test(mcp): unit-test surfaceOauthError typed and fallback paths

waleedlatif1 · waleedlatif1 · commit f26895adfd6d · 2026-05-20T20:40:20.000-07:00
diff --git a/apps/sim/app/api/mcp/oauth/start/route.test.ts b/apps/sim/app/api/mcp/oauth/start/route.test.ts
@@ -35,7 +35,7 @@ vi.mock('@/lib/auth/hybrid', () => hybridAuthMock)
 vi.mock('@/lib/workspaces/permissions/utils', () => permissionsMock)
 vi.mock('@/lib/mcp/oauth', () => mcpOauthMock)
 
-import { GET } from './route'
+import { GET, surfaceOauthError } from './route'
 
 describe('MCP OAuth start route', () => {
   beforeEach(() => {
@@ -135,3 +135,47 @@ describe('MCP OAuth start route', () => {
     expect(mockMcpAuth).not.toHaveBeenCalled()
   })
 })
+
+describe('surfaceOauthError', () => {
+  it('uses typed OAuthError errorCode and message for spec-compliant errors', async () => {
+    const { InvalidGrantError } = await import('@modelcontextprotocol/sdk/server/auth/errors.js')
+    const err = new InvalidGrantError('Refresh token expired')
+    expect(surfaceOauthError(err)).toBe('invalid_grant: Refresh token expired')
+  })
+
+  it('parses Raw body envelope for ServerError fallbacks (non-spec vendors)', async () => {
+    const { ServerError } = await import('@modelcontextprotocol/sdk/server/auth/errors.js')
+    const err = new ServerError(
+      'HTTP 400: Invalid OAuth error response: zod error. Raw body: {"code":400,"message":"redirect URI https://example.com/cb is not allowed","retryable":false}'
+    )
+    expect(surfaceOauthError(err)).toBe(
+      'Authorization server: redirect URI https://example.com/cb is not allowed'
+    )
+  })
+
+  it('prefers error_description over message over error in fallback envelope', async () => {
+    const { ServerError } = await import('@modelcontextprotocol/sdk/server/auth/errors.js')
+    const err = new ServerError(
+      'HTTP 400: Invalid OAuth error response: zod. Raw body: {"error":"invalid_grant","error_description":"the description","message":"the message"}'
+    )
+    expect(surfaceOauthError(err)).toBe('Authorization server: the description')
+  })
+
+  it('returns first line of generic errors', () => {
+    const err = new Error('Network blip\n  at fetch (...)')
+    expect(surfaceOauthError(err)).toBe('Network blip')
+  })
+
+  it('truncates messages longer than 250 chars with ellipsis', async () => {
+    const { InvalidGrantError } = await import('@modelcontextprotocol/sdk/server/auth/errors.js')
+    const longMessage = 'x'.repeat(300)
+    const result = surfaceOauthError(new InvalidGrantError(longMessage))
+    expect(result.endsWith('…')).toBe(true)
+    expect(result.length).toBe(251) // 250 chars + ellipsis
+  })
+
+  it('returns generic fallback for non-Error values', () => {
+    expect(surfaceOauthError(null)).toBe('Failed to start OAuth flow')
+    expect(surfaceOauthError(undefined)).toBe('Failed to start OAuth flow')
+  })
+})
diff --git a/apps/sim/app/api/mcp/oauth/start/route.ts b/apps/sim/app/api/mcp/oauth/start/route.ts
@@ -26,7 +26,7 @@ const logger = createLogger('McpOauthStartAPI')
 const OAUTH_START_TTL_MS = 10 * 60 * 1000
 const MAX_SURFACED_ERROR_LENGTH = 250
 
-function surfaceOauthError(error: unknown): string {
+export function surfaceOauthError(error: unknown): string {
   // Spec-compliant OAuth servers throw typed subclasses with clean RFC 6749 fields.
   if (error instanceof OAuthError && !(error instanceof ServerError)) {
     return truncate(`${error.errorCode}: ${error.message}`)
