fix(mcp): preserve authType on URL-unchanged upserts; fallback serverId on tool reauth errors

waleedlatif1 · claude · waleedlatif1 · commit 09e5cf2c90ce · 2026-05-05T12:31:22.000-07:00
Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
diff --git a/apps/sim/app/api/mcp/servers/route.ts b/apps/sim/app/api/mcp/servers/route.ts
@@ -112,21 +112,6 @@ export const POST = withRouteHandler(
 
         const serverId = body.url ? generateMcpServerId(workspaceId, body.url) : generateId()
 
-        let resolvedAuthType: 'none' | 'headers' | 'oauth' = body.authType ?? 'headers'
-        const hasHeaders = body.headers && Object.keys(body.headers).length > 0
-        if (!body.authType && body.url && !hasHeaders) {
-          try {
-            resolvedAuthType = await detectMcpAuthType(body.url)
-            logger.info(`[${requestId}] Probed ${body.url}: authType=${resolvedAuthType}`)
-          } catch (e) {
-            logger.warn(`[${requestId}] Probe failed for ${body.url}, defaulting to headers`, e)
-            resolvedAuthType = 'headers'
-          }
-        }
-
-        // User-supplied client credentials imply OAuth; pin authType regardless of probe.
-        if (body.oauthClientId) resolvedAuthType = 'oauth'
-
         const oauthClientSecretProvided = body.oauthClientSecret !== undefined
         const oauthClientSecretEncrypted = body.oauthClientSecret
           ? (await encryptSecret(body.oauthClientSecret)).encrypted
@@ -139,19 +124,45 @@ export const POST = withRouteHandler(
             id: mcpServers.id,
             deletedAt: mcpServers.deletedAt,
             url: mcpServers.url,
+            authType: mcpServers.authType,
             oauthClientId: mcpServers.oauthClientId,
             oauthClientSecret: mcpServers.oauthClientSecret,
           })
           .from(mcpServers)
           .where(and(eq(mcpServers.id, serverId), eq(mcpServers.workspaceId, workspaceId)))
           .limit(1)
 
+        const urlChanged = existingServer ? existingServer.url !== body.url : true
+        const hasHeaders = body.headers && Object.keys(body.headers).length > 0
+
+        let resolvedAuthType: 'none' | 'headers' | 'oauth' = body.authType ?? 'headers'
+        if (!body.authType) {
+          if (existingServer && !urlChanged) {
+            // Preserve existing authType on edits that don't change the URL — re-probing
+            // can flip a working OAuth+DCR server to 'headers' on a transient 401/timeout.
+            resolvedAuthType = (existingServer.authType ?? 'headers') as
+              | 'none'
+              | 'headers'
+              | 'oauth'
+          } else if (body.url && !hasHeaders) {
+            try {
+              resolvedAuthType = await detectMcpAuthType(body.url)
+              logger.info(`[${requestId}] Probed ${body.url}: authType=${resolvedAuthType}`)
+            } catch (e) {
+              logger.warn(`[${requestId}] Probe failed for ${body.url}, defaulting to headers`, e)
+              resolvedAuthType = 'headers'
+            }
+          }
+        }
+
+        // User-supplied client credentials imply OAuth; pin authType regardless of probe.
+        if (body.oauthClientId) resolvedAuthType = 'oauth'
+
         if (existingServer) {
           logger.info(
             `[${requestId}] Server with ID ${serverId} already exists, updating instead of creating`
           )
 
-          const urlChanged = existingServer.url !== body.url
           const clientIdChanged =
             oauthClientIdProvided &&
             (oauthClientId || null) !== (existingServer.oauthClientId ?? null)
diff --git a/apps/sim/app/api/mcp/tools/execute/route.ts b/apps/sim/app/api/mcp/tools/execute/route.ts
@@ -51,6 +51,7 @@ function hasType(prop: unknown): prop is SchemaProperty {
  */
 export const POST = withRouteHandler(
   withMcpAuth('read')(async (request: NextRequest, { userId, workspaceId, requestId }) => {
+    let serverId: string | undefined
     try {
       const rawBody = getParsedBody(request) ?? (await request.json())
       const parsedBody = mcpToolExecutionBodySchema.safeParse(rawBody)
@@ -71,7 +72,8 @@ export const POST = withRouteHandler(
         userId: userId,
       })
 
-      const { serverId, toolName, arguments: rawArgs } = body
+      const { toolName, arguments: rawArgs } = body
+      serverId = body.serverId
       const args = rawArgs || {}
 
       try {
@@ -237,17 +239,17 @@ export const POST = withRouteHandler(
         error instanceof McpOauthRedirectRequired ||
         error instanceof UnauthorizedError
       ) {
-        const serverId =
-          error instanceof McpOauthAuthorizationRequiredError ? error.serverId : undefined
+        const errorServerId =
+          error instanceof McpOauthAuthorizationRequiredError ? error.serverId : serverId
         logger.warn(`[${requestId}] OAuth re-authorization required for MCP tool execution`, {
-          serverId,
+          serverId: errorServerId,
         })
         return NextResponse.json(
           {
             success: false,
             error: 'OAuth re-authorization required',
             code: 'reauth_required',
-            serverId,
+            serverId: errorServerId,
           },
           { status: 401 }
         )
