Skip to content

Conversation

arjunkmrm
Copy link
Contributor

@arjunkmrm arjunkmrm commented Sep 16, 2025

Motivation and Context

Fixes infinite OAuth loops when authorization servers throws 401 after successful authentication. The transport retries auth infinitely when the server returns 401 for authorized requests with valid token.

How Has This Been Tested?

  • Tested with MCP servers that return 401 after successful OAuth completion. Verified that fix stops infinite loops while allowing legitimate auth retries. Tested in our application: https://smithery.ai
  • Added test at src/client/streamableHttp.test.ts

Breaking Changes

None. Defensive fix that only affects infinite loop edge cases.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling

@arjunkmrm arjunkmrm requested a review from a team as a code owner September 16, 2025 13:59
@arjunkmrm arjunkmrm requested a review from dsp-ant September 16, 2025 13:59
@arjunkmrm arjunkmrm changed the title fix: prevent infinite recursion when servers throws 401 after successful authentication fix: prevent infinite recursion when server throws 401 after successful authentication Sep 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant