Skip to content

auth: support OAuth2 session persistence#1058

Open
smlx wants to merge 3 commits into
modelcontextprotocol:mainfrom
smlx:oauth2-session-save
Open

auth: support OAuth2 session persistence#1058
smlx wants to merge 3 commits into
modelcontextprotocol:mainfrom
smlx:oauth2-session-save

Conversation

@smlx

@smlx smlx commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

This change adds NewTokenSource and InitialTokenSource fields to AuthorizationCodeHandlerConfig. NewTokenSource enables wrapping the underlying token source to intercept token refreshes. InitialTokenSource enables configuring the token source used by the
AuthorizationCodeHandler on initialization. Together these features facilitate persisting OAuth2 sessions across restarts.

Includes a package example demonstrating the persistence pattern.

Fixes: #901.

See #901 for the previous discussion behind this design.

Comment thread auth/authorization_code.go Outdated
Comment thread auth/authorization_code.go Outdated
Comment thread auth/authorization_code.go Outdated
Comment thread auth/authorization_code.go Outdated
Comment thread auth/authorization_code.go
Comment thread auth/authorization_code.go Outdated
Comment thread auth/auth_example_test.go Outdated
@smlx smlx force-pushed the oauth2-session-save branch from 7615caf to 13c5f7b Compare July 10, 2026 03:34
smlx added 2 commits July 10, 2026 11:44
This change adds NewTokenSource and InitialTokenSource fields to
AuthorizationCodeHandlerConfig. NewTokenSource enables wrapping the
underlying token source to intercept token refreshes. InitialTokenSource
enables configuring the token source used by the
AuthorizationCodeHandler on initialization. Together these features
facilitate persisting OAuth2 sessions across restarts.

Includes a package example demonstrating the persistence pattern.
Add a mutex to AuthorizationCodeHandler to prevent data races when
reading or updating the tokenSource and grantedScopes fields.
@smlx smlx force-pushed the oauth2-session-save branch from 13c5f7b to 5c4846d Compare July 10, 2026 03:44
@smlx smlx requested a review from jba July 10, 2026 03:45

@jba jba left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve, but an official maintainer needs to make the final call.

@jba jba requested review from guglielmo-san and jba July 10, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Proposal: Client API support for saving and restoring OAuth2 sessions

3 participants