Skip to content

HttpClientStreamHttpTransport: add authorization error handler#861

Open
Kehrlann wants to merge 1 commit intomainfrom
dgarnier/http-client-error-handler
Open

HttpClientStreamHttpTransport: add authorization error handler#861
Kehrlann wants to merge 1 commit intomainfrom
dgarnier/http-client-error-handler

Conversation

@Kehrlann
Copy link
Contributor

@Kehrlann Kehrlann commented Mar 10, 2026
edited
Loading

Motivation and Context

In the context of authorization management, we need to handle authorization errors (HTTP 401 and 403) in the client transports. This PR introduces a hook to react to these specific errors. See gh-240.

The hook exposes a "retry" mechanism, so that handlers can decide the request must be replayed, for example, after performing a dynamic client registration, or after updating the scopes in the "step up" scenario. The retry mechanism is unbounded, retry limitation is the caller's responsibility.

This PR does not target the SSE transport as we don't intend to evolve it.

How Has This Been Tested?

Test with spring's mcp-security project.

Breaking Changes

n/a

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

@Kehrlann Kehrlann added area/client P1 Significant bug affecting many users, highly requested feature P2 Moderate issues affecting some users, edge cases, potentially valuable feature enhancement New feature or request and removed P2 Moderate issues affecting some users, edge cases, potentially valuable feature labels Mar 10, 2026
@Kehrlann Kehrlann added this to the 1.1.0 milestone Mar 10, 2026
@Kehrlann Kehrlann force-pushed the dgarnier/http-client-error-handler branch 2 times, most recently from 1ccce75 to f8c77f9 Compare March 10, 2026 16:21
@Kehrlann Kehrlann marked this pull request as ready for review March 10, 2026 16:21
@Kehrlann Kehrlann force-pushed the dgarnier/http-client-error-handler branch from f8c77f9 to e0c1225 Compare March 10, 2026 16:23
chemicL
chemicL requested changes Mar 10, 2026
View reviewed changes
Copy link
Member

@chemicL chemicL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the overall design. I have a couple of suggestions regarding method names and also the blocking avoidance in the sync implementation. Feel free to merge once these are addressed. Thanks!

@Kehrlann Kehrlann force-pushed the dgarnier/http-client-error-handler branch 3 times, most recently from 64106af to 4861c93 Compare March 11, 2026 15:13
@Kehrlann Kehrlann requested a review from chemicL March 11, 2026 15:15
@Kehrlann Kehrlann force-pushed the dgarnier/http-client-error-handler branch 3 times, most recently from 7e30b31 to 9e3a897 Compare March 11, 2026 15:36
@Kehrlann
HttpClientStreamHttpTransport: add authorization error handler
fa1861e 
- Closes #240

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
@Kehrlann Kehrlann force-pushed the dgarnier/http-client-error-handler branch from 9e3a897 to fa1861e Compare March 11, 2026 16:03
chemicL
chemicL requested changes Mar 12, 2026
View reviewed changes
Copy link
Member

@chemicL chemicL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the changes, thanks. One type change request and one test request :)

...modelcontextprotocol/client/transport/customizer/McpHttpClientAuthorizationErrorHandler.java
* @return a {@link Publisher} to signal either an error or a retry
*/
default Publisher<Void> onAuthorizationError(HttpResponse.ResponseInfo responseInfo, McpTransportContext context,
Publisher<Void> retryAction, Publisher<Void> defaultError) {
Copy link
Member

@chemicL chemicL Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the default error:

  • currently the exception is eagerly created so there is no need for wrapping it in a Mono
  • instead, a Supplier can be used which would lazily be evaluated and would capture the actual stack at invocation time.

...modelcontextprotocol/client/transport/customizer/McpHttpClientAuthorizationErrorHandler.java
* If the returned {@link Publisher} errors, the error will be propagated to the
* calling method, to be handled by the caller.
* <p>
* The caller is responsible for bounding the number of retries.
Copy link
Member

@chemicL chemicL Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a test that shows how one would limit the retries? We should follow-up with another PR for the documentation about this case I suppose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemicL chemicL chemicL requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

area/client enhancement New feature or request P1 Significant bug affecting many users, highly requested feature

Projects

None yet

Milestone

1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Kehrlann @chemicL