MCP inspector adding incorrect url Oauth discovery URL #1008
Description
Inspector Version
- MCP Inspector v0.18.0
Describe the bug
MCP inspector adding incorrect url Oauth discovery URL
Expected behavior
Hi Team,
we have an MCP server running kubernetes enviroment. It is implemented with OAuth and is deployed behing kong api gateway.
When the application is accessed via service, it is able to discover the Oauth metadata correctly, but when it is accessed via kong gateway mcp inspector constructs an incorrect URL and throws
Failed to start OAuth flow: Failed to discover OAuth metadata
Positive Scenario:
We created a route app-mcp to the service in k8s and accessed with mcp url as
http://app-mcp-appns.apps.ao0018.tre.nsn-rdnet.net/mcp
we can see that the metadata is discovered correctly:
From http://app-mcp-appns.apps.ao0018.tre.nsn-rdnet.net/.well-known/oauth-protected-resource
This works because we do not have path in the route and every request hitting the route is passed to the application.
Failing Scenario:
when we try to access via api gateway , where the invocation is https call
where the URL for mcp is URL is set https://ckng.apps.ao0018.tre.nsn-rdnet.net/apigw/appns/mcp
the mcp inspector constructs the url as
https://ckng.apps.ao0018.tre.nsn-rdnet.net/.well-known/oauth-protected-resource/apigw/appns/mcp
the correct URL for metadata would have been
https://ckng.apps.ao0018.tre.nsn-rdnet.net/apigw/appns/.well-known/oauth-protected-resource
which correctly give the response
ckng is kong, ckey is keycloak
Looks like mcp inspector is adding the path .well-known/oauth-protected-resource to the host name and then adding /apigw/appns/mcp to the end
Please advise how to unblock