Skip to content

Commit a31111e

Browse files
fix(mcp-oauth): remove dead userinfo check in redirect_uri validation
The first check combined missing netloc with userinfo presence, making the second userinfo-only check unreachable. Split into two distinct checks so each error message reflects the actual failure mode. Co-authored-by: Yassin Kortam <[email protected]>
1 parent bb800ab commit a31111e

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

litellm/proxy/_experimental/mcp_server/oauth_utils.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -345,9 +345,9 @@ def _validate_trusted_http_redirect_shape(parsed: ParseResult) -> bool:
345345
_oauth_invalid_request(
346346
"redirect_uri must not contain a URL fragment (#...).",
347347
)
348-
if not parsed.netloc or parsed.username is not None or parsed.password is not None:
348+
if not parsed.netloc:
349349
_oauth_invalid_request(
350-
"redirect_uri must include a host and must not contain userinfo (user:pass@host).",
350+
"redirect_uri must include a host (e.g. https://your-host/path).",
351351
)
352352
if parsed.username is not None or parsed.password is not None:
353353
_oauth_invalid_request(

0 commit comments

Comments
 (0)