Initial OAuth flow in TUI working

Author: IliaMManolov

src/config.py

@@ -108,12 +108,21 @@ def is_remote_server(self) -> bool:
         Remote servers use mcp-remote with HTTPS URLs and may require OAuth.
         Local servers run as child processes and don't need OAuth.
         """
-        return (
-            self.command == "npx"
-            and len(self.args) >= 3
-            and self.args[1] == "mcp-remote"
-            and self.args[2].startswith("https://")
-        )
+        if self.command != "npx":
+            return False
+
+        # Be tolerant of npx flags by scanning for 'mcp-remote' and the subsequent HTTPS URL
+        try:
+            if "mcp-remote" not in self.args:
+                return False
+            idx: int = self.args.index("mcp-remote")
+            # Look for first https?:// argument after 'mcp-remote'
+            for candidate in self.args[idx + 1 :]:
+                if candidate.startswith("https://") or candidate.startswith("http://"):
+                    return candidate.startswith("https://")
+            return False
+        except Exception:
+            return False
 
     def get_remote_url(self) -> str | None:
         """
@@ -122,9 +131,17 @@ def get_remote_url(self) -> str | None:
         Returns:
             The HTTPS URL if this is a remote server, None otherwise
         """
-        if self.is_remote_server():
-            return self.args[2]
-        return None
+        # Reuse the same tolerant parsing as is_remote_server
+        if self.command != "npx" or "mcp-remote" not in self.args:
+            return None
+        try:
+            idx: int = self.args.index("mcp-remote")
+            for candidate in self.args[idx + 1 :]:
+                if candidate.startswith("https://") or candidate.startswith("http://"):
+                    return candidate
+            return None
+        except Exception:
+            return None
 
 
 @dataclass

src/mcp_importer/api.py

@@ -190,7 +190,7 @@ async def _call_list(kind: str) -> Any:
     return asyncio.run(_verify_async())
 
 
-def server_needs_oauth(server: MCPServerConfig) -> bool:  # noqa
+def server_needs_oauth(server: MCPServerConfig) -> bool:
     """Return True if the remote server currently needs OAuth; False otherwise."""
 
     async def _needs_oauth_async() -> bool:
@@ -202,3 +202,112 @@ async def _needs_oauth_async() -> bool:
         return info.status == OAuthStatus.NEEDS_AUTH
 
     return asyncio.run(_needs_oauth_async())
+
+
+def authorize_server_oauth(server: MCPServerConfig) -> bool:
+    """Run an interactive OAuth flow for a remote MCP server and cache tokens.
+
+    Returns True if authorization succeeded (tokens cached and a ping succeeded),
+    False otherwise. Local servers return True immediately.
+    """
+
+    async def _authorize_async() -> bool:
+        if not server.is_remote_server():
+            return True
+
+        remote_url: str | None = server.get_remote_url()
+        if not remote_url:
+            log.error("OAuth requested for remote server '{}' but no URL found", server.name)
+            return False
+
+        oauth_manager = get_oauth_manager()
+
+        try:
+            # Import lazily to avoid import-time side effects
+            from fastmcp import Client as FastMCPClient  # type: ignore
+            from fastmcp.client.auth import OAuth  # type: ignore
+
+            # Debug info prior to starting OAuth
+            print(
+                "[OAuth] Starting authorization",
+                f"server={server.name}",
+                f"remote_url={remote_url}",
+                f"cache_dir={oauth_manager.cache_dir}",
+                f"scopes={server.oauth_scopes}",
+                f"client_name={server.oauth_client_name or 'Open Edison Setup'}",
+            )
+
+            oauth = OAuth(
+                mcp_url=remote_url,
+                scopes=server.oauth_scopes,
+                client_name=server.oauth_client_name or "Open Edison Setup",
+                token_storage_cache_dir=oauth_manager.cache_dir,
+                callback_port=50001,
+            )
+
+            # Establish a connection to trigger OAuth if needed
+            async with FastMCPClient(remote_url, auth=oauth) as client:  # type: ignore
+                log.info(
+                    "Starting OAuth flow for '{}' (a browser window may open; if not, follow the printed URL)",
+                    server.name,
+                )
+                await client.ping()
+
+            # Refresh cached status
+            info = await oauth_manager.check_oauth_requirement(server.name, remote_url)
+
+            # Post-authorization token inspection (no secrets printed)
+            try:
+                from fastmcp.client.auth.oauth import FileTokenStorage  # type: ignore
+
+                storage = FileTokenStorage(server_url=remote_url, cache_dir=oauth_manager.cache_dir)
+                tokens = await storage.get_tokens()
+                access_present = bool(getattr(tokens, "access_token", None)) if tokens else False
+                refresh_present = bool(getattr(tokens, "refresh_token", None)) if tokens else False
+                expires_at = getattr(tokens, "expires_at", None) if tokens else None
+                print(
+                    "[OAuth] Authorization result:",
+                    f"status={info.status.value}",
+                    f"has_refresh_token={info.has_refresh_token}",
+                    f"token_expires_at={info.token_expires_at or expires_at}",
+                    f"tokens_cached=access:{access_present}/refresh:{refresh_present}",
+                )
+            except Exception as _e:  # noqa: BLE001
+                print("[OAuth] Authorization completed, but token inspection failed:", _e)
+
+            log.info("OAuth completed and tokens cached for '{}'", server.name)
+            return True
+        except Exception as e:  # noqa: BLE001
+            log.error("OAuth authorization failed for '{}': {}", server.name, e)
+            print("[OAuth] Authorization failed:", e)
+            return False
+
+    return asyncio.run(_authorize_async())
+
+
+def has_oauth_tokens(server: MCPServerConfig) -> bool:
+    """Return True if cached OAuth tokens exist for the remote server.
+
+    Local servers return True (no OAuth needed).
+    """
+
+    async def _check_async() -> bool:
+        if not server.is_remote_server():
+            return True
+
+        remote_url: str | None = server.get_remote_url()
+        if not remote_url:
+            return False
+
+        try:
+            from fastmcp.client.auth.oauth import FileTokenStorage  # type: ignore
+
+            storage = FileTokenStorage(
+                server_url=remote_url, cache_dir=get_oauth_manager().cache_dir
+            )
+            tokens = await storage.get_tokens()
+            return bool(tokens and (tokens.access_token or tokens.refresh_token))
+        except Exception:
+            return False
+
+    return asyncio.run(_check_async())

