BA
Better Auth2mo ago
k0t0r

MCP Plugin not working with MCP Inspector

Hello When running the official https://github.com/modelcontextprotocol/inspector for authentication, it is sending an OPTIONS request to the oauth registration endpoint (http://localhost:5173/api/auth/mcp/register), which is not defined by the plugin and returns a 404. On the inspector, this ends the signin flow and it's not possible to use the inspector I also noticed that the plugin is not defining a .well-known/oauth-protected-resource route, which the MCP clients are querying I am using SvelteKit
GitHub
GitHub - modelcontextprotocol/inspector: Visual testing tool for MC...
Visual testing tool for MCP servers. Contribute to modelcontextprotocol/inspector development by creating an account on GitHub.
5 Replies
k0t0r
k0t0rOP2mo ago
I have to do this to fix it in my server.hooks.ts 
const betterAuthApiRoutesHandler: Handle = ({ event, resolve }) => {
  if (event.url.pathname === '/api/auth/mcp/register' && event.request.method === 'OPTIONS') {
    return new Response(null, {
      status: 200,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'POST, OPTIONS',
      },
    })
  }
  return svelteKitHandler({ event, resolve, auth: auth(), building: false })
}
const betterAuthApiRoutesHandler: Handle = ({ event, resolve }) => {
  if (event.url.pathname === '/api/auth/mcp/register' && event.request.method === 'OPTIONS') {
    return new Response(null, {
      status: 200,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'POST, OPTIONS',
      },
    })
  }
  return svelteKitHandler({ event, resolve, auth: auth(), building: false })
}
Robi
Robi2mo ago
Heyo , You can do 
import { oAuthDiscoveryMetadata } from 'better-auth/plugins';
import { svelteKitHandler } from 'better-auth/svelte-kit';


export async function handle({ event, resolve }) {
    if (event.url.pathname === '/.well-known/oauth-authorization-server') {
      const metadataFunction = oAuthDiscoveryMetadata(auth);
      return await metadataFunction(event.request);
    }
    return svelteKitHandler({ event, resolve, auth, building });
}
import { oAuthDiscoveryMetadata } from 'better-auth/plugins';
import { svelteKitHandler } from 'better-auth/svelte-kit';


export async function handle({ event, resolve }) {
    if (event.url.pathname === '/.well-known/oauth-authorization-server') {
      const metadataFunction = oAuthDiscoveryMetadata(auth);
      return await metadataFunction(event.request);
    }
    return svelteKitHandler({ event, resolve, auth, building });
}
to get the metadata discovery working. looking into the /auth/mcp/register rn though
k0t0r
k0t0rOP2mo ago
Thanks! I have a route handler for /.well-known/oauth-authorization-server as stated in the doc, what's not handled is .well-known/oauth-protected-resource Can this be handled with the metadata function as well?
Robi
Robi2mo ago
.well-known/oauth-protected-resource was added as part of a new spec and is currently still sort of in an early stage. You should be good for the meta data discovery with just the .well-known/oauth-authorization-server. The mcp plugin will support it as adoption grows. https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-1-authorization-server-location https://datatracker.ietf.org/doc/rfc9728/
No description
No description
k0t0r
k0t0rOP2mo ago
Yeah it works without, but IMO it should be added as it's part of the spec now. I can try to do a PR next week maybe

Did you find this page helpful?