fix(mcp): use getBaseUrl for OAuth discovery metadata URLs

apps/sim/app/api/mcp/copilot/route.ts

@@ -32,6 +32,7 @@ import {
 import { DIRECT_TOOL_DEFS, SUBAGENT_TOOL_DEFS } from '@/lib/copilot/tools/mcp/definitions'
 import { env } from '@/lib/core/config/env'
 import { RateLimiter } from '@/lib/core/rate-limiter'
+import { getBaseUrl } from '@/lib/core/utils/urls'
 import {
   authorizeWorkflowByWorkspacePermission,
   resolveWorkflowIdForUser,
@@ -542,7 +543,8 @@ export async function POST(request: NextRequest) {
   const hasAuth = request.headers.has('authorization') || request.headers.has('x-api-key')
 
   if (!hasAuth) {
-    const resourceMetadataUrl = `${request.nextUrl.origin}/.well-known/oauth-protected-resource/api/mcp/copilot`
+    const origin = getBaseUrl().replace(/\/$/, '')
+    const resourceMetadataUrl = `${origin}/.well-known/oauth-protected-resource/api/mcp/copilot`
     return new NextResponse(JSON.stringify({ error: 'unauthorized' }), {
       status: 401,
       headers: {

apps/sim/lib/mcp/oauth-discovery.ts

@@ -1,11 +1,12 @@
 import { type NextRequest, NextResponse } from 'next/server'
+import { getBaseUrl } from '@/lib/core/utils/urls'
 
-function getOrigin(request: NextRequest): string {
-  return request.nextUrl.origin
+function getOrigin(): string {
+  return getBaseUrl().replace(/\/$/, '')
 }
 
 export function createMcpAuthorizationServerMetadataResponse(request: NextRequest): NextResponse {
-  const origin = getOrigin(request)
+  const origin = getOrigin()
   const resource = `${origin}/api/mcp/copilot`
 
   return NextResponse.json(
@@ -35,7 +36,7 @@ export function createMcpAuthorizationServerMetadataResponse(request: NextReques
 }
 
 export function createMcpProtectedResourceMetadataResponse(request: NextRequest): NextResponse {
-  const origin = getOrigin(request)
+  const origin = getOrigin()
   const resource = `${origin}/api/mcp/copilot`
   const authorizationServerIssuer = origin