Skip to content

[BUG]: set_gateway_state deletes tools on offlin to online transition for OAuth authorization_code gatewaysΒ #3788

Closed
#3792
Closed
[BUG]: set_gateway_state deletes tools on offlin to online transition for OAuth authorization_code gateways#3788
#3792
Labels
bugSomething isn't workingtriageIssues / Features awaiting triage
@kimsehwan96

Description

@kimsehwan96
kimsehwan96
opened on Mar 22, 2026

🐞 Bug Summary

When an OAuth authorization_code gateway transitions from offline β†’ online, set_gateway_state re-initializes the MCP connection without a valid OAuth token, receives an empty tool list, and deletes all existing tools, resources, prompts, and their virtual server associations as "stale."

This is a regression from PR #2537, which added a guard for this exact scenario in _refresh_gateway_tools_resources_prompts (line 4548) but missed the same pattern in set_gateway_state (line 2503-2562).

🧩 Affected Component

Select the area of the project impacted:

  • mcpgateway - API
  • mcpgateway - UI (admin panel)
  • mcpgateway.wrapper - stdio wrapper
  • Federation or Transports
  • CLI, Makefiles, or shell scripts
  • Container setup (Docker/Podman/Compose)
  • Other (explain below)

πŸ” Steps to Reproduce

  1. Register an MCP gateway with auth_type=oauth, grant_type=authorization_code
  2. Log in as a regular user (not platform_admin_email), complete OAuth authorization, and fetch tools
  3. Assign the tools to a virtual server
  4. Wait for health check cycle (~3 minutes) β€” health check fails because platform_admin_email has no OAuth token for this gateway
  5. Gateway goes offline (reachable=False), all tools become reachable=False
  6. Now authenticate as platform_admin_email (or manually set reachable=True in DB)
  7. Next health check succeeds β†’ set_gateway_state(reachable=True) triggers re-initialization
  8. All tools, resources, prompts, and virtual server associations are deleted

πŸ€” Expected Behavior

When set_gateway_state re-initializes an authorization_code gateway and receives an empty result (due to missing auth token), it should preserve existing tools instead of deleting them β€” the same behavior that _refresh_gateway_tools_resources_prompts already implements at line 4548:

πŸ““ Logs / Error Output

Paste any relevant stack traces or logs here.
⚠️ Do not paste secrets, credentials, or tokens.

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key Value
Version or commit 1.0.0-RC-2
Runtime Python 3.12.12, Gunicorn
Platform / OS BottleRocket(EKS)
Container Docker(EKS)

🧩 Additional Context (optional)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriageIssues / Features awaiting triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions