mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add OAuth discovery endpoints for claude.ai handshake
All checks were successful
CD / Lint / Test / Vet (pull_request) Successful in 5s
Details
CD / Build & Import (pull_request) Has been skipped
Details
CD / Deploy via GitOps (pull_request) Has been skipped
Details

Browse Source 
Implements RFC 9728 protected resource metadata and HEAD probe so
claude.ai can complete its pre-handshake discovery without hitting 404.

- GET /.well-known/oauth-protected-resource → 200 {"authorization_servers":[]}
- GET /.well-known/oauth-authorization-server → 404 (no auth server)
- HEAD /mcp → 200 + MCP-Protocol-Version: 2025-06-18 header

Closes #2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
2026-05-06 17:19:14 +02:00
parent 47e631da23
commit 9cbb564cd9
3 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/gitea-mcp/main.go
View File

@@ -54,6 +54,18 @@ func main() {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte("ok")) _, _ = w.Write([]byte("ok"))
}) })
mux.HandleFunc("/.well-known/oauth-protected-resource", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodGet {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(`{"authorization_servers":[]}`))
})
mux.HandleFunc("/.well-known/oauth-authorization-server", func(w http.ResponseWriter, r *http.Request) {
http.NotFound(w, r)
})
addr := ":" + cfg.Port addr := ":" + cfg.Port
logger.Info("gitea-mcp starting", "addr", addr, "version", "0.1.0") logger.Info("gitea-mcp starting", "addr", addr, "version", "0.1.0")

3
internal/mcp/server.go
View File

@@ -31,6 +31,9 @@ func NewServer(opts ServerOptions) *Server {
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
switch r.Method { switch r.Method {
case http.MethodHead:
w.Header().Set("MCP-Protocol-Version", ProtocolVersion)
w.WriteHeader(http.StatusOK)
case http.MethodGet: case http.MethodGet:
s.handleGET(w, r) s.handleGET(w, r)
case http.MethodPost: case http.MethodPost:

9
internal/mcp/server_test.go
View File

@@ -118,6 +118,15 @@ func TestPostBodyTooLarge(t *testing.T) {
assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Equal(t, http.StatusBadRequest, rr.Code)
} }
func TestHEADReturnsMCPProtocolVersionHeader(t *testing.T) {
srv := newServer(t)
req := httptest.NewRequest(http.MethodHead, "/mcp", nil)
rr := httptest.NewRecorder()
srv.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
assert.Equal(t, mcp.ProtocolVersion, rr.Header().Get("MCP-Protocol-Version"))
}
func TestToolsCallToolNotFound(t *testing.T) { func TestToolsCallToolNotFound(t *testing.T) {
srv := newServer(t) srv := newServer(t)
// Initialize to get a session ID. // Initialize to get a session ID.