Bug Description
The POST /gateways/{id}/tools/refresh endpoint silently returns 0 tools for OAuth gateways using the authorization_code grant type. The response completes in ~5ms with all counts at zero, without ever connecting to the upstream MCP server.
Meanwhile, the POST /oauth/fetch-tools/{id} endpoint works correctly for the same gateway.
Root Cause
_initialize_gateway() has an early-return path (around L4060-4073 in gateway_service.py) that skips MCP server connection when:
auth_type == "oauth"grant_type == "authorization_code"oauth_auto_fetch_tool_flag == False (the default)
The refresh_gateway_manually() method never retrieves the stored OAuth token from TokenStorageService, so pre_auth_headers is empty and the early-return path is always triggered.
This is inconsistent with:
- The health check code path, which correctly retrieves the stored user token via
TokenStorageService.get_user_token() before connecting
- The
fetch_tools_after_oauth() method, which also retrieves the stored token and constructs {"Authorization": f"Bearer {access_token}"} before connecting
Steps to Reproduce
- Create a gateway with
auth_type: oauth, grant_type: authorization_code
- Complete the OAuth authorization flow (user gets redirected and token is stored)
- Call
POST /gateways/{id}/tools/refresh
- Response:
{"toolsAdded": 0, "toolsUpdated": 0, "toolsRemoved": 0} in ~5ms
- Call
POST /oauth/fetch-tools/{id} — returns tools correctly
Impact
- Manual tool refresh from the admin UI never works for Authorization Code OAuth gateways
- Only
/oauth/fetch-tools/ works, which is a separate endpoint not used by the standard refresh button
- Scheduled auto-refresh from health checks works (it retrieves the token), but manual refresh does not
Proposed Fix
In refresh_gateway_manually(), when the gateway uses authorization_code OAuth flow and the caller has a user_email, retrieve the stored access token from TokenStorageService and inject it into pre_auth_headers. This causes _initialize_gateway() to use pre_auth_headers directly, bypassing the authorization_code early-return path.
PR: forthcoming
Bug Description
The
POST /gateways/{id}/tools/refreshendpoint silently returns 0 tools for OAuth gateways using theauthorization_codegrant type. The response completes in ~5ms with all counts at zero, without ever connecting to the upstream MCP server.Meanwhile, the
POST /oauth/fetch-tools/{id}endpoint works correctly for the same gateway.Root Cause
_initialize_gateway()has an early-return path (around L4060-4073 ingateway_service.py) that skips MCP server connection when:auth_type == "oauth"grant_type == "authorization_code"oauth_auto_fetch_tool_flag == False(the default)The
refresh_gateway_manually()method never retrieves the stored OAuth token fromTokenStorageService, sopre_auth_headersis empty and the early-return path is always triggered.This is inconsistent with:
TokenStorageService.get_user_token()before connectingfetch_tools_after_oauth()method, which also retrieves the stored token and constructs{"Authorization": f"Bearer {access_token}"}before connectingSteps to Reproduce
auth_type: oauth,grant_type: authorization_codePOST /gateways/{id}/tools/refresh{"toolsAdded": 0, "toolsUpdated": 0, "toolsRemoved": 0}in ~5msPOST /oauth/fetch-tools/{id}— returns tools correctlyImpact
/oauth/fetch-tools/works, which is a separate endpoint not used by the standard refresh buttonProposed Fix
In
refresh_gateway_manually(), when the gateway usesauthorization_codeOAuth flow and the caller has auser_email, retrieve the stored access token fromTokenStorageServiceand inject it intopre_auth_headers. This causes_initialize_gateway()to usepre_auth_headersdirectly, bypassing theauthorization_codeearly-return path.PR: forthcoming