Skip to content

fix(mcp): inject stored OAuth tokens into ACP agent MCP servers#445

Merged
theahura merged 2 commits intomainfrom
auto/swift-jay-20260417-193824
Apr 17, 2026
Merged

fix(mcp): inject stored OAuth tokens into ACP agent MCP servers#445
theahura merged 2 commits intomainfrom
auto/swift-jay-20260417-193824

Conversation

@theahura
Copy link
Copy Markdown
Contributor

@theahura theahura commented Apr 17, 2026

Summary

🤖 Generated with Nori

  • Fix OAuth tokens not reaching ACP agent: Stored OAuth tokens (from browser login via keyring or .credentials.json) are now loaded and injected as Authorization: Bearer headers when converting MCP server configs to SACP protocol types. Previously only bearer_token_env_var was checked — tokens from OAuth login were stored but never sent to the agent.
  • Fix disabled servers being sent: MCP servers with enabled == false are now filtered out of the SACP conversion instead of being sent to the agent.
  • Fix OAuth branding: DCR client name changed from "Codex" to "Nori" so OAuth login pages show the correct app name. Keyring service name changed to "Nori TUI MCP Credentials".

Test Plan

  • Unit tests for OAuth token injection (http_server_with_stored_oauth_tokens_gets_auth_header)
  • Unit test for bearer token env var precedence over stored OAuth (bearer_token_env_var_takes_precedence_over_stored_oauth)
  • Unit test for disabled server filtering (disabled_servers_are_excluded)
  • TUI verification via tmux: /mcp picker renders, HTTP server can be added, config is persisted to config.toml
  • Manual test: Add Linear MCP server, complete OAuth login, restart session, verify agent can use Linear tools

Share Nori with your team: https://www.npmjs.com/package/nori-skillsets

theahura and others added 2 commits April 17, 2026 16:19
@theahura @nori-agent
fix(mcp): inject stored OAuth tokens into ACP agent MCP servers
686c7e9 
OAuth tokens stored via browser login (keyring or .credentials.json) were
never loaded when converting MCP server configs to SACP protocol types. The
agent received HTTP MCP servers with no Authorization header, causing it to
report having no MCP tools even after successful OAuth login.

- Load stored OAuth tokens as fallback when no bearer_token_env_var is set
- Filter out disabled MCP servers (enabled == false) from SACP conversion
- Change DCR client name from "Codex" to "Nori" for OAuth login pages
- Change keyring service name to "Nori TUI MCP Credentials"
- Export load_oauth_tokens from rmcp-client for cross-crate use
- Warn when injecting an expired OAuth token
🤖 Generated with [Nori](https://noriagentic.com)

Co-Authored-By: Nori <[email protected]>
@theahura @nori-agent
merge: resolve conflicts with main (codex-rs → nori-rs rename)
d75fab6 
🤖 Generated with [Nori](https://noriagentic.com)

Co-Authored-By: Nori <[email protected]>
@theahura theahura merged commit bc35ff5 into main Apr 17, 2026
3 checks passed
@theahura theahura deleted the auto/swift-jay-20260417-193824 branch April 17, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theahura