fix(mcp): authenticate on toggle in TUI MCP picker#27704
Open
msvechla wants to merge 1 commit into
Open
Conversation
Two related changes that make the in-TUI MCP picker actually usable when
an MCP needs OAuth:
1. dialog-mcp.tsx: when the user toggles a 'needs_auth' MCP via the
picker (space), call mcp.auth.authenticate instead of mcp.connect.
Previously, toggle re-ran connect, which re-failed with
UnauthorizedError, set the row back to needs_auth, and emitted a
toast pointing at the shell. There was no in-TUI path that actually
completed OAuth. This now opens the browser, awaits the callback,
exchanges the code, and rebuilds the transport. A second loading
kind ('authenticating') is rendered in the row footer while the
long-blocking call sits open.
2. mcp/index.ts: update the startup 'requires authentication' toast to
mention /mcps first, and the shell command as a fallback. Now that
the in-TUI flow works, users in a running TUI can recover without
dropping to a shell.
Related: anomalyco#16893, anomalyco#21702.
github-actions
Bot
added
contributor
needs:compliance
Contributor
|
Thanks for your contribution! This PR doesn't have a linked issue. All PRs must reference an existing issue. Please:
See CONTRIBUTING.md for details. |
github-actions
Bot
removed
needs:issue
needs:compliance
Contributor
|
Thanks for updating your PR! It now meets our contributing guidelines. 👍 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #16893
Type of change
What does this PR do?
Pressing space on a
needs_authMCP in the picker (/mcps) now runs the full OAuth flow instead of loopingmcp.connect(). Previously, toggling aneeds_authrow calledmcp.connect(), which immediately re-failed withUnauthorizedError, kept the row atneeds_auth, and emitted a "Run: opencode mcp auth " toast. There was no in-TUI path that actually completed OAuth.This now calls
mcp.auth.authenticate, which already exists server-side: opens the browser, awaits the callback, exchanges the code, and rebuilds the transport.A second loading kind (
authenticating) is rendered in the row footer while the long-blocking call sits open.The startup toast for
needs_authMCPs is also updated to point at/mcpsfirst and the shell command second.Related: #21702 (broader, not addressed here).
How did you verify your code works?
bun run typecheckclean (passes pre-push hook)./mcps, pressed space. Browser opened, OAuth completed, row transitioned toconnected. Repeated on a second MCP.devbefore applying the patch.Screenshots / recordings
None — terminal-only keybinding-behavior change; reproduce locally.
Checklist