Marco Sadjadi 86cf89ef42 fix(oauth): serve AS metadata at the RFC 8414 strict path ... Root cause of Claude Desktop's repeated "Registrierung beim Anmeldedienst fehlgeschlagen" reference ofid_897eda676d452435: RFC 8414 §3 constructs the well-known discovery URL by INSERTING "/.well-known/oauth-authorization-server" between the host and the issuer path. For issuer https://api.buildmymcpserver.com/oauth the correct location is https://api.buildmymcpserver.com/.well-known/oauth-authorization-server/oauth We previously served only the issuer-appended form (/oauth/.well-known/...), which is the historically common but RFC-incorrect placement. Claude Desktop's MCP SDK is strict per RFC 8414, hit the 404, and bailed out of discovery before ever reaching /oauth/register — so the DCR fix from earlier never had a chance to run. Now serves the same metadata at four paths via a single handler: - /.well-known/oauth-authorization-server/oauth (RFC 8414 strict) - /.well-known/oauth-authorization-server (root fallback) - /oauth/.well-known/oauth-authorization-server (historical) - /.well-known/openid-configuration (OIDC fallback) A single buildAsMetadata() helper keeps them in sync.		2026-05-28 19:47:47 +02:00
..
src	fix(oauth): serve AS metadata at the RFC 8414 strict path	2026-05-28 19:47:47 +02:00
Dockerfile	fix(docker): healthcheck must hit 127.0.0.1, not localhost	2026-05-21 18:07:01 +02:00
package.json	feat(billing): Stripe Checkout + Customer Portal + signed webhook	2026-05-25 16:30:42 +02:00
tsconfig.json	feat(api): Fastify control plane (auth, servers, WS build stream, OAuth 2.1 AS, JWKS)	2026-05-19 00:24:47 +02:00