Option to customize post-auth html screen

[liriID]

We'd like to take the effort to add customization for the post-auth response (ref https://github.com/geelen/mcp-remote/blob/main/src/lib/utils.ts#L302)
Opening this issue so we can sync on best strategy before working on a PR.
I see a couple of ways to achieve this without too much hassle. Either way, I think its fair to assume that the server URL must support some endpoint to serve this html, i.e /auth/completed, which will serve the html and will be redirected to instead of returning the plain text after auth completed.

To achieve this, I can suggest the following alternatives:

• Add flag to specify wether server supports this route
• Try to pre-fetch this route and if getting a non-404 response assume we can redirect to it (no flag needed)
• Require some hint in the redirect query params or similar response from the backend (such as postAuthRedirectUri)
• Make a breaking change to require this route be supported (obviously not great)

WDYT? Any other strategy proposals are welcome. I'd love to get this into a PR once we get to an agreement.

[emilisb]

We would also like to have an option for the post-login message customization.

I think a query param might work. Backend server could add an extra query param to the callback url, and then the mcp-remote callback endpoint (/oauth/callback) could redirect to the custom url from the query param after the token is saved.

However, I'm not sure if this should be added to this project or considered to be part of MCP authorization specification itself.

[geelen]

Hey @liriID sorry for the delay in responding.

I'm a little unsure on the best way to implement this. #54 (the postAuthRedirectUri query param) would work fine but it feels like it blurs the boundaries between the server and client if mcp-remote just immediately redirects the user based on this non-standard query string.

The easiest thing is to include a --post-redirect <url> param, but then you need to make sure all your users do in fact follow those instructions.

What kind of information do you want to show? Would it be enough to customise the post-auth text and maybe provide a link for the user to follow for more details?

One of the complications is that mcp-remote is designed to be obsolete once all the clients support oauth MCP servers directly. So if showing information after successful authentication is important to your flow, how are you going to support that for native MCP clients in the future?

One thought I had is calling window.open from within your /authorize screen (maybe when the user clicks "Approve"). That way when the auth process completes and the user closes the localhost URL, they'll still have a tab open with all your instructions?