diff --git a/litellm/proxy/_experimental/mcp_server/rest_endpoints.py b/litellm/proxy/_experimental/mcp_server/rest_endpoints.py index 332d1d4e05..d2f16154f3 100644 --- a/litellm/proxy/_experimental/mcp_server/rest_endpoints.py +++ b/litellm/proxy/_experimental/mcp_server/rest_endpoints.py @@ -11,7 +11,6 @@ from litellm._logging import verbose_logger from litellm.proxy._types import UserAPIKeyAuth from litellm.proxy.auth.user_api_key_auth import user_api_key_auth -STATE_MAP = {} MCP_AVAILABLE: bool = True try: importlib.import_module("mcp") @@ -338,109 +337,3 @@ if MCP_AVAILABLE: } return await _execute_with_mcp_client(request, _list_tools_operation) - - @router.get("/authorize") - async def authorize( - request: Request, client_id: str, redirect_uri: str, state: str = "" - ): - # Redirect to real GitHub OAuth - from mcp_server_manager import global_mcp_server_manager - - mcp_server = global_mcp_server_manager.get_mcp_server_by_id(client_id) - if mcp_server is None: - raise HTTPException(status_code=404, detail="MCP server not found") - - if mcp_server.auth_type != "oauth2": - raise HTTPException(status_code=400, detail="MCP server is not OAuth2") - - if mcp_server.client_id is None: - raise HTTPException( - status_code=400, detail="MCP server client id is not set" - ) - - if mcp_server.authorization_url is None: - raise HTTPException( - status_code=400, detail="MCP server authorization url is not set" - ) - - if mcp_server.scopes is None: - raise HTTPException(status_code=400, detail="MCP server scopes is not set") - - request_base_url = str(request.base_url).rstrip("/") - # Parse it to remove any existing query - parsed = urlparse(redirect_uri) - base_url = urlunparse(parsed._replace(query="")) - STATE_MAP[state] = base_url - params = { - "client_id": mcp_server.client_id, - "redirect_uri": f"{request_base_url}/callback", - "scope": " ".join(mcp_server.scopes), - "state": state, - } - return RedirectResponse(f"{mcp_server.authorization_url}?{urlencode(params)}") - - @router.post("/token") - async def token_endpoint( - request: Request, - grant_type=Form(...), - code=Form(None), - client_id=Form(...), - ): - """ - Accept the authorization code from Claude and exchange it for GitHub token. - Forward the GitHub token back to Claude in standard OAuth format. - """ - from mcp_server_manager import global_mcp_server_manager - - mcp_server = global_mcp_server_manager.get_mcp_server_by_id(str(client_id)) - if mcp_server is None: - raise HTTPException(status_code=404, detail="MCP server not found") - - if mcp_server.token_url is None: - raise HTTPException( - status_code=400, detail="MCP server token url is not set" - ) - - if grant_type != "authorization_code": - raise HTTPException(status_code=400, detail="Unsupported grant_type") - - request_base_url = str(request.base_url).rstrip("/") - # Exchange code for real GitHub token - async with httpx.AsyncClient() as client: - resp = await client.post( - mcp_server.token_url, - headers={"Accept": "application/json"}, - data={ - "client_id": mcp_server.client_id, - "client_secret": mcp_server.client_secret, - "code": code, - "redirect_uri": f"{request_base_url}/callback", - }, - ) - resp.raise_for_status() - return JSONResponse(resp.json()) - - @router.get("/callback") - async def callback(code: str, state: str): - # Exchange code for token with GitHub - params = {"code": code, "state": state} - - # Forward token to Claude ephemeral endpoint - redirect_uri = STATE_MAP.pop(state, None) - - complete_returned_url = f"{redirect_uri}?{urlencode(params)}" - if redirect_uri: - async with httpx.AsyncClient() as client: - await client.post( - complete_returned_url, - json={}, - ) - # Return simple page so the browser doesn't hang - return HTMLResponse( - "Authentication complete. You can close this window." - ) - - # fallback if redirect_uri not found - return HTMLResponse( - "Authentication incomplete. You can close this window." - )