fix(mcp): use getBaseUrl for OAuth discovery metadata URLs (#3283)

* fix(mcp): use getBaseUrl for OAuth discovery metadata URLs

* fix(mcp): remove unused request params from discovery route handlers

Author: waleedlatif1

apps/sim/app/.well-known/oauth-authorization-server/[...issuer]/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpAuthorizationServerMetadataResponse()
 }

apps/sim/app/.well-known/oauth-authorization-server/api/mcp/copilot/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpAuthorizationServerMetadataResponse()
 }

apps/sim/app/.well-known/oauth-authorization-server/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpAuthorizationServerMetadataResponse()
 }

apps/sim/app/.well-known/oauth-protected-resource/api/mcp/copilot/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpProtectedResourceMetadataResponse()
 }

apps/sim/app/.well-known/oauth-protected-resource/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpProtectedResourceMetadataResponse()
 }

apps/sim/app/api/mcp/copilot/.well-known/oauth-authorization-server/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpAuthorizationServerMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpAuthorizationServerMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpAuthorizationServerMetadataResponse()
 }

apps/sim/app/api/mcp/copilot/.well-known/oauth-protected-resource/route.ts

@@ -1,6 +1,6 @@
-import type { NextRequest, NextResponse } from 'next/server'
+import type { NextResponse } from 'next/server'
 import { createMcpProtectedResourceMetadataResponse } from '@/lib/mcp/oauth-discovery'
 
-export async function GET(request: NextRequest): Promise<NextResponse> {
-  return createMcpProtectedResourceMetadataResponse(request)
+export async function GET(): Promise<NextResponse> {
+  return createMcpProtectedResourceMetadataResponse()
 }

apps/sim/app/api/mcp/copilot/route.ts

@@ -32,6 +32,7 @@ import {
 import { DIRECT_TOOL_DEFS, SUBAGENT_TOOL_DEFS } from '@/lib/copilot/tools/mcp/definitions'
 import { env } from '@/lib/core/config/env'
 import { RateLimiter } from '@/lib/core/rate-limiter'
+import { getBaseUrl } from '@/lib/core/utils/urls'
 import {
   authorizeWorkflowByWorkspacePermission,
   resolveWorkflowIdForUser,
@@ -542,7 +543,8 @@ export async function POST(request: NextRequest) {
   const hasAuth = request.headers.has('authorization') || request.headers.has('x-api-key')
 
   if (!hasAuth) {
-    const resourceMetadataUrl = `${request.nextUrl.origin}/.well-known/oauth-protected-resource/api/mcp/copilot`
+    const origin = getBaseUrl().replace(/\/$/, '')
+    const resourceMetadataUrl = `${origin}/.well-known/oauth-protected-resource/api/mcp/copilot`
     return new NextResponse(JSON.stringify({ error: 'unauthorized' }), {
       status: 401,
       headers: {

apps/sim/lib/mcp/oauth-discovery.ts

@@ -1,11 +1,12 @@
-import { type NextRequest, NextResponse } from 'next/server'
+import { NextResponse } from 'next/server'
+import { getBaseUrl } from '@/lib/core/utils/urls'
 
-function getOrigin(request: NextRequest): string {
-  return request.nextUrl.origin
+function getOrigin(): string {
+  return getBaseUrl().replace(/\/$/, '')
 }
 
-export function createMcpAuthorizationServerMetadataResponse(request: NextRequest): NextResponse {
-  const origin = getOrigin(request)
+export function createMcpAuthorizationServerMetadataResponse(): NextResponse {
+  const origin = getOrigin()
   const resource = `${origin}/api/mcp/copilot`
 
   return NextResponse.json(
@@ -34,8 +35,8 @@ export function createMcpAuthorizationServerMetadataResponse(request: NextReques
   )
 }
 
-export function createMcpProtectedResourceMetadataResponse(request: NextRequest): NextResponse {
-  const origin = getOrigin(request)
+export function createMcpProtectedResourceMetadataResponse(): NextResponse {
+  const origin = getOrigin()
   const resource = `${origin}/api/mcp/copilot`
   const authorizationServerIssuer = origin