Skip to content

Sanitize OAuth telemetry and harden callback HTTP responses #842

Description

@dcramer

Problem

SDK OAuth errors may include raw provider response bodies, and non-auth MCP HTTP errors include response text in StreamableHTTPError. Junior captures these exceptions and may attach their messages to logs or spans.

OAuth callback HTML also lacks explicit Cache-Control: no-store, a restrictive referrer policy, and CSP.

Acceptance criteria

  • OAuth/MCP transport errors are translated into phase-specific safe error types before logging.
  • Raw response bodies, authorization URLs, codes, tokens, client secrets, and provider-controlled HTML/text never enter telemetry.
  • Diagnostic metadata records safe phase, provider, status, resource host, and correlation IDs.
  • Error response reads are size-bounded.
  • OAuth callback responses use Cache-Control: no-store, restrictive referrer policy, CSP, and content-type protections.
  • Tests inject secret-bearing/malicious provider errors and assert logs, spans, and HTML remain safe.

Confirmed by the provider-agnostic OAuth implementation audit tracked in #843.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions