Skip to content

[codex] Add OAuth HTTP MCP support#272

Merged
Rabithua merged 2 commits into
developfrom
codex/oauth-mcp-auth
Jul 2, 2026
Merged

[codex] Add OAuth HTTP MCP support#272
Rabithua merged 2 commits into
developfrom
codex/oauth-mcp-auth

Conversation

@Rabithua

@Rabithua Rabithua commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Summary

Adds Rote-owned OAuth 2.1 authorization for Remote HTTP MCP without replacing the existing OpenKey API.

What Changed

  • Added OAuth MCP tables, migration, token hashing, authorization code consumption, refresh-token rotation, and revocation.
  • Added OAuth metadata, dynamic client registration, authorize/session/approve, token, and revoke endpoints.
  • Added stateless Streamable HTTP JSON-response MCP endpoint at /v2/api/mcp with Bearer token, audience/resource, origin, and scope checks.
  • Added MCP tools for notes, articles, reactions, profile, stats/data, settings, and attachments.
  • Added frontend /oauth/authorize page, login redirect preservation, safe route registration, and EN/ZH/JA i18n copy.
  • Split MCP/OAuth implementation by domain so project quality gates pass without large catch-all files.

Validation

  • cd server && bun run lint
  • cd server && bun run build
  • cd web && bun run lint
  • cd web && bun run build
  • cd web && bun run test
  • cd server && TEST_BASE_URL=http://127.0.0.1:3002 bun run tests/oauth-mcp.test.ts

Notes: backend lint passes with 5 no-console warnings in MCP note background task logging. Frontend build keeps existing Vite chunk-size/circular chunk warnings.

@Rabithua Rabithua marked this pull request as ready for review July 2, 2026 02:32
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@Rabithua Rabithua merged commit 8d4229c into develop Jul 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant