context_server: Add OAuth support to HTTP transport

[erenatas]

This change implements RFC 6749 OAuth 2.0 Authorization Code flow with PKCE
(RFC 7636) and enables OAuth support including
re-authentication and session handling for Streamable HTTP transport MCP servers.

Authentication Flow

Initial Connection (no token)

1. Client sends request without Authorization header
2. Server returns 401 with WWW-Authenticate header containing:
   • resource_metadata URL for OAuth discovery
   • requested scopes
3. Client discovers OAuth endpoints via .well-known/oauth-authorization-server
4. Client performs dynamic client registration (if supported)
5. Client opens browser for user authorization with PKCE challenge
6. Local callback server receives authorization code
7. Client exchanges code for access_token + refresh_token
8. Tokens are persisted to system keychain (with file fallback)
9. Original request is retried with Bearer token

Subsequent Requests (cached token)

1. OAuthManager.access_token() returns cached token
2. If token is expired/expiring (within 30s), refresh is attempted
3. If refresh fails, request proceeds without auth → 401 triggers re-login

Re-authentication (token expired during session)

1. Request with expired token returns 401 + WWW-Authenticate
2. handle_unauthorized() parses header and calls OAuthManager
3. OAuthManager performs full login flow (browser auth)
4. Session is proactively re-initialized (new Mcp-Session-Id)
5. Original request is retried with new token

Notes

• OAuth is ONLY triggered by 401 response, never proactively
• Manual Authorization: Bearer <token> headers bypass OAuth entirely
• Token refresh happens transparently before requests
• Session re-initialization after re-auth avoids 422 errors
• Tokens are scoped per server URL for multi-server support

Implementation Details

Typed Error System

• Add ContextServerError enum with variants: AuthRequired, Connection, Protocol, Other
• Update ContextServerStatus::Error to use typed ContextServerError
• Propagate typed errors through transport_error() in Client, Protocol, and ContextServer

Explicit Authentication Flow

• Prevent automatic browser opening for authentication - require user action
• Add authenticate() method for explicit user-triggered auth
• Add needs_authentication() to check if auth is required
• Add logout() to clear tokens and disable server
• Clear session ID on re-authentication to avoid stale session errors
• Add allow_auto_reauthentication setting for opt-in silent token refresh

UI Changes on agent_ui

• Add "Authenticate" button in Agent Settings for servers needing auth
• Add "Logout" button when authenticated (disables server on logout)
• Show server as disabled with error message when auth expires
• Add "Authenticate" button in configure_context_server_modal when auth required
• Restart server automatically after successful authentication

Settings

• Add allow_auto_reauthentication to ContextServerSettings
• Added protocol version to "2025-06-18" to have compatibility with MCP servers, the existing functionality over Zed does not have breaking change between the previous and this one.

---

Tested against a real OAuth enabled MCP server

Closes #43162

Release Notes:

• MCP: OAuth support for Streamable HTTP Transport

[cla-bot]

We require contributors to sign our Contributor License Agreement, and we don't have @erenatas on file. You can sign our CLA at https://zed.dev/cla. Once you've signed, post a comment here that says '@cla-bot check'.

[erenatas]

@cla-bot check

[cla-bot]

We require contributors to sign our Contributor License Agreement, and we don't have @erenatas on file. You can sign our CLA at https://zed.dev/cla. Once you've signed, post a comment here that says '@cla-bot check'.

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[erenatas]

@cla-bot check

[cla-bot]

We require contributors to sign our Contributor License Agreement, and we don't have @erenatas on file. You can sign our CLA at https://zed.dev/cla. Once you've signed, post a comment here that says '@cla-bot check'.

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[erenatas]

@cla-bot check

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[tzutoo]

It seems the tool call timeout setting not working with http transport support.

[erenatas]

It seems the tool call timeout setting not working with http transport support.

Can you open an issue for this? It sounds like a different issue compared to what this PR tries to address to.

[agu-z]

@erenatas Thanks for the contribution! I haven’t had a chance to dig into this deeply yet, but here are some initial thoughts:

1. We should surface the server’s authentication status in the MCP section of the Agent Panel settings.
2. When logged in, the user should be able to explicitly log out, and vice versa.
3. We shouldn’t open the browser without an explicit user action. Instead:
   a. The user should trigger it from agent settings
   b. Optional: Display a little callout under the "MCP Servers" section in the ... menu that triggers auth on click.
   c. Show a one-time toast per server when it’s first installed and authentication is required. We can persist whether we have shown this already in the KV store.
4. We should store the token in the system keychain rather than in a file.

