MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-13 05:12:55 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): require user consent before MCP server OAuth (#18132)

Browse Source
This commit is contained in:
Emily Hedlund
2026-02-03 16:26:00 -05:00
committed by GitHub
parent 1fc59484b1
commit 69f8273481
7 changed files with 255 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/mcp/oauth-provider.ts
+10 -3
View File
@@ -11,10 +11,11 @@ import { URL } from 'node:url';
import { openBrowserSecurely } from '../utils/secure-browser-launcher.js';
import type { OAuthToken } from './token-storage/types.js';
import { MCPOAuthTokenStorage } from './oauth-token-storage.js';
import { getErrorMessage } from '../utils/errors.js';
import { getErrorMessage, FatalCancellationError } from '../utils/errors.js';
import { OAuthUtils, ResourceMismatchError } from './oauth-utils.js';
import { coreEvents } from '../utils/events.js';
import { debugLogger } from '../utils/debugLogger.js';
import { getConsentForOauth } from '../utils/authConsent.js';
export const OAUTH_DISPLAY_MESSAGE_EVENT = 'oauth-display-message' as const;
@@ -898,8 +899,14 @@ export class MCPOAuthProvider {
mcpServerUrl,
);
displayMessage(`Authentication required for MCP Server: '${serverName}'
→ Opening your browser for OAuth sign-in...
const userConsent = await getConsentForOauth(
`Authentication required for MCP Server: '${serverName}.'`,
);
if (!userConsent) {
throw new FatalCancellationError('Authentication cancelled by user.');
}
displayMessage(`→ Opening your browser for OAuth sign-in...
If the browser does not open, copy and paste this URL into your browser:
${authUrl}