feat: make resource optional in MCP endpoint OAuth flow

[devin-ai-integration]

Context

When connecting to Infisical's MCP server/endpoint, the resource parameter was required in the OAuth authorization and finalize endpoints. This caused issues for MCP clients that don't provide this parameter.

After investigation, the resource field is not actually used in the backend service logic (ai-mcp-endpoint-service.ts) - it's accepted but never processed. This PR makes resource optional across the entire OAuth flow to improve compatibility with MCP clients.

Note: The resource parameter was already optional in the token exchange endpoint, so this change makes the API more consistent.

Changes:

• Backend router: Made resource optional in /oauth/authorize querystring and /oauth/finalize body schemas
• Backend types: Made resource optional in TOAuthFinalizeDTO
• Frontend types: Made resource optional in TFinalizeMcpEndpointOAuthDTO
• Frontend route: Made resource optional in the finalize page query schema

Updates since last revision

• Fixed prettier formatting in backend/src/db/sanitized-schema.ts (unrelated pre-existing lint issue in main branch)

Steps to verify the change

1. Connect to an MCP endpoint without providing the resource parameter in the OAuth flow
2. Verify the OAuth authorization and token exchange complete successfully
3. Verify existing flows that do provide resource still work

Human Review Checklist

• Confirm resource is not used in ai-mcp-endpoint-service.ts (grep shows no matches)
• Verify this aligns with MCP/OAuth specifications for the resource parameter

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format
• Tested locally (type checks pass)
• Updated docs (if needed)
• Read the contributing guide

---

Link to Devin run: https://app.devin.ai/sessions/02e7702a7b53445c94c6d6b0519aa6ef
Requested by: Saifur Rahman (saif@infisical.com)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR makes the resource parameter optional across the entire MCP endpoint OAuth flow to improve compatibility with MCP clients that don't provide this parameter.

Key changes:

• Made resource optional in /oauth/authorize querystring schema
• Made resource optional in /oauth/finalize body schema
• Updated TypeScript type definitions in both backend and frontend
• Aligns with the token exchange endpoint where resource was already optional

The change is backward-compatible and safe because:

• The resource parameter is accepted but never used in the backend service logic (ai-mcp-endpoint-service.ts)
• Existing clients that provide the parameter will continue to work
• New clients that omit the parameter will now also work
• Improves API consistency across OAuth endpoints

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The change makes an unused parameter optional across the OAuth flow, improving compatibility with MCP clients. The resource parameter was verified to not be used anywhere in the service logic, and the token exchange endpoint already had this parameter as optional. This is a backward-compatible change that doesn't affect existing functionality.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/ee/routes/v1/ai-mcp-endpoint-router.ts	Made resource parameter optional in OAuth authorize and finalize endpoints to match token endpoint
backend/src/ee/services/ai-mcp-endpoint/ai-mcp-endpoint-types.ts	Made resource field optional in TOAuthFinalizeDTO type definition
frontend/src/hooks/api/aiMcpEndpoints/types.ts	Made resource field optional in TFinalizeMcpEndpointOAuthDTO type
frontend/src/pages/organization/McpEndpointFinalizePage/route.tsx	Made resource parameter optional in finalize page query schema

[saifsmailbox98]

fix formatting for sanitized-schema.ts using prettier

[saifsmailbox98]

Your changes work well on local! You need to return the favor later.

[devin-ai-integration]

Thanks for testing! Glad it works well. Happy to help with future tasks - just tag me anytime!

[saifsmailbox98]

LGTM!