Skip to content

Add server-side QR code to pairing key page#35

Merged
sharpninja merged 5 commits intodevelopfrom
feature/pairing-qr-code
Apr 2, 2026
Merged

Add server-side QR code to pairing key page#35
sharpninja merged 5 commits intodevelopfrom
feature/pairing-qr-code

Conversation

@sharpninja
Copy link
Copy Markdown
Owner

@sharpninja sharpninja commented Apr 2, 2026

Summary

  • Replace CDN-dependent JavaScript QR code with server-side SVG rendering using QRCoder NuGet package
  • Add /pair/qr endpoint that generates QR code images, works on LAN-only environments without internet
  • When a tunnel provider (ngrok/cloudflare/frp) is active, the QR code encodes the tunnel's public URL
  • When external Keycloak OIDC is configured, the QR code points to the identity server proxy login page through the tunnel

Test plan

  • Verify QR code renders on /pair/key after login
  • Scan QR code with mobile device and confirm it navigates to the login page
  • Test with tunnel provider active — QR code should encode the tunnel public URL
  • Test without tunnel — QR code should encode the local server URL
  • Verify /pair/qr returns 302 redirect when not authenticated

🤖 Generated with Claude Code

sharpninja and others added 5 commits March 21, 2026 02:22
@sharpninja
Merge pull request #32 from sharpninja/develop
9f24c90 
Merge develop into main
@sharpninja
Add or update the Azure App Service build and deployment workflow config
9ea5293
@sharpninja
Delete .github/workflows/main_mcpserver.yml
6d2091c
@sharpninja
Merge pull request #33 from sharpninja/claude/busy-dubinsky
93e848c 
Add REPL auth, device flow UI, TODO management, and requirements ingestion
@sharpninja @claude
Add server-side QR code to pairing key page
a44f077 
Replace CDN-dependent JavaScript QR code generation with server-side
SVG rendering using QRCoder. The /pair/qr endpoint generates the QR
code image, which works on LAN-only environments without internet.
When a tunnel provider is active, the QR code encodes the tunnel's
public URL. When external Keycloak OIDC is configured, the QR code
points to the identity server proxy login page through the tunnel.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sharpninja sharpninja merged commit a1a1189 into develop Apr 2, 2026
3 of 5 checks passed
@sharpninja sharpninja deleted the feature/pairing-qr-code branch April 2, 2026 18:17
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a44f077968

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

src/McpServer.Support.Mcp/Program.cs
var authority = oidc.Authority.TrimEnd('/');
if (Uri.TryCreate(authority, UriKind.Absolute, out var authorityUri))
{
loginUrl = $"{baseUrl}/auth/ui{authorityUri.AbsolutePath}";
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Append device path when building OIDC QR login URL

In the OIDC+tunnel branch, the QR code encodes .../auth/ui{authorityPath} (for example /auth/ui/realms/myrealm), which does not point to the device verification/login page used by this server’s OIDC proxy flow. The proxy logic elsewhere builds verification URLs as .../auth/ui{authorityPath}/device (see AuthConfigController), so scans in this configuration can land on a non-login endpoint (realm metadata or 404) and fail the intended mobile pairing/login path.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sharpninja