HttpClientStreamHttpTransport: add authorization error handler#861
HttpClientStreamHttpTransport: add authorization error handler#861
Conversation
Kehrlann
added
area/client
P1
Kehrlann
force-pushed
the
dgarnier/http-client-error-handler
branch
2 times, most recently
from
1ccce75 to
f8c77f9
Compare
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
Kehrlann
force-pushed
the
dgarnier/http-client-error-handler
branch
from
f8c77f9 to
e0c1225
Compare
chemicL
left a comment
chemicL
left a comment
There was a problem hiding this comment.
I like the overall design. I have a couple of suggestions regarding method names and also the blocking avoidance in the sync implementation. Feel free to merge once these are addressed. Thanks!
| * @return {@link Publisher} emitting true if the original request should be replayed, | ||
| * false otherwise. | ||
| */ | ||
| Publisher<Boolean> handle(HttpResponse.ResponseInfo responseInfo, McpTransportContext context); |
There was a problem hiding this comment.
This method seems like it's aimed at the end user. I think the name is fine and semantics are clear. What I'd suggest documenting is what happens when there is an error from the returned Publisher.
| * @param retryHandler the handler to use to retry the HTTP request. | ||
| * @return a {@link Publisher} to signal either an error or a retry | ||
| */ | ||
| default Publisher<Void> handle(HttpResponse.ResponseInfo responseInfo, McpTransportContext context, |
There was a problem hiding this comment.
I think this method is rather aimed at transport implementors, not end users. It has different semantics, it returns Publisher<Void> instead of Publisher<Boolean> from the other method. I'd suggest calling it onAuthError and documenting what is the intention for a return Publisher that errors.
| var shouldRetry = handler.handle(info, context); | ||
| return Mono.just(shouldRetry).subscribeOn(Schedulers.boundedElastic()); |
There was a problem hiding this comment.
The subscribeOn use is ineffective. You should wrap the handler.handle inside a Mono.fromCallable and on top of that chain add the subscribeOn operator to avoid blocking a non-blocking thread.
2 participants
Motivation and Context
In the context of authorization management, we need to handle authorization errors (HTTP 401 and 403) in the client transports. This PR introduces a hook to react to these specific errors. See gh-240.
The hook exposes a "retry" mechanism, so that handlers can decide the request must be replayed, for example, after performing a dynamic client registration, or after updating the scopes in the "step up" scenario.
This PR does not target the SSE transport as we don't intend to evolve it.
Only the
sendMessageis targeted. DELETE doesn't require authentication AFAIK.How Has This Been Tested?
Test with spring's
mcp-securityproject.Breaking Changes
n/a
Types of changes