LibreChat/api/server
Dustin Healy ff39323fff fix(mcp): OAuth-aware app connections, list proxy, unique result ids, laid-out iframes
Plumbs OAuth context into app follow-up requests. The app controllers now build a
flowManager and tokenMethods and pass them through readResource, listResources, and
appToolCall to getAppConnection and getConnection, so a cold-recreated connection
(idle timeout, restart, reload) for an OAuth-backed server reuses the user's stored
tokens instead of failing for lack of OAuth context.

Backs the advertised serverResources capability with resource listing. Apps that
feature-detect serverResources can call resources/list, which had no handler. A new
listResources manager method, a POST /api/mcp/resources/list route, and an
onlistresources bridge handler proxy listing the same way reads are proxied.

Makes synthetic and embedded app resource ids unique per result snapshot. The id now
mixes in the tool result content, _meta, and error state alongside the resourceUri,
structuredContent, and arguments, so repeated calls that differ only in those fields
no longer collide and overwrite earlier conversation resources.

Keeps app iframes laid out while waiting for size. The frame is rendered transparent
until a positive size event instead of display:none, with the loading state overlaid,
so an app whose initial auto-resize reports zero is not stuck behind the spinner.
2026-06-25 07:12:46 -07:00
..
controllers fix(mcp): OAuth-aware app connections, list proxy, unique result ids, laid-out iframes 2026-06-25 07:12:46 -07:00
middleware
routes
services
utils
cleanup.js
experimental.js
index.js
index.metrics.spec.js
index.spec.js
socialLogins.js
socialLogins.spec.js
telemetry.js
telemetry.spec.js