[erenatas]

@erenatas Thanks for the contribution! I haven’t had a chance to dig into this deeply yet, but here are some initial thoughts:

1. We should surface the server’s authentication status in the MCP section of the Agent Panel settings.

2. When logged in, the user should be able to explicitly log out, and vice versa.

3. We shouldn’t open the browser without an explicit user action. Instead:

   • The user should trigger it from agent settings
   • Optional: Display a little callout under the "MCP Servers" section in the ... menu that triggers auth on click.
   • Show a one-time toast per server when it’s first installed and authentication is required. We can persist whether we have show this already in the KV store.

4. We should store the token in the system keychain rather than in a file.

Thanks a lot for comments! Would you prefer getting them done in this PR or as a follow up considering the size of the change? I can work on it this week.

[agu-z]

@erenatas Awesome! We could split this, but I don’t want to merge before addressing points 3 and 4.
In particular, point 3 implies there must be some UI to initiate authentication (for example, via the affordances described in points 1 and 2). The mechanisms in 3.b and 3.c, however, can be implemented independently.

[erenatas]

@erenatas Thanks for the contribution! I haven’t had a chance to dig into this deeply yet, but here are some initial thoughts:

1. We should surface the server’s authentication status in the MCP section of the Agent Panel settings.
2. When logged in, the user should be able to explicitly log out, and vice versa.
3. We shouldn’t open the browser without an explicit user action. Instead:
   a. The user should trigger it from agent settings
   b. Optional: Display a little callout under the "MCP Servers" section in the ... menu that triggers auth on click.
   c. Show a one-time toast per server when it’s first installed and authentication is required. We can persist whether we have shown this already in the KV store.
4. We should store the token in the system keychain rather than in a file.

1. This is implemented, in modal where a new MCP server is implemented, and also in the settings page. If for example existing token expires during session, this will also be reflected in settings menu.
2. User can authenticate/logout under MCP settings in the ... menu. If user authenticates, MCP server will be enabled automatically, vice versa with logout.
3. I implemented auto reauth flag (disabled by default), otherwise reauth flow during a session will break, but we don't want this to happen. In case this setting is disabled, MCP server error will return authentication error to tool call error:
4. This is done. I was most afraid of this part as I've never done something like this, but fortunately the core bits were already there. If user logs out, we remove the stored secret from keychain, or in the beginning of reauth flow.

[erenatas]

Hey @agu-z can you approve workflow so I can fix if any check fails?

[agu-z]

Done! Excited about your changes. Sorry, I couldn't review today, I was too busy. I'll take a look tomorrow.

[erenatas]

Done! Excited about your changes. Sorry, I couldn't review today, I was too busy. I'll take a look tomorrow.

No worries :) Thanks for having a look!

[agu-z]

@erenatas I tried this with a few servers earlier today, and none of them were able to connect. I also think the UI needs significant work. While reviewing the code, I realized there are several architectural choices I’d approach differently, so I started working on an alternative implementation and I’m already fairly far along. Given that, I don’t think it makes sense to continue with this PR.

Thanks for the effort regardless, and sorry it didn’t pan out.

[erenatas]

@erenatas I tried this with a few servers earlier today, and none of them were able to connect. I also think the UI needs significant work. While reviewing the code, I realized there are several architectural choices I’d approach differently, so I started working on an alternative implementation and I’m already fairly far along. Given that, I don’t think it makes sense to continue with this PR.

Thanks for the effort regardless, and sorry it didn’t pan out.

No problem. I would be glad If you have some time to provide feedback regarding what would be your architectural choices instead of my PR, so I would learn. Thanks for looking into it nonetheless.

Also would be happy if you share the PR you are working on, would be happy to examine. Thanks in advance!

[italomaia]

Would it not have been better to guide the contributor in this case on what a better approach would look like? Something to consider, as it may lead to recurring contributions.

[erenatas]

Hey @agu-z , it's been a while. Did you have any chance to look into this? If not, if you can provide me your feedback about how this work should be handled (or what I should not do), I can update it.

cc: @maxdeviant @zelenenka