fix(mcp): final audit fixes — state TTL, authProvider guard, decrypt fallback

- loadOauthRowByState: enforce 10min TTL on state row to prevent replay of
  stale unconsumed states.
- McpClient: throw on authType=oauth without an authProvider instead of
  silently falling back to header auth.
- loadPreregisteredClient: tolerate decrypt failure by treating as no
  preregistered client rather than crashing the OAuth flow.

Author: waleedlatif1

apps/sim/lib/mcp/client.ts

@@ -90,7 +90,10 @@ export class McpClient {
       throw new McpError('URL required for Streamable HTTP transport')
     }
 
-    const useOauth = this.config.authType === 'oauth' && this.authProvider != null
+    if (this.config.authType === 'oauth' && this.authProvider == null) {
+      throw new McpError('OAuth MCP server requires an authProvider')
+    }
+    const useOauth = this.config.authType === 'oauth'
     this.transport = new StreamableHTTPClientTransport(new URL(this.config.url), {
       authProvider: useOauth ? this.authProvider : undefined,
       requestInit: useOauth ? undefined : { headers: this.config.headers },

apps/sim/lib/mcp/oauth/provider.ts

@@ -6,6 +6,8 @@ import type {
 } from '@modelcontextprotocol/sdk/shared/auth.js'
 import { db } from '@sim/db'
 import { mcpServers } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
 import { generateId } from '@sim/utils/id'
 import { eq } from 'drizzle-orm'
 import { decryptSecret } from '@/lib/core/security/encryption'
@@ -22,6 +24,8 @@ import {
   saveTokens as saveTokensDb,
 } from '@/lib/mcp/oauth/storage'
 
+const logger = createLogger('SimMcpOauthProvider')
+
 export class McpOauthRedirectRequired extends Error {
   constructor(public readonly authorizationUrl: string) {
     super('MCP OAuth redirect required')
@@ -160,8 +164,16 @@ export async function loadPreregisteredClient(
   if (!row?.clientId) return undefined
   let clientSecret: string | undefined
   if (row.clientSecret) {
-    const { decrypted } = await decryptSecret(row.clientSecret)
-    clientSecret = decrypted
+    try {
+      const { decrypted } = await decryptSecret(row.clientSecret)
+      clientSecret = decrypted
+    } catch (error) {
+      logger.warn('Failed to decrypt preregistered MCP OAuth client secret; ignoring', {
+        serverId,
+        error: toError(error).message,
+      })
+      return undefined
+    }
   }
   return { clientId: row.clientId, clientSecret }
 }

apps/sim/lib/mcp/oauth/storage.ts

@@ -6,13 +6,15 @@ import type {
 import { db } from '@sim/db'
 import { mcpServerOauth } from '@sim/db/schema'
 import { generateId } from '@sim/utils/id'
-import { and, eq } from 'drizzle-orm'
+import { and, eq, gt } from 'drizzle-orm'
 import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
 
 function hashState(state: string): string {
   return createHash('sha256').update(state).digest('hex')
 }
 
+const STATE_TTL_MS = 10 * 60 * 1000
+
 export interface McpOauthRow {
   id: string
   mcpServerId: string
@@ -109,7 +111,12 @@ export async function loadOauthRowByState(state: string): Promise<McpOauthRow |
   const [row] = await db
     .select()
     .from(mcpServerOauth)
-    .where(eq(mcpServerOauth.state, hashState(state)))
+    .where(
+      and(
+        eq(mcpServerOauth.state, hashState(state)),
+        gt(mcpServerOauth.updatedAt, new Date(Date.now() - STATE_TTL_MS))
+      )
+    )
     .limit(1)
   if (!row) return null
   return {