MCPcopy Index your code
hub / github.com/simstudioai/sim / detectMcpAuthType

Function detectMcpAuthType

apps/sim/lib/mcp/oauth/probe.ts:21–89  ·  view source on GitHub ↗
(
  url: string,
  resolvedIP?: string | null
)

Source from the content-addressed store, hash-verified

19 * SSRF-guarded fetch validates and pins each request itself.
20 */
21export async function detectMcpAuthType(
22 url: string,
23 resolvedIP?: string | null
24): Promise<McpAuthType> {
25 let parsed: URL
26 try {
27 parsed = new URL(url)
28 } catch {
29 return 'headers'
30 }
31 const isLoopbackHttp = parsed.protocol === 'http:' && isLoopbackHostname(parsed.hostname)
32 if (parsed.protocol !== 'https:' && !isLoopbackHttp) {
33 return 'headers'
34 }
35
36 const probeFetch: FetchLike = resolvedIP
37 ? createPinnedFetch(resolvedIP)
38 : createSsrfGuardedMcpFetch()
39
40 const controller = new AbortController()
41 const timer = setTimeout(() => controller.abort(), PROBE_TIMEOUT_MS)
42
43 try {
44 const res = await probeFetch(url, {
45 method: 'POST',
46 redirect: 'manual',
47 headers: {
48 'Content-Type': 'application/json',
49 Accept: 'application/json, text/event-stream',
50 },
51 body: JSON.stringify({
52 jsonrpc: '2.0',
53 id: 1,
54 method: 'initialize',
55 params: {
56 protocolVersion: '2025-06-18',
57 capabilities: {},
58 clientInfo: { name: 'sim-platform-probe', version: '1.0.0' },
59 },
60 }),
61 signal: controller.signal,
62 })
63
64 const sessionId = res.headers.get('mcp-session-id')
65 if (sessionId) {
66 void closeMcpSession(url, sessionId, probeFetch)
67 }
68
69 if (res.status === 401) {
70 const params = extractWWWAuthenticateParams(res)
71 // Per RFC 9728, an OAuth-protected resource signals OAuth via
72 // `resource_metadata=...` in WWW-Authenticate. `scope=...` is also an
73 // OAuth-specific hint. A bare `error="invalid_token"` is generic Bearer
74 // and used by plain API-key servers too, so it must not classify as OAuth.
75 if (params.resourceMetadataUrl || params.scope) {
76 return 'oauth'
77 }
78 return 'headers'

Callers 3

probe.test.tsFile · 0.90
performCreateMcpServerFunction · 0.90
route.tsFile · 0.90

Calls 7

isLoopbackHostnameFunction · 0.90
createPinnedFetchFunction · 0.90
closeMcpSessionFunction · 0.85
abortMethod · 0.65
getMethod · 0.65
warnMethod · 0.65

Tested by

no test coverage detected