Support OAuth for HTTP MCP servers from selected executor plugins (#28529)

## Why

#28522 routes selected-plugin HTTP MCP traffic through the owning
executor, but OAuth bootstrap and refresh still used host-local clients.
Executor-only servers therefore cannot complete discovery or login
through the same network boundary as the MCP connection.

## What changed

- adapt `codex_exec_server::HttpClient` to RMCP 1.8's `OAuthHttpClient`
contract
- let RMCP own discovery, dynamic registration, PKCE, token exchange,
and refresh
- route auth status, persisted-token startup, and app-server login
through the server runtime while preserving the existing local discovery
path
- add optional `threadId` to `mcpServer/oauth/login` and echo it in the
completion notification
- implement RMCP's redirect policy and 1 MiB OAuth response limit over
executor HTTP
- cover selected-thread OAuth discovery and login through an
executor-only route

Depends on #28522.
This commit is contained in:
jif
2026-06-25 10:31:17 +01:00
committed by GitHub
Unverified
parent 6368937939
commit b215961a56
38 changed files with 763 additions and 96 deletions
@@ -419,6 +419,17 @@ pub struct HttpHeader {
pub value: String,
}
/// Redirect behavior for an executor-side HTTP request.
#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub enum HttpRedirectPolicy {
/// Follow redirects using the HTTP client's normal limits.
#[default]
Follow,
/// Return the redirect response without following its location.
Stop,
}
/// Executor-side HTTP request envelope.
///
/// This intentionally stays transport-shaped rather than MCP-shaped so callers
@@ -443,6 +454,9 @@ pub struct HttpRequestParams {
/// millisecond deadline.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub timeout_ms: Option<u64>,
/// Whether the executor should follow HTTP redirects.
#[serde(default)]
pub redirect_policy: HttpRedirectPolicy,
/// Caller-chosen stream id for `http/request/bodyDelta` notifications.
///
/// The id must remain unique on a connection until the terminal body delta