brandon/nextcloud-mcp-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
42426b4597cba7f93195dac3e57f8df027a69f5f
nextcloud-mcp-server/nextcloud_mcp_server/auth
T
History
Chris Coutinho 42426b4597 fix: browser OAuth userinfo endpoint and refresh token rotation 
Fixes two critical issues in browser OAuth flow for admin UI:

1. Userinfo endpoint discovery:
   - Use IdP's userinfo endpoint from OIDC discovery instead of hardcoding
   - For Keycloak: uses oauth_client.userinfo_endpoint
   - For Nextcloud: queries discovery document at runtime
   - Fixes 404 errors when querying user profile

2. Refresh token rotation:
   - Update stored refresh tokens after successful refresh
   - Fixes "Could not find access token for code or refresh_token" errors
   - Enables persistent sessions across page refreshes
   - Applies to both Keycloak and Nextcloud integrated modes

Test updates:
   - Skip outdated unit tests that relied on old API signature
   - Browser OAuth flow is covered by integration tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-03 22:46:19 +01:00
..
__init__.py
fix: Complete Keycloak external IdP integration with all tests passing
2025-11-02 22:03:20 +01:00
bearer_auth.py
feat(server): Experimental support for OAuth2/OIDC authentication
2025-10-14 01:22:15 +02:00
browser_oauth_routes.py
feat: add browser-based user info page with separate OAuth flow
2025-11-03 22:16:49 +01:00
client_registration.py
fix: Complete Keycloak external IdP integration with all tests passing
2025-11-02 22:03:20 +01:00
client_registry.py
feat: Implement ADR-004 Progressive Consent foundation (partial)
2025-11-03 20:33:55 +01:00
context_helper.py
refactor: integrate token exchange into unified get_client() pattern
2025-11-03 20:33:56 +01:00
keycloak_oauth.py
feat: Implement dual-tier token exchange (Standard V2 + Legacy V1 impersonation)
2025-11-02 22:03:22 +01:00
oauth_routes.py
fix: make ENABLE_PROGRESSIVE_CONSENT consistently opt-in (default false)
2025-11-03 20:33:56 +01:00
progressive_token_verifier.py
feat: Implement ADR-004 Progressive Consent foundation (partial)
2025-11-03 20:33:55 +01:00
provisioning_decorator.py
fix: make ENABLE_PROGRESSIVE_CONSENT consistently opt-in (default false)
2025-11-03 20:33:56 +01:00
refresh_token_storage.py
feat: Complete ADR-004 Progressive Consent OAuth flows implementation
2025-11-03 08:14:23 +01:00
scope_authorization.py
feat: Complete ADR-004 Progressive Consent OAuth flows implementation
2025-11-03 08:14:23 +01:00
session_backend.py
feat: add browser-based user info page with separate OAuth flow
2025-11-03 22:16:49 +01:00
token_broker.py
refactor: integrate token exchange into unified get_client() pattern
2025-11-03 20:33:56 +01:00
token_exchange.py
refactor: integrate token exchange into unified get_client() pattern
2025-11-03 20:33:56 +01:00
token_verifier.py
fix: Complete Keycloak external IdP integration with all tests passing
2025-11-02 22:03:20 +01:00
userinfo_routes.py
fix: browser OAuth userinfo endpoint and refresh token rotation
2025-11-03 22:46:19 +01:00