fix(broker): sanitize OAuth callback error & token-endpoint failures (MCP-1045)

[Dumbris]

Summary

Addresses the MCP-1045 / T12 security review verdict (Codex request_changes) on the credential-broker (spec 074). Two paths leaked authorization-server-controlled strings into logs/responses, violating the FR-029 / SC-005 no secret in logs/responses/audit invariant. PR #694 was already merged, so this is the follow-up fix; the Paperclip comment remains the review-of-record.

Finding 1 — connect-callback raw error leak

internal/serveredition/api/credential_handlers.go coerced the raw ?error= query value only for the audit sink, but still:

• logged it verbatim (reason), and
• reflected it into the browser redirect's credential_error param.

Both now use the sanitized label (sanitizeCallbackError). An upstream AS fully controls this value and could embed secrets or echoed input.

Finding 2 — token-endpoint raw body leak

internal/serveredition/broker/oauth_connector.go::postToken returned the raw token-endpoint response body in its error, which is logged on the connect path (credential_handlers.go) and the refresh path (credential_resolver.go). A hostile/misconfigured AS can embed access/refresh tokens, client details, or echoed request data there.

postToken now returns only the HTTP status plus an allowlisted RFC 6749 §5.2 OAuth error code (via new sanitizedTokenEndpointError), mirroring the RFC 8693 exchanger's existing sanitizedError. Non-allowlisted codes and the raw body/error_description are dropped.

Tests (TDD — written failing first)

• TestCredentialsCallback_Denied_RedirectSanitized — redirect credential_error carries the coerced label, never the raw AS string.
• TestOAuthConnector_Complete_TokenEndpointError_NoBodyLeak — a token-stuffed error body never reaches the returned error.
• TestOAuthConnector_TokenEndpointError_AllowlistedCode — allowlisted codes pass through; others are dropped.

Verification

• go test -tags server ./internal/serveredition/broker ./internal/serveredition/api ./internal/transport ✅
• go test -tags server -race ./internal/serveredition/broker ./internal/serveredition/api ✅
• go build -tags server ./cmd/mcpproxy and go build ./cmd/mcpproxy ✅
• New server-edition code lints clean (golangci-lint --build-tags server).

Docs

• docs/features/idp-token-storage.md updated to state the connect error flag is a coerced, secret-free label.

Related #694

[cloudflare-workers-and-pages]

Deploying mcpproxy-docs with    Cloudflare Pages

Latest commit:	4cd64be
Status:	✅  Deploy successful!
Preview URL:	https://2f3271f9.mcpproxy-docs.pages.dev
Branch Preview URL:	https://fix-mcp1045-oauth-error-leak.mcpproxy-docs.pages.dev

View logs

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-actions]

📦 Build Artifacts

Workflow Run: View Run
Branch: fix/mcp1045-oauth-error-leak

Available Artifacts

• archive-darwin-amd64 (28 MB)
• archive-darwin-arm64 (25 MB)
• archive-linux-amd64 (16 MB)
• archive-linux-arm64 (14 MB)
• archive-windows-amd64 (28 MB)
• archive-windows-arm64 (25 MB)
• frontend-dist-pr (0 MB)
• installer-dmg-darwin-amd64 (21 MB)
• installer-dmg-darwin-arm64 (19 MB)

How to Download

Option 1: GitHub Web UI (easiest)

1. Go to the workflow run page linked above
2. Scroll to the bottom "Artifacts" section
3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 27859650989 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.

[mcpproxy-gatekeeper]

✅ Gatekeeper approval — review verdict: ACCEPT (by KimiReviewer, model-diverse fallback).

This approval is posted automatically by the MCPProxy Gatekeeper App on behalf of KimiReviewer — the model-diverse reviewer-fallback reviewer of record (verdict lives in the Paperclip review thread). Author≠approver satisfied; QA + CI gates enforced separately.

Auto-approved per Model B (MCP-1249) + reviewer-fallback (MCP-3066).