You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CLAUDE.md
+43-2Lines changed: 43 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -565,12 +565,51 @@ The `working_dir` field specifies the working directory for stdio MCP servers. U
565
565
- If directory doesn't exist, server startup fails with detailed error
566
566
- Compatible with Docker isolation (`isolation.working_dir` for container path)
567
567
568
+
### Zero-Config OAuth with Resource Auto-Detection (RFC 8707/9728)
569
+
570
+
MCPProxy automatically detects and injects the RFC 8707 `resource` parameter for OAuth providers like Runlayer. This enables zero-configuration OAuth for servers advertising Protected Resource Metadata (RFC 9728).
571
+
572
+
**How it works**:
573
+
1. MCPProxy sends a preflight HEAD request to the MCP server URL
574
+
2. If server returns 401 with `WWW-Authenticate` header containing `resource_metadata` URL, MCPProxy fetches the Protected Resource Metadata
575
+
3. The `resource` field from metadata is automatically injected into OAuth authorization URL and token requests
576
+
4. If metadata doesn't contain `resource`, MCPProxy falls back to using the server URL
2. Auto-detected resource from RFC 9728 Protected Resource Metadata
596
+
3. Fallback to server URL if metadata unavailable or lacks resource field
597
+
598
+
**Diagnostic Commands**:
599
+
```bash
600
+
# View auto-detected resource parameter
601
+
mcpproxy auth status --server=runlayer-slack
602
+
603
+
# Check for OAuth issues including resource detection
604
+
mcpproxy doctor
605
+
```
606
+
568
607
### OAuth Extra Parameters Configuration
569
608
570
-
MCPProxy supports arbitrary OAuth 2.0/2.1 extra parameters via the `extra_params`field in OAuth configuration. This enables integration with OAuth providers requiring non-standard parameters like RFC 8707 resource indicators.
0 commit comments