Skip to content

Commit 9757ff1

Browse files
mickael-kerjeanmickael-kerjean
committed
fix (mcp): chatgpt issue on mcp
1 parent 6f2404d commit 9757ff1

File tree

1 file changed

+6
-19
lines changed

1 file changed

+6
-19
lines changed

server/plugin/plg_handler_mcp/handler_auth.go

Lines changed: 6 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,10 @@ const (
1717
DEFAULT_SECRET_EXPIRY = 30 * 24 * 3600
1818
)
1919

20-
var (
21-
KEY_FOR_CLIENT_SECRET string
22-
KEY_FOR_CODE string
23-
)
20+
var KEY_FOR_CODE string
2421

2522
func init() {
2623
Hooks.Register.Onload(func() {
27-
KEY_FOR_CLIENT_SECRET = Hash("MCP_SECRET_"+SECRET_KEY, len(SECRET_KEY))
2824
KEY_FOR_CODE = Hash("MCP_CODE_"+SECRET_KEY, len(SECRET_KEY))
2925
})
3026
}
@@ -97,12 +93,7 @@ func (this Server) TokenHandler(_ *App, w http.ResponseWriter, r *http.Request)
9793
http.Error(w, "Invalid Grant Type", http.StatusBadRequest)
9894
return
9995
}
100-
clientID := r.FormValue("client_id")
101-
if r.FormValue("client_secret") != clientSecret(clientID) {
102-
http.Error(w, "Invalid Client Credentials", http.StatusUnauthorized)
103-
return
104-
}
105-
token, err := DecryptString(Hash(KEY_FOR_CODE+clientID, len(SECRET_KEY)), r.FormValue("code"))
96+
token, err := DecryptString(KEY_FOR_CODE, r.FormValue("code"))
10697
if err != nil {
10798
http.Error(w, "Invalid authorization code", http.StatusBadRequest)
10899
return
@@ -125,8 +116,8 @@ func (this Server) RegisterHandler(ctx *App, w http.ResponseWriter, r *http.Requ
125116
"",
126117
)
127118
clientID := clientName + "." + Hash(clientName+time.Now().String(), 8)
128-
w.WriteHeader(http.StatusCreated)
129119
w.Header().Set("Content-Type", "application/json")
120+
w.WriteHeader(http.StatusCreated)
130121
json.NewEncoder(w).Encode(struct {
131122
ClientID string `json:"client_id"`
132123
ClientSecret string `json:"client_secret"`
@@ -138,20 +129,16 @@ func (this Server) RegisterHandler(ctx *App, w http.ResponseWriter, r *http.Requ
138129
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
139130
}{
140131
ClientID: clientID,
141-
ClientSecret: clientSecret(clientID),
132+
ClientSecret: Hash(clientID, 32), // unused. eg: chatgpt act as public client
142133
ClientIDIssuedAt: time.Now().Unix(),
143134
ClientSecretExpiresAt: time.Now().Unix() + DEFAULT_SECRET_EXPIRY,
144135
ClientName: clientName,
145136
RedirectURIs: []string{},
146137
GrantTypes: []string{"authorization_code"},
147-
TokenEndpointAuthMethod: "client_secret_basic",
138+
TokenEndpointAuthMethod: "none",
148139
})
149140
}
150141

151-
func clientSecret(clientID string) string {
152-
return Hash(clientID+KEY_FOR_CLIENT_SECRET, 32)
153-
}
154-
155142
func (this Server) CallbackHandler(ctx *App, res http.ResponseWriter, req *http.Request) {
156143
uri := req.URL.Query().Get("redirect_uri")
157144
state := req.URL.Query().Get("state")
@@ -160,7 +147,7 @@ func (this Server) CallbackHandler(ctx *App, res http.ResponseWriter, req *http.
160147
SendErrorResult(res, ErrNotValid)
161148
return
162149
}
163-
code, err := EncryptString(Hash(KEY_FOR_CODE+clientID, len(SECRET_KEY)), ctx.Authorization)
150+
code, err := EncryptString(KEY_FOR_CODE, ctx.Authorization)
164151
if err != nil {
165152
SendErrorResult(res, ErrNotValid)
166153
return

0 commit comments

Comments
 (0)