From f8b123024768fd5862b5faf6092162421f85a0f5 Mon Sep 17 00:00:00 2001
From: bercianor <bercianor@gmail.com>
Date: Sat, 25 Oct 2025 17:14:36 +0100
Subject: [PATCH] fix: generate callback uri dinamically

---
 config.toml                | 1 -
 src/mcp_app/config.py      | 2 +-
 src/mcp_app/fastapi_app.py | 9 +++++----
 tests/test_main.py         | 3 +--
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/config.toml b/config.toml
index a485e0b..e310794 100644
--- a/config.toml
+++ b/config.toml
@@ -62,4 +62,3 @@ oauth_whitelist_domains = ["localhost", "yourdomain.com"]
 [auth]
 client_id = "YOUR_CLIENT_ID"
 client_secret = "YOUR_CLIENT_SECRET"
-redirect_uri = "http://localhost:8080/callback" # Cambia a prod
diff --git a/src/mcp_app/config.py b/src/mcp_app/config.py
index 9e3fcbb..a049114 100644
--- a/src/mcp_app/config.py
+++ b/src/mcp_app/config.py
@@ -137,7 +137,7 @@ class AuthConfig(BaseSettings):
 
     client_id: str
     client_secret: str
-    redirect_uri: str
+    redirect_uri: str | None = None
 
 
 class Configuration(BaseModel):
diff --git a/src/mcp_app/fastapi_app.py b/src/mcp_app/fastapi_app.py
index 8faa6ee..9a2b5e0 100644
--- a/src/mcp_app/fastapi_app.py
+++ b/src/mcp_app/fastapi_app.py
@@ -10,7 +10,7 @@
 from typing import Any
 
 import httpx
-from fastapi import FastAPI
+from fastapi import FastAPI, Request
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse, RedirectResponse, Response
 from mcp.server import FastMCP
@@ -162,7 +162,7 @@ async def _read_root(self) -> dict[str, str]:
         )  # pragma: no cover
         return {"message": f"Hello from {server_name}"}  # pragma: no cover
 
-    async def _login(self) -> Response:
+    async def _login(self, request: Request) -> Response:
         """Redirect to Auth0 login."""
         if (
             not self.config
@@ -178,7 +178,7 @@ async def _login(self) -> Response:
             f"{local_config.issuer}authorize?"
             f"client_id={self.config.auth.client_id}&"
             "response_type=code&"
-            f"redirect_uri={self.config.auth.redirect_uri}&"
+            f"redirect_uri={request.base_url}callback&"
             "scope=openid profile email&"
             f"audience={local_config.audience}"
         )
@@ -186,6 +186,7 @@ async def _login(self) -> Response:
 
     async def _callback(
         self,
+        request: Request,
         code: str | None = None,
         error: str | None = None,
         error_description: str | None = None,
@@ -214,7 +215,7 @@ async def _callback(
             "client_id": self.config.auth.client_id,
             "client_secret": self.config.auth.client_secret,
             "code": code,
-            "redirect_uri": self.config.auth.redirect_uri,
+            "redirect_uri": f"{request.base_url}callback",
         }
         async with httpx.AsyncClient() as client:
             response = await client.post(token_url, data=data, timeout=10.0)
diff --git a/tests/test_main.py b/tests/test_main.py
index cb08b5f..8e71565 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -202,7 +202,6 @@ def test_login_success() -> None:
     # Mock valid config
     mock_auth = MagicMock()
     mock_auth.client_id = "test_client_id"
-    mock_auth.redirect_uri = "http://localhost/callback"
 
     mock_local = MagicMock()
     mock_local.issuer = "https://test.auth0.com/"
@@ -231,7 +230,7 @@ def test_login_success() -> None:
     location = response.headers.get("location", "")
     assert "https://test.auth0.com/authorize?" in location
     assert "client_id=test_client_id" in location
-    assert "redirect_uri=http://localhost/callback" in location
+    assert "redirect_uri=http://testserver/callback" in location
     assert "audience=test_audience" in location