Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

OAuth client registration fails with custom scheme redirect URIs #19581

Open
Labels
s2Broken use cases or features (with a workaround). Only humans may set this.
@blink-so

Description

@blink-so

Problem

When attempting to register an OAuth client with a custom scheme redirect URI (e.g.,vscode://augment.vscode-augment/auth/mcp/Coder), the registration fails with the following error:

400 Bad Request - invalid_client_metadata: invalid redirect_uris: redirect URI at index 0: custom scheme vscode should use reverse domain notation (e.g. com.example.app)

Context

This issue was discovered when trying to use Coder's MCP server with the Augment Code VS Code extension. The error occurs during OAuth client registration when the client attempts to register with avscode:// scheme redirect URI.

Error Details

Request payload:

{"client_name":"Augment Code","client_uri":"https://augmentcode.com","redirect_uris": ["vscode://augment.vscode-augment/auth/mcp/Coder"  ],"grant_types": ["authorization_code"  ],"response_types": ["code"  ],"token_endpoint_auth_method":"none","software_id":"augment-code-assistant","software_version":"1.0.0","code_challenge_methods_supported": ["S256"  ],"application_type":"native"}

Error response:

400 Bad Request - invalid_client_metadata: invalid redirect_uris: redirect URI at index 0: custom scheme vscode should use reverse domain notation (e.g. com.example.app)

Expected Behavior

OAuth clients should be able to register with custom scheme redirect URIs that follow established patterns for native applications, particularly VS Code extensions which commonly use thevscode:// scheme.

Current Behavior

The OAuth client registration endpoint rejects custom scheme redirect URIs that don't follow reverse domain notation, preventing integration with applications like VS Code extensions.

Impact

  • Prevents MCP integration with VS Code extensions
  • Blocks OAuth flows for native applications using custom schemes
  • Limits interoperability with standard OAuth clients

Additional Information

  • MCP endpoint:/api/experimental/mcp/http
  • OAuth metadata endpoint:/.well-known/oauth-authorization-server
  • This affects the OAuth2 client registration flow specifically

Related Work

There is an existing PR (#18809) that implements OAuth2 standardization and may be related to this validation logic.

Metadata

Metadata

Assignees

No one assigned

    Labels

    s2Broken use cases or features (with a workaround). Only humans may set this.

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp