Skip to content

Add support for pre-configured OAuth client credentials#36

Merged
jancurn merged 9 commits intomainfrom
claude/add-oauth-client-credentials-wdnqt
Mar 7, 2026
Merged

Add support for pre-configured OAuth client credentials#36
jancurn merged 9 commits intomainfrom
claude/add-oauth-client-credentials-wdnqt

Conversation

@jancurn
Copy link
Member

@jancurn jancurn commented Mar 7, 2026

Summary

This PR adds support for servers that don't support dynamic OAuth client registration by allowing users to provide pre-configured client credentials (client ID and optional client secret) during authentication.

Key Changes

  • CLI Enhancement: Added --client-id and --client-secret options to the mcpc login command to accept pre-configured OAuth credentials
  • OAuth Flow Updates: Modified performOAuthFlow() to accept optional client credentials and skip dynamic client registration when credentials are provided
  • Keychain Management: When client credentials are provided, the flow now stores them in the keychain instead of deleting existing client info
  • Provider Configuration: Updated OAuthProvider to:
    • Accept clientCredentials in OAuthProviderOptions
    • Use client_secret_post authentication method when a client secret is provided (confidential client mode)
    • Skip dynamic registration and use pre-configured credentials directly
  • Validation: Added validation to ensure --client-secret is only used with --client-id

Implementation Details

  • When client credentials are provided, they bypass the dynamic client registration flow entirely
  • The authentication method automatically switches from none (public client) to client_secret_post (confidential client) when a client secret is present
  • Pre-configured credentials are stored in the keychain for future use, maintaining consistency with the existing token management system
  • The change is backward compatible - existing flows without credentials continue to work as before

https://claude.ai/code/session_01SQSYrXbVmLATkqq59zkSY8

claude and others added 9 commits March 7, 2026 09:20
@claude
feat: add --client-id and --client-secret options to login command
5ad195a 
For servers that don't support dynamic client registration, users can
now provide pre-configured OAuth client credentials via CLI flags:

  mcpc login mcp.example.com --client-id XXX --client-secret YYY

When provided, the credentials are stored in the keychain and used
directly for the OAuth flow, bypassing dynamic client registration.
The client metadata auth method is set to client_secret_post when a
secret is provided (confidential client), otherwise remains none
(public client).

https://claude.ai/code/session_01SQSYrXbVmLATkqq59zkSY8
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
ffe4064
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
2053afb
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
4202e24
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
fb2707a
@claude
style: fix prettier formatting
0c72222 
https://claude.ai/code/session_01SQSYrXbVmLATkqq59zkSY8
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
b5ec45c
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
21a7a20
@jancurn
Merge branch 'main' into claude/add-oauth-client-credentials-wdnqt
6dc707e
@jancurn jancurn merged commit 4b5a001 into main Mar 7, 2026
6 checks passed
@jancurn jancurn deleted the claude/add-oauth-client-credentials-wdnqt branch March 12, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jancurn @apify-service-account @claude