From e53feedb8079cca5b357bdeb7c49343394bb9afc Mon Sep 17 00:00:00 2001 From: Jonathan Wang Date: Fri, 11 Jul 2025 17:34:40 +0800 Subject: [PATCH] fix: use authorization_server_url as issuer when fetching metadata --- src/client/auth.test.ts | 6 +++--- src/client/auth.ts | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/client/auth.test.ts b/src/client/auth.test.ts index 93dd8e94..84412708 100644 --- a/src/client/auth.test.ts +++ b/src/client/auth.test.ts @@ -1759,7 +1759,7 @@ describe("OAuth Authorization", () => { status: 200, json: async () => ({ resource: "https://my.resource.com/", - authorization_servers: ["https://auth.example.com/"], + authorization_servers: ["https://auth.example.com/oauth"], }), }); } else if (urlString === "https://auth.example.com/.well-known/oauth-authorization-server/path/name") { @@ -1802,8 +1802,8 @@ describe("OAuth Authorization", () => { // First call should be to PRM expect(calls[0][0].toString()).toBe("https://my.resource.com/.well-known/oauth-protected-resource/path/name"); - // Second call should be to AS metadata with the path from serverUrl - expect(calls[1][0].toString()).toBe("https://auth.example.com/.well-known/oauth-authorization-server/path/name"); + // Second call should be to AS metadata with the path from authorization server + expect(calls[1][0].toString()).toBe("https://auth.example.com/.well-known/oauth-authorization-server/oauth"); }); }); diff --git a/src/client/auth.ts b/src/client/auth.ts index 2b69a5d8..74f94243 100644 --- a/src/client/auth.ts +++ b/src/client/auth.ts @@ -525,7 +525,7 @@ export async function discoverOAuthMetadata( protocolVersion ??= LATEST_PROTOCOL_VERSION; const response = await discoverMetadataWithFallback( - issuer, + authorizationServerUrl, 'oauth-authorization-server', { protocolVersion,