Merge pull request #1130 from rumpl/fix-no-www-auth

rumpl · web-flow · commit 07541bb272bf · 2025-12-18T16:49:08.000+01:00
Return an error if www-auth resource retuns unexpected status code
diff --git a/pkg/tools/mcp/oauth.go b/pkg/tools/mcp/oauth.go
@@ -243,7 +243,8 @@ func (t *oauthTransport) handleManagedOAuthFlow(ctx context.Context, authServer,
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNotFound {
-		return err
+		_, _ = io.ReadAll(resp.Body)
+		return errors.New("failed to fetch protected resource metadata")
 	}
 	var resourceMetadata protectedResourceMetadata
 	if resp.StatusCode == http.StatusOK {
@@ -390,7 +391,8 @@ func (t *oauthTransport) handleUnmanagedOAuthFlow(ctx context.Context, authServe
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNotFound {
-		return err
+		_, _ = io.ReadAll(resp.Body)
+		return errors.New("failed to fetch protected resource metadata")
 	}
 	var resourceMetadata protectedResourceMetadata
 	if resp.StatusCode == http.StatusOK {
