chore: upgrade reqwest to 0.13.2 (#669)

DaleSeo · web-flow · commit 021a431bef21 · 2026-02-17T13:41:12.000-05:00
diff --git a/crates/rmcp/Cargo.toml b/crates/rmcp/Cargo.toml
@@ -26,7 +26,7 @@ tokio-util = { version = "0.7" }
 pin-project-lite = "0.2"
 pastey = { version = "0.2.0", optional = true }
 # oauth2 support
-oauth2 = { version = "5.0", optional = true, default-features = false, features = ["reqwest"] }
+oauth2 = { version = "5.0", optional = true, default-features = false }
 
 # for auto generate schema
 schemars = { version = "1.0", optional = true, features = ["chrono04"] }
@@ -35,7 +35,7 @@ schemars = { version = "1.0", optional = true, features = ["chrono04"] }
 base64 = { version = "0.22", optional = true }
 
 # for HTTP client
-reqwest = { version = "0.12", default-features = false, features = [
+reqwest = { version = "0.13.2", default-features = false, features = [
   "json",
   "stream",
 ], optional = true }
@@ -84,9 +84,9 @@ elicitation = ["dep:url"]
 # reqwest http client
 __reqwest = ["dep:reqwest"]
 
-reqwest = ["__reqwest", "reqwest?/rustls-tls"]
+reqwest = ["__reqwest", "reqwest?/rustls"]
 
-reqwest-tls-no-provider = ["__reqwest", "reqwest?/rustls-tls-no-provider"]
+reqwest-tls-no-provider = ["__reqwest", "reqwest?/rustls-no-provider"]
 
 reqwest-native-tls = ["__reqwest", "reqwest?/native-tls"]
 
diff --git a/crates/rmcp/src/transport/auth.rs b/crates/rmcp/src/transport/auth.rs
@@ -2,9 +2,10 @@ use std::{collections::HashMap, sync::Arc, time::Duration};
 
 use async_trait::async_trait;
 use oauth2::{
-    AuthType, AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, EmptyExtraTokenFields,
-    PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, RequestTokenError, Scope,
-    StandardTokenResponse, TokenResponse, TokenUrl,
+    AsyncHttpClient, AuthType, AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken,
+    EmptyExtraTokenFields, HttpClientError, HttpRequest, HttpResponse, PkceCodeChallenge,
+    PkceCodeVerifier, RedirectUrl, RefreshToken, RequestTokenError, Scope, StandardTokenResponse,
+    TokenResponse, TokenUrl,
     basic::{BasicClient, BasicTokenType},
 };
 use reqwest::{
@@ -18,6 +19,39 @@ use tracing::{debug, error, warn};
 
 use crate::transport::common::http_header::HEADER_MCP_PROTOCOL_VERSION;
 
+/// Owned wrapper around [`reqwest::Client`] that implements [`AsyncHttpClient`] for oauth2.
+struct OAuthReqwestClient(HttpClient);
+
+impl<'c> AsyncHttpClient<'c> for OAuthReqwestClient {
+    type Error = HttpClientError<reqwest::Error>;
+
+    type Future = std::pin::Pin<
+        Box<dyn std::future::Future<Output = Result<HttpResponse, Self::Error>> + Send + Sync + 'c>,
+    >;
+
+    fn call(&'c self, request: HttpRequest) -> Self::Future {
+        Box::pin(async move {
+            let response = self
+                .0
+                .execute(request.try_into().map_err(Box::new)?)
+                .await
+                .map_err(Box::new)?;
+
+            let mut builder = oauth2::http::Response::builder()
+                .status(response.status())
+                .version(response.version());
+
+            for (name, value) in response.headers().iter() {
+                builder = builder.header(name, value);
+            }
+
+            builder
+                .body(response.bytes().await.map_err(Box::new)?.to_vec())
+                .map_err(HttpClientError::Http)
+        })
+    }
+}
+
 const DEFAULT_EXCHANGE_URL: &str = "http://localhost";
 
 /// Stored credentials for OAuth2 authorization
@@ -872,7 +906,7 @@ impl AuthorizationManager {
             .exchange_code(AuthorizationCode::new(code.to_string()))
             .set_pkce_verifier(pkce_verifier)
             .add_extra_param("resource", self.base_url.to_string())
-            .request_async(&http_client)
+            .request_async(&OAuthReqwestClient(http_client))
             .await
         {
             Ok(token) => token,
@@ -961,7 +995,7 @@ impl AuthorizationManager {
 
         let token_result = oauth_client
             .exchange_refresh_token(&RefreshToken::new(refresh_token.secret().to_string()))
-            .request_async(&self.http_client)
+            .request_async(&OAuthReqwestClient(self.http_client.clone()))
             .await
             .map_err(|e| AuthError::TokenRefreshFailed(e.to_string()))?;
 
diff --git a/examples/clients/Cargo.toml b/examples/clients/Cargo.toml
@@ -26,7 +26,7 @@ anyhow = "1.0"
 url = "2.4"
 tower = "0.5"
 axum = "0.8"
-reqwest = "0.12"
+reqwest = "0.13.2"
 clap = { version = "4.0", features = ["derive"] }
 
 [[example]]
diff --git a/examples/servers/Cargo.toml b/examples/servers/Cargo.toml
@@ -35,7 +35,7 @@ futures = "0.3"
 rand = { version = "0.10", features = ["std"] }
 axum = { version = "0.8", features = ["macros"] }
 schemars = "1.0"
-reqwest = { version = "0.12", features = ["json"] }
+reqwest = { version = "0.13.2", features = ["json"] }
 chrono = "0.4"
 uuid = { version = "1.6", features = ["v4", "serde"] }
 serde_urlencoded = "0.7"
diff --git a/examples/simple-chat-client/Cargo.toml b/examples/simple-chat-client/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 tokio = { version = "1", features = ["full"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-reqwest = { version = "0.12", features = ["json"] }
+reqwest = { version = "0.13.2", features = ["json"] }
 anyhow = "1.0"
 thiserror = "2.0"
 async-trait = "0.1"
diff --git a/examples/transport/Cargo.toml b/examples/transport/Cargo.toml
@@ -41,7 +41,7 @@ schemars = { version = "1.0", optional = true }
 hyper = { version = "1", features = ["client", "server", "http1"] }
 hyper-util = { version = "0.1", features = ["tokio"] }
 tokio-tungstenite = "0.28.0"
-reqwest = { version = "0.12" }
+reqwest = { version = "0.13.2" }
 pin-project-lite = "0.2"
 
 [[example]]
