feat: mcp oauth#6800

uinstinct · 2025-07-25T13:44:01Z

Description

Oauth support for MCP

closes CON-2672

Checklist

[] I've read the contributing guide
[] The relevant docs, if any, have been updated or created
[] The relevant tests, if any, have been updated or created

Screen recording or screenshot

feat.mp4

Tests

[ What tests were added or updated to ensure the changes work as expected? ]

Summary by cubic

Added OAuth support for MCP by spinning up a local server to handle authentication redirects and integrating the flow with the VS Code extension.

New Features
- Local server listens for OAuth redirects and forwards them to VS Code.
- New MCPOauth class manages the OAuth process for MCP servers.

- spin up a local server to handle redirects - create an MCPOauth class to handle oauths

- add storage to store tokens - in mcp connection, add headers

- added a startAuthentication protocol

- add protectedresource key to mcp server status - shift mcp server auth status handling to core

- correct lints in MCPManagerSingleton

RomneyDa

Adds suppot for oauth for MCP servers!

RomneyDa · 2025-08-06T01:44:33Z

@uinstinct we noticed that the linear mcp which requires OAuth works with the current extension

It seems like maybe the npm modelcontextprotocol package supports this oauth pattern out of the box. I'll close this for now but we should revisit if there's functionality missing

RomneyDa · 2025-08-06T02:15:28Z

Reopened since the respons linear works is it uses npx mcp-remote

RomneyDa · 2025-08-07T03:30:47Z

@uinstinct trying this out, could you tweak to make the tooltip just Authenticate text and the little icon the clickable part?

RomneyDa · 2025-08-07T03:33:34Z

@uinstinct Fails with the sentry MCP server, appears that it's because of the redirect URL which does not hit anything

Noticed this comment which seems relavent

// TODO: this has to be a hub url or should we spin up a server?

e.g. approval redirects to
http://localhost:3000/?code=xxx

RomneyDa

See above comments

RomneyDa

Tested, works with https://hub.continue.dev/dallin/linear-sse
Note, doesn't work with Sentry MCP (405), but seems to be an exception, can iterate as needed

sestinj · 2025-08-18T20:24:21Z

🎉 This PR is included in version 1.5.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

sestinj · 2025-08-18T20:30:33Z

🎉 This PR is included in version 1.7.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

handle mcp authenticated token

2473a39

- spin up a local server to handle redirects - create an MCPOauth class to handle oauths

github-project-automation bot added this to Issues and PRs Jul 25, 2025

github-project-automation bot moved this to Todo in Issues and PRs Jul 25, 2025

uinstinct added 16 commits July 28, 2025 12:26

handle authentication callback

35a58c0

- add storage to store tokens - in mcp connection, add headers

Merge branch 'main' into mcp-oauth

6a07e7b

add authenticate button in gui

a062f26

- added a startAuthentication protocol

remove getmcpauthstate

9046cf9

added mcp remove authentication

ab66938

- add protectedresource key to mcp server status - shift mcp server auth status handling to core

handle mcp oauth callback

9438add

store mcp authenticating server as connection status

a82a340

fix find authenticating server

0407836

remove vscode redirect after authentication

6470233

remove mcp/sendOauthCode protocol

2bc7f15

put a spinner to show authentication progress

c401c2c

start and stop during mcp server oauth process

bc3089a

correct eslint

c969f9f

do not start server is already listening

ff07bd4

added tests

0acda9f

- correct lints in MCPManagerSingleton

fix tests

4b34402

uinstinct marked this pull request as ready for review July 29, 2025 11:47

uinstinct requested a review from a team as a code owner July 29, 2025 11:47

uinstinct requested review from RomneyDa and removed request for a team July 29, 2025 11:47

dosubot bot added the size:XL This PR changes 500-999 lines, ignoring generated files. label Jul 29, 2025

RomneyDa previously approved these changes Jul 30, 2025

View reviewed changes

github-project-automation bot moved this from Todo to In Progress in Issues and PRs Jul 30, 2025

dosubot bot added the lgtm This PR has been approved by a maintainer label Jul 30, 2025

RomneyDa closed this Aug 6, 2025

github-project-automation bot moved this from In Progress to Done in Issues and PRs Aug 6, 2025

github-actions bot locked and limited conversation to collaborators Aug 6, 2025

RomneyDa reopened this Aug 6, 2025

github-project-automation bot moved this from Done to In Progress in Issues and PRs Aug 6, 2025

Merge branch 'main' into mcp-oauth

36ec59c

uinstinct dismissed RomneyDa’s stale review via 36ec59c August 7, 2025 03:03

RomneyDa requested changes Aug 7, 2025

View reviewed changes

dosubot bot removed the lgtm This PR has been approved by a maintainer label Aug 7, 2025

uinstinct added 2 commits August 7, 2025 11:36

make auth icon clickable

921f479

Merge branch 'main' into mcp-oauth

785aea3

RomneyDa approved these changes Aug 13, 2025

View reviewed changes

RomneyDa merged commit 08842da into continuedev:main Aug 13, 2025
37 checks passed

github-project-automation bot moved this from In Progress to Done in Issues and PRs Aug 13, 2025

dosubot bot added the lgtm This PR has been approved by a maintainer label Aug 13, 2025

uinstinct deleted the mcp-oauth branch August 13, 2025 02:54

sestinj added the released label Aug 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: mcp oauth#6800