Skip to content

Allow Agent instance to supply custom OAuth provider. #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Allow Agent instance to supply custom OAuth provider. #298

wants to merge 5 commits into from

Conversation

jaredhanson
Copy link

I am implementing agents that use alternative ways to register and authenticate with OAuth authorization servers. These mechanisms are based on early draft OAuth specifications, and will hopefully see more widespread adoption as MCP's use of OAuth matures beyond dynamic client registration (which has many downsides).

To facilitate this, supplying a different AgentsOAuthProvider is necessary. This pull request proposes a createOAuthProvider function on the Agent class, which by default returns the current DurableObjectOAuthClientProvider instance. This function can be overridden by Agent subclasses that need to use an alternative implementation.

An example of a agent that has a custom OAuth provider is as follows:

export class MyChatAgent extends AIChatAgent<Env> {
   // ...

   createOAuthProvider(callbackUrl: string): AgentsOAuthProvider {
      return new MyCustomOAuthProvider(
        this.ctx.storage,
        this.name,
        callbackUrl
      );
   }
}

Let me know if I can supply any additional details. Any and all feedback is welcome! Thanks!

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 21, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 58de61d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
agents Patch
hono-agents Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@jaredhanson
Copy link
Author

Kindly bumping to request review or feedback on this PR.

@jaredhanson
Copy link
Author

For context here, I'm working on making the underlying OAuthClientProvider interface from @modelcontextprotocol/sdk more extensible, allowing it to implement more secure forms of authentication that don't rely on shared secrets. A PR is in progress here: modelcontextprotocol/typescript-sdk#531

Instantiating such an implementation from within an Agent is driving the requirement for this PR.

@threepointone
Copy link
Collaborator

threepointone commented May 29, 2025 via email

@jaredhanson
Copy link
Author

Support for implementing custom auth has landed in @modelcontextprotocol/sdk v1.15.1 (#720).

Now that it is in a stable release there, it'd be great to take advantage of better authentication mechanisms in Cloudflare Agents. Let me know if there's anything I can do to move this along. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaredhanson @threepointone