err.Error(), |
| 986 | }) |
| 987 | return |
| 988 | } |
| 989 | |
| 990 | if !config.Enabled { |
| 991 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 992 | Message: "MCP server is not enabled.", |
| 993 | }) |
| 994 | return |
| 995 | } |
| 996 | |
| 997 | if config.AuthType != "oauth2" { |
| 998 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 999 | Message: "MCP server does not use OAuth2 authentication.", |
| 1000 | }) |
| 1001 | return |
| 1002 | } |
| 1003 | |
| 1004 | // Check if the OAuth2 provider returned an error (e.g., user |
| 1005 | // denied consent). |
| 1006 | if oauthError := r.URL.Query().Get("error"); oauthError != "" { |
| 1007 | desc := r.URL.Query().Get("error_description") |
| 1008 | if desc == "" { |
| 1009 | desc = oauthError |
| 1010 | } |
| 1011 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 1012 | Message: "OAuth2 provider returned an error.", |
| 1013 | Detail: desc, |
| 1014 | }) |
| 1015 | return |
| 1016 | } |
| 1017 | |
| 1018 | code := r.URL.Query().Get("code") |
| 1019 | if code == "" { |
| 1020 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 1021 | Message: "Missing authorization code.", |
| 1022 | }) |
| 1023 | return |
| 1024 | } |
nothing calls this directly
no test coverage detected