fix(mcp): pass SSRF-guarded fetch into OAuth callback token exchange#5399
Conversation
Mirrors the same wiring already used by probe.ts and revoke.ts, so the callback's token-exchange request goes through the same guarded fetch as the rest of the OAuth flow.
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview A new Reviewed by Cursor Bugbot for commit e14076b. Configure here. |
…h() calls (#5419) PR #5399 fixed the callback route forgetting to pass fetchFn into the SDK's auth(), but every call site (start + callback routes) still imported the raw SDK auth() directly and had to remember to pass fetchFn: createSsrfGuardedMcpFetch() by hand — the same omission was possible again at any future call site. Add mcpAuthGuarded() in lib/mcp/oauth/auth.ts, a thin wrapper around the SDK's auth() that always defaults fetchFn to the SSRF-guarded fetch (still overridable for tests). Both routes now import mcpAuthGuarded from @/lib/mcp/oauth instead of the raw SDK auth, so omitting the guard is no longer possible by omission.
Summary
mcpAuth(...)) was calling the MCP SDK'sauth()without afetchFn, so it defaulted to the globalfetchfor the token-endpoint request.apps/sim/lib/mcp/oauth/probe.tsandapps/sim/lib/mcp/oauth/revoke.tsalready wirecreateSsrfGuardedMcpFetch()into their outbound requests — this route was just missing the same guard.fetchFn: createSsrfGuardedMcpFetch()alongside the existingserverUrl/authorizationCodeoptions, matching the established pattern exactly.Type of Change
Testing
apps/sim/app/api/mcp/oauth/callback/route.test.tscovering that the token exchange call passes the guarded fetch instance through tomcpAuth, alongside the existingserverUrl/authorizationCodeargs.bun vitest runon the new test file and the siblingstart/route.test.ts— both pass.bun run check:api-validation,bun run type-check, andbunx biome checkall pass.Checklist