src/setup_tui/main.py

@@ -5,9 +5,12 @@
 from src.config import MCPServerConfig
 from src.mcp_importer.api import (
     CLIENT,
+    authorize_server_oauth,
     detect_clients,
     export_edison_to,
+    has_oauth_tokens,
     import_from,
+    save_imported_servers,
     verify_mcp_server,
 )
 
@@ -31,7 +34,9 @@ def show_welcome_screen(*, dry_run: bool = False) -> None:
     questionary.confirm("Ready to begin the setup process?", default=True).ask()
 
 
-def handle_mcp_source(source: CLIENT, *, dry_run: bool = False) -> list[MCPServerConfig]:
+def handle_mcp_source(
+    source: CLIENT, *, dry_run: bool = False, skip_oauth: bool = False
+) -> list[MCPServerConfig]:
     """Handle the MCP source."""
     if not questionary.confirm(
         f"We have found {source.name} installed. Would you like to import its MCP servers to open-edison?",
@@ -49,6 +54,31 @@ def handle_mcp_source(source: CLIENT, *, dry_run: bool = False) -> list[MCPServe
         print(f"Verifying the configuration for {config.name}... (TODO)")
         result = verify_mcp_server(config)
         if result:
+            # If this is a remote server, check OAuth status and optionally authorize
+            if config.is_remote_server():
+                # Always check token presence; if absent, prompt for OAuth unless skipped
+                tokens_present: bool = has_oauth_tokens(config)
+                if not tokens_present:
+                    if skip_oauth:
+                        print(
+                            f"Skipping OAuth for {config.name} due to --skip-oauth (no tokens present). This server will not be imported."
+                        )
+                        continue
+
+                    if questionary.confirm(
+                        f"{config.name} is a remote server and no OAuth credentials were found. Obtain credentials now?",
+                        default=True,
+                    ).ask():
+                        success = authorize_server_oauth(config)
+                        if not success:
+                            print(
+                                f"Failed to obtain OAuth credentials for {config.name}. Skipping this server."
+                            )
+                            continue
+                    else:
+                        print(f"Skipping {config.name} per user choice.")
+                        continue
+
             verified_configs.append(config)
         else:
             print(
@@ -116,7 +146,7 @@ def show_manual_setup_screen() -> None:
     print(manual_setup_text)
 
 
-def run(*, dry_run: bool = False) -> None:
+def run(*, dry_run: bool = False, skip_oauth: bool = False) -> None:
     """Run the complete setup process."""
     show_welcome_screen(dry_run=dry_run)
     # Additional setup steps will be added here
@@ -127,7 +157,7 @@ def run(*, dry_run: bool = False) -> None:
     configs: list[MCPServerConfig] = []
 
     for source in mcp_sources:
-        configs.extend(handle_mcp_source(source, dry_run=dry_run))
+        configs.extend(handle_mcp_source(source, dry_run=dry_run, skip_oauth=skip_oauth))
 
     if len(configs) == 0:
         print(
@@ -141,15 +171,24 @@ def run(*, dry_run: bool = False) -> None:
     for client in mcp_clients:
         confirm_apply_configs(client, dry_run=dry_run)
 
+    # Persist imported servers into config.json
+    if len(configs) > 0:
+        save_imported_servers(configs, dry_run=dry_run)
+
     show_manual_setup_screen()
 
 
 def main(argv: list[str] | None = None) -> int:
     parser = argparse.ArgumentParser(description="Open Edison Setup TUI")
     parser.add_argument("--dry-run", action="store_true", help="Preview actions without writing")
+    parser.add_argument(
+        "--skip-oauth",
+        action="store_true",
+        help="Skip OAuth for remote servers (they will be omitted from import)",
+    )
     args = parser.parse_args(argv)
 
-    run(dry_run=args.dry_run)
+    run(dry_run=args.dry_run, skip_oauth=args.skip_oauth)
     return 0