@@ -622,20 +622,46 @@ function validateAuthorizationServerMetadataIssuer(metadata: { issuer: string }
622622 }
623623}
624624
625+ function isLegacyFallbackDiscoveryState ( cachedState : OAuthDiscoveryState , serverUrl : string | URL ) : boolean {
626+ if ( cachedState . resourceMetadata ?. authorization_servers ?. length ) {
627+ return false ;
628+ }
629+
630+ try {
631+ const cachedIssuer = normalizeDiscoveredIssuerIdentifier ( cachedState . authorizationServerUrl , 'Cached authorization server URL' ) ;
632+ const legacyFallbackIssuer = normalizeDiscoveredIssuerIdentifier ( new URL ( '/' , serverUrl ) , 'MCP server URL' ) ;
633+ return cachedIssuer === legacyFallbackIssuer ;
634+ } catch {
635+ return false ;
636+ }
637+ }
638+
639+ function hasMalformedAuthorizationServerMetadataIssuer ( metadata : { issuer : string } | undefined ) : boolean {
640+ if ( ! metadata ) {
641+ return false ;
642+ }
643+
644+ try {
645+ normalizeDiscoveredIssuerIdentifier ( metadata . issuer , 'Authorization server metadata issuer' ) ;
646+ return false ;
647+ } catch {
648+ return true ;
649+ }
650+ }
651+
625652function isStaleLegacyFallbackDiscoveryState (
626653 cachedState : OAuthDiscoveryState ,
627654 metadata : { issuer : string } | undefined ,
628655 serverUrl : string | URL
629656) : boolean {
630- if ( ! metadata || cachedState . resourceMetadata ?. authorization_servers ?. length ) {
657+ if ( ! metadata || ! isLegacyFallbackDiscoveryState ( cachedState , serverUrl ) ) {
631658 return false ;
632659 }
633660
634661 try {
635662 const cachedIssuer = normalizeDiscoveredIssuerIdentifier ( cachedState . authorizationServerUrl , 'Cached authorization server URL' ) ;
636- const legacyFallbackIssuer = normalizeDiscoveredIssuerIdentifier ( new URL ( '/' , serverUrl ) , 'MCP server URL' ) ;
637663 const metadataIssuer = normalizeDiscoveredIssuerIdentifier ( metadata . issuer , 'Authorization server metadata issuer' ) ;
638- return cachedIssuer === legacyFallbackIssuer && metadataIssuer !== cachedIssuer ;
664+ return metadataIssuer !== cachedIssuer ;
639665 } catch {
640666 return false ;
641667 }
@@ -766,12 +792,16 @@ async function authInternal(
766792 try {
767793 validateAuthorizationServerMetadataIssuer ( metadata , authorizationServerUrl ) ;
768794 } catch ( error ) {
769- if ( ! isStaleLegacyFallbackDiscoveryState ( cachedState , metadata , serverUrl ) ) {
770- throw error ;
771- }
795+ const canUseMalformedLegacyFallbackState =
796+ isLegacyFallbackDiscoveryState ( cachedState , serverUrl ) && hasMalformedAuthorizationServerMetadataIssuer ( metadata ) ;
797+ if ( ! canUseMalformedLegacyFallbackState ) {
798+ if ( ! isStaleLegacyFallbackDiscoveryState ( cachedState , metadata , serverUrl ) ) {
799+ throw error ;
800+ }
772801
773- await provider . invalidateCredentials ?.( 'discovery' ) ;
774- useCachedDiscoveryState = false ;
802+ await provider . invalidateCredentials ?.( 'discovery' ) ;
803+ useCachedDiscoveryState = false ;
804+ }
775805 }
776806 }
777807
0 commit comments