Unify mcp-director and mcp-web IdentityServer clients into single public client

sharpninja · claude · sharpninja · commit 0dbfd0c1b383 · 2026-04-07T10:45:18.000-05:00
Merges the separate mcp-director (device code + password) and mcp-web (code flow)
clients into one unified mcp-director client supporting all three grant types with
PKCE, redirect URIs for mcp-web ports 39983/39984, and bumps McpServerTools submodule.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/McpServer.Support.Mcp/Identity/IdentityServerConfig.cs b/src/McpServer.Support.Mcp/Identity/IdentityServerConfig.cs
@@ -45,31 +45,17 @@ public static IEnumerable<DuendeClient> GetClients(IdentityServerOptions options
             AllowedScopes = { options.ApiScopeName },
         },
 
-        // Interactive client for CLI tools (Device Authorization + Password flows)
+        // Unified public client for CLI tools, web UI, and browser-based flows
         new DuendeClient
         {
             ClientId = "mcp-director",
-            ClientName = "MCP Director CLI",
+            ClientName = "MCP Director",
             AllowedGrantTypes =
             {
+                GrantType.AuthorizationCode,
                 "urn:ietf:params:oauth:grant-type:device_code",
                 GrantType.ResourceOwnerPassword,
             },
-            RequireClientSecret = false,
-            AllowedScopes = { "openid", "profile", "email", "roles", options.ApiScopeName },
-            AllowOfflineAccess = true,
-            AccessTokenLifetime = 3600,
-            RefreshTokenUsage = TokenUsage.ReUse,
-            RefreshTokenExpiration = TokenExpiration.Sliding,
-            SlidingRefreshTokenLifetime = 86400,
-        },
-
-        // Web/SPA client for pairing UI and browser-based access
-        new DuendeClient
-        {
-            ClientId = "mcp-web",
-            ClientName = "MCP Web Client",
-            AllowedGrantTypes = GrantTypes.Code,
             RequirePkce = true,
             RequireClientSecret = false,
             RedirectUris =
@@ -89,6 +75,10 @@ public static IEnumerable<DuendeClient> GetClients(IdentityServerOptions options
             },
             AllowedScopes = { "openid", "profile", "email", "roles", options.ApiScopeName },
             AllowOfflineAccess = true,
+            AccessTokenLifetime = 3600,
+            RefreshTokenUsage = TokenUsage.ReUse,
+            RefreshTokenExpiration = TokenExpiration.Sliding,
+            SlidingRefreshTokenLifetime = 86400,
         },
     ];
 }
diff --git a/tools/McpServerTools b/tools/McpServerTools
@@ -1 +1 @@
-Subproject commit 8de15e5ad60dabcc3693c02e7d73e4003a4d9b89
+Subproject commit b88d07bca1261f335a2c60af376b2131b2239392
