Skip to content

Commit 30e6a74

Browse files
authored
fix: correct managed OAuth credential name lookup for gateway MCP clients (#543)
* fix: correct managed OAuth credential name lookup for gateway MCP clients The managed OAuth credential is created with the suffix '-oauth' (e.g. 'my-gateway-oauth') but was being looked up with '-agent-oauth' in schema-mapper.ts and displayed with '-agent-oauth' in AddGatewayScreen. This mismatch caused the credential lookup to fail silently, resulting in an empty provider_name in the generated @requires_access_token decorator. The agent runtime then crashed with: ParamValidationError: Invalid length for parameter resourceCredentialProviderName, value: 0, valid min length: 1 * refactor: extract computeManagedOAuthCredentialName to shared utility Replace inline credential name construction with a shared function in credential-utils.ts. All three consumers (GatewayPrimitive, schema-mapper, AddGatewayScreen) now use the same function, preventing future naming drift. Add regression test for the shared function.
1 parent 73156a4 commit 30e6a74

5 files changed

Lines changed: 29 additions & 5 deletions

File tree

src/cli/operations/agent/generate/__tests__/schema-mapper.test.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import { computeManagedOAuthCredentialName } from '../../../../primitives/credential-utils.js';
12
import type { GenerateConfig } from '../../../../tui/screens/generate/types.js';
23
import {
34
mapGenerateConfigToAgent,
@@ -190,3 +191,13 @@ describe('mapGenerateConfigToRenderConfig', () => {
190191
expect(result.memoryProviders[0]!.strategies).toEqual(['SEMANTIC', 'USER_PREFERENCE', 'SUMMARIZATION']);
191192
});
192193
});
194+
195+
describe('gateway credential provider name mapping', () => {
196+
it('computeManagedOAuthCredentialName produces the correct suffix', () => {
197+
// Regression test: the managed credential name must use '-oauth' suffix.
198+
// GatewayPrimitive creates it, schema-mapper looks it up, AddGatewayScreen displays it.
199+
// All three now use computeManagedOAuthCredentialName to stay in sync.
200+
expect(computeManagedOAuthCredentialName('my-gateway')).toBe('my-gateway-oauth');
201+
expect(computeManagedOAuthCredentialName('test')).toBe('test-oauth');
202+
});
203+
});

src/cli/operations/agent/generate/schema-mapper.ts

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,10 @@ import type {
1111
} from '../../../../schema';
1212
import { DEFAULT_STRATEGY_NAMESPACES } from '../../../../schema';
1313
import { GatewayPrimitive } from '../../../primitives/GatewayPrimitive';
14-
import { computeDefaultCredentialEnvVarName } from '../../../primitives/credential-utils';
14+
import {
15+
computeDefaultCredentialEnvVarName,
16+
computeManagedOAuthCredentialName,
17+
} from '../../../primitives/credential-utils';
1518
import type {
1619
AgentRenderConfig,
1720
GatewayProviderRenderConfig,
@@ -199,7 +202,7 @@ async function mapGatewaysToGatewayProviders(): Promise<GatewayProviderRenderCon
199202

200203
if (gateway.authorizerType === 'CUSTOM_JWT' && gateway.authorizerConfiguration?.customJwtAuthorizer) {
201204
const jwtConfig = gateway.authorizerConfiguration.customJwtAuthorizer;
202-
const credName = `${gateway.name}-agent-oauth`;
205+
const credName = computeManagedOAuthCredentialName(gateway.name);
203206
const credential = project.credentials.find(c => c.name === credName);
204207

205208
if (credential) {

src/cli/primitives/GatewayPrimitive.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import type { RemovalPreview, RemovalResult, SchemaChange } from '../operations/
88
import type { AddGatewayConfig } from '../tui/screens/mcp/types';
99
import { BasePrimitive } from './BasePrimitive';
1010
import { SOURCE_CODE_NOTE } from './constants';
11-
import { computeDefaultCredentialEnvVarName } from './credential-utils';
11+
import { computeDefaultCredentialEnvVarName, computeManagedOAuthCredentialName } from './credential-utils';
1212
import type { AddResult, AddScreenComponent, RemovableResource } from './types';
1313
import type { Command } from '@commander-js/extra-typings';
1414

@@ -379,7 +379,7 @@ export class GatewayPrimitive extends BasePrimitive<AddGatewayOptions, Removable
379379
gatewayName: string,
380380
jwtConfig: NonNullable<AddGatewayConfig['jwtConfig']>
381381
): Promise<void> {
382-
const credentialName = `${gatewayName}-oauth`;
382+
const credentialName = computeManagedOAuthCredentialName(gatewayName);
383383
const project = await this.readProjectSpec();
384384

385385
// Skip if credential already exists

src/cli/primitives/credential-utils.ts

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,12 @@
66
export function computeDefaultCredentialEnvVarName(credentialName: string): string {
77
return `AGENTCORE_CREDENTIAL_${credentialName.replace(/-/g, '_').toUpperCase()}`;
88
}
9+
10+
/**
11+
* Compute the managed OAuth credential name for a gateway.
12+
* Used when creating the credential (GatewayPrimitive) and when
13+
* looking it up for code generation (schema-mapper).
14+
*/
15+
export function computeManagedOAuthCredentialName(gatewayName: string): string {
16+
return `${gatewayName}-oauth`;
17+
}

src/cli/tui/screens/mcp/AddGatewayScreen.tsx

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import type { GatewayAuthorizerType } from '../../../../schema';
22
import { GatewayNameSchema } from '../../../../schema';
3+
import { computeManagedOAuthCredentialName } from '../../../primitives/credential-utils';
34
import {
45
ConfirmReview,
56
Panel,
@@ -272,7 +273,7 @@ export function AddGatewayScreen({ onComplete, onExit, existingGateways, unassig
272273
? [{ label: 'Allowed Scopes', value: wizard.config.jwtConfig.allowedScopes.join(', ') }]
273274
: []),
274275
...(wizard.config.jwtConfig.agentClientId
275-
? [{ label: 'Agent Credential', value: `${wizard.config.name}-agent-oauth` }]
276+
? [{ label: 'Agent Credential', value: computeManagedOAuthCredentialName(wizard.config.name) }]
276277
: []),
277278
]
278279
: []),

0 commit comments

Comments
 (0)