What's Changed
Fixed
-
[#576] OAuth token exchange fails with 500 for public PKCE clients (
authorization.py): claude.ai and other MCP clients that use OAuth 2.1 public-client PKCE flow (noclient_secret) received a500 Internal Server Errorduring token exchange. The endpoint now detects public clients — requests supplying acode_verifierbut noclient_secret— and skips secret authentication, using the PKCE verifier as identity proof per OAuth 2.1 §2.1. Confidential clients (withclient_secret) are unaffected. Closes #576. -
Missing
/.well-known/oauth-protected-resourceendpoint (discovery.py): The endpoint required by RFC 9728 and the MCP OAuth spec was returning 404, breaking OAuth discovery for compliant MCP clients. AddedOAuthProtectedResourceMetadataPydantic model and corresponding route, which advertises the resource identifier and authorization server URLs withtoken_endpoint_auth_methods_supported: ["none"]. -
Opaque OAuth error logging: Added
exc_info=Trueto exception handlers in the token and authorization endpoints so that full tracebacks are recorded in logs instead of generic error messages, making future debugging significantly easier.
Added
-
Automated CHANGELOG housekeeping workflow (
.github/workflows/changelog-housekeeping.yml): Monthly GitHub Actions workflow (runs on the 1st of each month, also triggerable viaworkflow_dispatch) that automatically archives CHANGELOG entries older than the 8 most recent versions intodocs/archive/CHANGELOG-HISTORIC.md. Validates that no version entries are lost during archival. -
Changelog housekeeping script (
scripts/maintenance/changelog_housekeeping.py): Backing Python script with--dry-runsupport and README "Previous Releases" trimming (max 7 entries). SHA-pinned third-party Actions for security.
Upgrade Notes
No breaking changes. Standard upgrade:
pip install --upgrade mcp-memory-service
# or
uvx mcp-memory-service@latestIf you use claude.ai's MCP integration panel and encountered OAuth 500 errors, this release resolves the issue. No configuration changes needed.