IBM
diff --git a/‎mcpgateway/admin.py‎
Lines changed: 22 additions & 0 deletions b/‎mcpgateway/admin.py‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎mcpgateway/admin_ui/servers.js‎
Lines changed: 11 additions & 0 deletions b/‎mcpgateway/admin_ui/servers.js‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎mcpgateway/main.py‎
Lines changed: 10 additions & 0 deletions b/‎mcpgateway/main.py‎
Lines changed: 10 additions & 0 deletions
@@ -2950,13 +2950,20 @@ async def admin_add_server(request: Request, db: Session = Depends(get_db), user
             scopes_str = str(form.get("oauth_scopes", "")).strip()
             token_endpoint = str(form.get("oauth_token_endpoint", "")).strip()
 
+            client_id = str(form.get("oauth_client_id", "")).strip()
+            client_secret = str(form.get("oauth_client_secret", "")).strip()
+
             if authorization_server:
                 oauth_config = {"authorization_servers": [authorization_server]}
                 if scopes_str:
                     # Convert space-separated scopes to list
                     oauth_config["scopes_supported"] = scopes_str.split()
                 if token_endpoint:
                     oauth_config["token_endpoint"] = token_endpoint
+                if client_id:
+                    oauth_config["client_id"] = client_id
+                if client_secret:
+                    oauth_config["client_secret"] = client_secret
             else:
                 # Invalid or incomplete OAuth configuration; disable OAuth to avoid inconsistent state
                 LOGGER.warning(
@@ -3111,13 +3118,28 @@ async def admin_edit_server(
             scopes_str = str(form.get("oauth_scopes", "")).strip()
             token_endpoint = str(form.get("oauth_token_endpoint", "")).strip()
 
+            client_id = str(form.get("oauth_client_id", "")).strip()
+            client_secret = str(form.get("oauth_client_secret", "")).strip()
+
             if authorization_server:
                 oauth_config = {"authorization_servers": [authorization_server]}
                 if scopes_str:
                     # Convert space-separated scopes to list
                     oauth_config["scopes_supported"] = scopes_str.split()
                 if token_endpoint:
                     oauth_config["token_endpoint"] = token_endpoint
+                if client_id:
+                    oauth_config["client_id"] = client_id
+                if client_secret:
+                    oauth_config["client_secret"] = client_secret
+                elif client_id:
+                    # client_id present but secret left blank in edit form — preserve existing secret
+                    try:
+                        existing_server = await server_service.get_server(db, server_id)
+                        if existing_server.oauth_config and existing_server.oauth_config.get("client_secret"):
+                            oauth_config["client_secret"] = existing_server.oauth_config["client_secret"]
+                    except Exception:
+                        pass
             else:
                 # Invalid or incomplete OAuth configuration; disable OAuth to avoid inconsistent state
                 LOGGER.warning(
 
@@ -857,6 +857,17 @@ export const editServer = async function (serverId) {
       if (oauthTokenEndpointField) {
         oauthTokenEndpointField.value = server.oauthConfig.token_endpoint || "";
       }
+
+      // Extract client_id for DCR bypass (pre-registered client)
+      const oauthClientIdField = safeGetElement("edit-server-oauth-client-id");
+      if (oauthClientIdField) {
+        oauthClientIdField.value = server.oauthConfig.client_id || "";
+      }
+      // Clear client_secret field (password field — never pre-filled with actual secret)
+      const oauthClientSecretField = safeGetElement("edit-server-oauth-client-secret");
+      if (oauthClientSecretField) {
+        oauthClientSecretField.value = "";
+      }
     } else {
       // Clear OAuth config fields when no config exists
       if (oauthAuthServerField) oauthAuthServerField.value = "";
 
@@ -11149,6 +11149,16 @@ async def cleanup_import_statuses(max_age_hours: int = 24, user=Depends(get_curr
 except ImportError:
     logger.debug("OAuth router not available")
 
+# Include MCP OAuth proxy router (virtual server OAuth for MCP clients)
+try:
+    # First-Party
+    from mcpgateway.routers.mcp_oauth import mcp_oauth_router
+
+    app.include_router(mcp_oauth_router)
+    logger.info("MCP OAuth proxy router included")
+except ImportError:
+    logger.debug("MCP OAuth proxy router not available")
+
 # Include reverse proxy router if enabled
 if settings.mcpgateway_reverse_proxy_enabled:
     try: