clean-up DCR revoke

Author: saucow

cmd/docker-mcp/oauth/revoke.go

@@ -4,30 +4,35 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/docker/mcp-gateway/pkg/catalog"
 	"github.com/docker/mcp-gateway/pkg/desktop"
 )
 
 func Revoke(ctx context.Context, app string) error {
 	client := desktop.NewAuthClient()
 
-	// Check if this is a DCR provider
-	dcrClient, err := client.GetDCRClient(ctx, app)
-	if err == nil && dcrClient.State != "" {
-		// Handle UNREGISTERED providers - they don't have tokens yet
-		if dcrClient.State == "unregistered" {
-			return fmt.Errorf("provider %s is not authenticated yet - nothing to revoke", app)
-		}
+	// Get catalog to check if this is a remote OAuth server
+	catalogData, err := catalog.GetWithOptions(ctx, true, nil)
+	if err != nil {
+		return fmt.Errorf("failed to get catalog: %w", err)
+	}
+
+	server, found := catalogData.Servers[app]
+	isRemoteOAuth := found && server.IsRemoteOAuthServer()
+
+	fmt.Printf("Revoking OAuth access for %s...\n", app)
+
+	// Revoke tokens
+	if err := client.DeleteOAuthApp(ctx, app); err != nil {
+		return fmt.Errorf("failed to revoke OAuth access: %w", err)
+	}
 
-		// REGISTERED DCR provider - revoke tokens but preserve DCR client for re-auth
-		fmt.Printf("Revoking OAuth access for %s...\n", app)
-		if err := client.DeleteOAuthApp(ctx, app); err != nil {
-			return fmt.Errorf("failed to revoke OAuth access for %s: %w", app, err)
+	// For remote OAuth servers, also delete DCR client
+	if isRemoteOAuth {
+		if err := client.DeleteDCRClient(ctx, app); err != nil {
+			return fmt.Errorf("failed to remove DCR client: %w", err)
 		}
-		fmt.Printf("OAuth access revoked for %s\n", app)
-		fmt.Printf("Note: DCR client registration preserved. Run 'docker mcp oauth authorize %s' to re-authenticate\n", app)
-		return nil
 	}
 
-	// Built-in OAuth provider - just revoke tokens
-	return client.DeleteOAuthApp(ctx, app)
+	return nil
 }

cmd/docker-mcp/server/enable.go

@@ -9,28 +9,11 @@ import (
 
 	"github.com/docker/mcp-gateway/pkg/catalog"
 	"github.com/docker/mcp-gateway/pkg/config"
-	"github.com/docker/mcp-gateway/pkg/desktop"
 	"github.com/docker/mcp-gateway/pkg/docker"
 	"github.com/docker/mcp-gateway/pkg/oauth"
 )
 
 func Disable(ctx context.Context, docker docker.Client, serverNames []string, mcpOAuthDcrEnabled bool) error {
-	// Get catalog including user-configured catalogs to find OAuth-enabled remote servers for DCR cleanup
-	catalog, err := catalog.GetWithOptions(ctx, true, nil)
-	if err != nil {
-		return fmt.Errorf("failed to get catalog: %w", err)
-	}
-
-	// Clean up OAuth for disabled servers first
-	for _, serverName := range serverNames {
-		if server, found := catalog.Servers[serverName]; found {
-			// Three-condition check: DCR flag enabled AND type="remote" AND oauth present
-			if mcpOAuthDcrEnabled && server.IsRemoteOAuthServer() {
-				cleanupOAuthForRemoteServer(ctx, serverName)
-			}
-		}
-	}
-
 	return update(ctx, docker, nil, serverNames, mcpOAuthDcrEnabled)
 }
 
@@ -113,27 +96,3 @@ func update(ctx context.Context, docker docker.Client, add []string, remove []st
 
 	return nil
 }
-
-// cleanupOAuthForRemoteServer removes OAuth provider and DCR client for clean slate UX
-// This ensures disabled servers disappear completely from the Docker Desktop OAuth tab
-func cleanupOAuthForRemoteServer(ctx context.Context, serverName string) {
-	client := desktop.NewAuthClient()
-
-	fmt.Printf("Cleaning up OAuth for %s...\n", serverName)
-
-	// 1. Revoke OAuth tokens (idempotent - fails gracefully if not exists)
-	if err := client.DeleteOAuthApp(ctx, serverName); err != nil {
-		fmt.Printf("   • No OAuth tokens to revoke\n")
-	} else {
-		fmt.Printf("   • OAuth tokens revoked\n")
-	}
-
-	// 2. Delete DCR client data (idempotent - fails gracefully if not exists)
-	if err := client.DeleteDCRClient(ctx, serverName); err != nil {
-		fmt.Printf("   • No DCR client to remove\n")
-	} else {
-		fmt.Printf("   • DCR client data removed\n")
-	}
-
-	fmt.Printf("OAuth cleanup complete for %s\n", serverName)
-}