k1nq/TREK

Fork 0

mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00

Commit Graph

Author	SHA1	Message	Date
jubnl	5b44fe68b1	fix(mcp): narrow OAuth scope to allowed intersection instead of rejecting When a client requests scopes it is not permitted for, silently drop them rather than failing the entire authorization flow. The token is issued with only the intersection of requested and allowed scopes. Also fix /authorize/validate to always return HTTP 200 so the consent page can surface the actual error_description instead of a generic axios failure message.	2026-04-09 23:48:05 +02:00
jubnl	f2908fdd65	test(mcp): add tests for OAuth 2.1, addon gating, and budget reorder Covers OAuth integration flow, scope enforcement, addon-gated tool access, oauthService unit tests, and budget reorder/permission/reservation-sync scenarios.	2026-04-09 23:12:59 +02:00

Author

SHA1

Message

Date

jubnl

5b44fe68b1

fix(mcp): narrow OAuth scope to allowed intersection instead of rejecting

When a client requests scopes it is not permitted for, silently drop
them rather than failing the entire authorization flow. The token is
issued with only the intersection of requested and allowed scopes.

Also fix /authorize/validate to always return HTTP 200 so the consent
page can surface the actual error_description instead of a generic
axios failure message.

2026-04-09 23:48:05 +02:00

jubnl

f2908fdd65

test(mcp): add tests for OAuth 2.1, addon gating, and budget reorder

Covers OAuth integration flow, scope enforcement, addon-gated tool access,
oauthService unit tests, and budget reorder/permission/reservation-sync scenarios.

2026-04-09 23:12:59 +02:00

2 Commits