24338135480

Committed 13 Apr 2026 10:17AM UTC coverage: 65.625% (+0.05%) from 65.573%

Build # 24338135480

Build Type

push

github

Committed by

web-flow

Commit Message

Return 503 for expired proxy tokens (#4722)

* Return 503 for expired proxy tokens

When the proxy's OAuth token source fails, the token injection
middleware returned 401 Unauthorized. MCP clients interpret 401
as a signal to begin OAuth authentication, but the proxy manages
OAuth internally and has no client-facing OAuth metadata. The
failed discovery is cached, blocking reconnection even after the
token refreshes.

Return 503 Service Unavailable with Retry-After instead, which
clients treat as a transient connection error.

Fixes #4721

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Greg Katz <gkatz@indeed.com>

* Extract Retry-After value into named constant

Address review nit: extract the retry delay into a package-level
constant with a comment linking it to the MonitoredTokenSource
backoff interval.

Signed-off-by: Greg Katz <gkatz@indeed.com>

---------

Signed-off-by: Greg Katz <gkatz@indeed.com>
Co-authored-by: Claude <noreply@anthropic.com>

Coverage Stats

5 of 5 new or added lines in 1 file covered. (100.0%)

156 existing lines in 3 files now uncovered.

56745 of 86468 relevant lines covered (65.63%)

62.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.38

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 24338135480

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous