Allow Agent instance to supply custom OAuth provider.#298
Conversation
🦋 Changeset detectedLatest commit: 6af2a3e The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Kindly bumping to request review or feedback on this PR. |
|
For context here, I'm working on making the underlying Instantiating such an implementation from within an |
|
I’ll have a look tomorrow, cheers
Sunil Pai
…On Thu, 29 May 2025 at 22:28, Jared Hanson ***@***.***> wrote:
*jaredhanson* left a comment (cloudflare/agents#298)
<#298 (comment)>
For context here, I'm working on making the underlying OAuthClientProvider
interface from @modelcontextprotocol/sdk more extensible, allowing it to
implement more secure forms of authentication that don't rely on shared
secrets. A PR is in progress here: modelcontextprotocol/typescript-sdk#531
<modelcontextprotocol/typescript-sdk#531>
Instantiating such an implementation from within an Agent is driving the
requirement for this PR.
—
Reply to this email directly, view it on GitHub
<#298 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAES6E4M52BZPGA22JU55D3A44CFAVCNFSM6AAAAAB5UIAEQSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSMRQGAYDSMRXGI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
…uth-client-provider
|
sorry for the delay, I'll have a look at this. We need to update the sdk version first, I'll do that. |
Resolve conflicts: - Take main's >= in schedule query - Apply createOAuthProvider() to main's refactored addMcpServer - Keep both createOAuthProvider and main's new OAuth callback methods Co-authored-by: Cursor <cursoragent@cursor.com>
Tighten lint-staged pattern to target explicit source file extensions (js, mjs, cjs, jsx, ts, mts, cts, tsx, vue, astro, svelte, css) so oxfmt only runs on relevant files. package-lock.json was regenerated to reflect dependency changes after installing/updating packages.
|
Coming back to this after very long, sorry for the delay. Yeah we should add this, I'm working on it now, I'll take this PR over. |
Introduce Agent.createOAuthProvider(callbackUrl) so subclasses can supply a custom OAuth provider (e.g. pre-registered clients, mTLS, or other auth strategies) instead of the default DurableObjectOAuthClientProvider. Update docs with usage details and the AgentsOAuthProvider contract. Add TestCustomOAuthAgent, expose it in test exports, update worker/wrangler test config, and add unit tests verifying default and overridden provider behavior. Bump changeset for "agents" to minor.
|
Added docs and tests and rewrote the changeset, landing this once CI passes. |
commit: |
2 participants
I am implementing agents that use alternative ways to register and authenticate with OAuth authorization servers. These mechanisms are based on early draft OAuth specifications, and will hopefully see more widespread adoption as MCP's use of OAuth matures beyond dynamic client registration (which has many downsides).
To facilitate this, supplying a different
AgentsOAuthProvideris necessary. This pull request proposes acreateOAuthProviderfunction on theAgentclass, which by default returns the currentDurableObjectOAuthClientProviderinstance. This function can be overridden byAgentsubclasses that need to use an alternative implementation.An example of a agent that has a custom OAuth provider is as follows:
Let me know if I can supply any additional details. Any and all feedback is welcome! Thanks!