-
Notifications
You must be signed in to change notification settings - Fork 140
[Client] Inject Bearer token into HttpTransport requests + handle 401 re-auth #316
Copy link
Copy link
Open
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP1Significant bug affecting many users, highly requested featureSignificant bug affecting many users, highly requested featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Description
Metadata
Metadata
Assignees
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP1Significant bug affecting many users, highly requested featureSignificant bug affecting many users, highly requested featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Type
Fields
Give feedbackNo fields configured for issues without a type.
Context
Once an access token is acquired (via any OAuth grant), every outbound JSON-RPC request on
HttpTransportmust carryAuthorization: Bearer <token>. On a401 Unauthorizedmid-session, the transport must trigger a re-auth attempt and retry the failed request exactly once.Scope
src/Client/Transport/HttpTransport.php:TokenStorageInterfacekeyed by endpoint URL.Authorization: Bearer <token>header onsend()when a token is present.401, parseWWW-Authenticateheader, invoke auth coordinator, retry once.Mcp\Client\Auth\AuthCoordinatorto orchestrate discovery → registration → token acquisition. (Implementation details land in dependent issues.)Conformance scenarios unblocked
All
auth/*scenarios depend on this wiring.Dependencies
Blocked by: #315 (TokenStorageInterface).
Acceptance
AuthCoordinator.cc @soyuka