Skip to content

How to use the OAuthClientProvider in a stateless environment? #1352

New issue
New issue
Open
Open
How to use the OAuthClientProvider in a stateless environment?#1352
Labels
questionFurther information is requested
@keurcien

Description

@keurcien
keurcien
opened on Sep 8, 2025

Question

I don't know what's the best way to achieve that, but here's my question:

I have a chat interface. When the user sends a message to the backend, the backend instantiates an agent with tools provided by an OAuth MCP server (e.g Notion or Linear). If no credentials are found or credentials are not valid, this should trigger the OAuth flow (popup or new tab in the user's browser). Upon consent, backend callback endpoint will process the authorization code for exchange.

Problem:
Callback handler can likely be called from another instance of OAuthClientProvider (Cloud Run instances), with a different state, leading to a state mismatch or token exchange failure.

Is the design wrong? Should I extend the OAuthClientProvider class to store more info? What would be a secure way to do this?

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions