Conversation
marvin-context-protocol
Bot
added
enhancement
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 702f9f06db
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # PKCE configuration | ||
| forward_pkce: bool = True, | ||
| # Resource indicator (RFC 8707) | ||
| forward_resource: bool = True, |
There was a problem hiding this comment.
This change adds forward_resource only to OAuthProxy.__init__, but the OIDC entry points that users typically instantiate (OIDCProxy and wrappers like Auth0Provider) still have closed constructor signatures and init_kwargs that never accept/pass this flag (src/fastmcp/server/auth/oidc_proxy.py and src/fastmcp/server/auth/providers/auth0.py). As a result, Auth0Provider(..., forward_resource=False) raises a TypeError, and deployments using OIDC-based providers still cannot disable forwarding the resource parameter for IdPs that reject RFC 8707.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Already addressed in the second commit (a4addca). All provider subclasses and OIDCProxy now accept and forward forward_resource.
1 participant
Some IdPs (Auth0, Ping Federate) don't support the RFC 8707
resourceparameter in authorize requests. Azure has a provider-level workaround, but there was no generic way to disable resource forwarding.Adds
forward_resource: bool = TruetoOAuthProxy, mirroring the existingforward_pkcepattern. Set it toFalseto suppress the resource parameter in upstream authorize URLs.Closes #2810.