k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove(oauth): drop browser-initiated DCR registration flow

Browse Source 
OAuthRegisterPage and its server routes (GET /api/oauth/register/validate,
POST /api/oauth/register) are superseded by the RFC 7591 machine-to-machine
DCR endpoint (POST /oauth/register). Claude.ai and compliant MCP clients
register via RFC 7591, then go through the standard /oauth/authorize consent
screen for scope selection.
This commit is contained in:
jubnl
2026-04-10 06:22:37 +02:00
parent 4ad1ccf5dd
commit cc2a2ddca3
4 changed files with 0 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client/src/api/client.ts
-9
View File
@@ -95,15 +95,6 @@ export const oauthApi = {
approved: boolean
}) => apiClient.post('/oauth/authorize', body).then(r => r.data),
register: {
/** Validate DCR params — called by registration page on load */
validate: (params: { redirect_uri: string; client_name?: string; scope?: string; state?: string }) =>
apiClient.get('/oauth/register/validate', { params }).then(r => r.data),
/** Submit registration approval or cancellation */
submit: (body: { client_name: string; redirect_uri: string; scopes: string[]; state?: string; approved: boolean }) =>
apiClient.post('/oauth/register', body).then(r => r.data),
},
clients: {
list: () => apiClient.get('/oauth/clients').then(r => r.data),
create: (data: { name: string; redirect_uris: string[]; allowed_scopes: string[] }) =>