Entra Authentication for MCP doesn't work

[adameska]

Description

The request to my entra app to login and authorize is including resource when it shouldn't And i can't control what is in the resource and it's not matching verbatim what my app registration has as an Application ID URI (my MCP has resource: "http://localhost:3000" and my entra has http://localhost:3000 as the ID but opencode is passing resource of "http://localhost:3000/" which is causing getting a token to fail. My MCP is returning an authorization server of
"https://login.microsoftonline.com/tenat-guid/v2.0" which doesn't support dynamic client registration (so i set a client id and scopes, it didn't look like i could set resource even if i wanted to?)

We shouldn't need to set resource at all... the scope "http://localhost:3000/basic" should be all that's needed for entra auth to work.

Plugins

none

OpenCode version

1.1.51

Steps to reproduce

1. Add a MCP resource that uses entra auth
2. Try and authenticate with automatic oauth token generation instead of setting it yourself

Screenshot and/or share link

No response

Operating System

No response

Terminal

No response

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• [Bug]: Stored OAuth credentials silently override explicit provider config #10950: Stored OAuth credentials silently override explicit provider config - may be related to resource/auth override issues
• OAuth: client_credentials configuration results in authorization_code flow #7306: OAuth client_credentials configuration results in authorization_code flow - relates to OAuth flow configuration not respecting explicit settings
• Oath MCP always using root level even though my rul is .../xmcp/mcp #7135: OAuth MCP always using root level even though URL is .../xmcp/mcp - relates to incorrect path/resource handling in OAuth configuration
• MCP client doesn't follow specification for Authentication #1492: MCP client doesn't follow specification for Authentication - relates to MCP authentication flow issues
• [FEATURE]: Support MCP servers that require POST-based or non-standard SSE handshake #5371: Support MCP servers that require POST-based or non-standard SSE handshake - relates to alternative authentication/connection patterns

The core issue seems to be that OpenCode is passing a 'resource' parameter that doesn't match your Entra configuration. Issues #7306 and #7135 discuss similar problems with OAuth configuration overrides and path handling.

Feel free to ignore if none of these address your specific case.