Skip to content

Persist dynamically registered OAuth clients across sessions #3335

New issue
New issue
Open
Open
Persist dynamically registered OAuth clients across sessions#3335
Assignees
carlos-gn
Labels
authenticationcliChanges that impact CLI functionalityenhancementNew feature or requestproxy
@eleftherias

Description

@eleftherias
eleftherias
opened on Jan 19, 2026

Formalising this future enhancement into an issue

toolhive/docs/remote-mcp-authentication.md

Line 434 in 1f6ecc0

3. **Client Credential Caching**: Persist dynamically registered clients across sessions

Problem

When using Dynamic Client Registration (RFC 7591) for remote MCP servers, client credentials are not persisted across restarts. This causes:

  1. New OAuth client registered on every thv run execution
  2. Orphaned client registrations accumulate in OAuth providers
  3. Risk of rate limiting from excessive registration requests

Acceptance Criteria

  • DCR credentials (client_id, client_secret) persisted after registration
  • DCR metadata (client_secret_expires_at, registration_access_token) stored
  • Credentials reused across thv run restarts
  • Expired credentials trigger automatic re-registration
  • thv secret list shows persisted DCR secrets
  • thv secret rm can remove persisted credentials
  • Backward compatibility maintained for existing configs
  • Documentation updated

References

Metadata

Metadata

Assignees

Labels

authenticationcliChanges that impact CLI functionalityenhancementNew feature or requestproxy

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions