Double slashes in AuthorizationManager URLs

[camfulton]

Describe the bug
AuthorizationManager.discover_metadata results in urls like: http://example.com//authorize as a result of the call to auth_base.set_path(""); which resolves URLs with a trailing slash which is then doubled authorization_endpoint: format!("{}/authorize", auth_base). This is probably also happening for the call to ./well-known/... as well but I haven't verified.

To Reproduce
Steps to reproduce the behavior:

        let mut oauth_state = OAuthState::new("https://example.com/mcp", None)
            .await
            .context("Failed to initialize oauth state machine")?;

        log::info!("created oauth state, trying to start auth...");
        oauth_state
            .start_authorization(
                &["mcp", "profile", "email"],
                "http://localhost:8080/callback",
            )
            .await
            .context("Failed to start authorization")?;

Expected behavior
I expect the OAuthState machine to have resolvable URLs

[michael-watson]

I’m seeing this as well and can reproduce with our hosted community server:

1. Using Goose CLI
2. goose configure
3. Add Streaming HTTP extension
4. Enter https://events.apollo.dev/mcp
5. goose
6. You’ll need to sign up in the next window, it’s all free and just a community talk submission server
7. redirect will error at https://events.apollo.dev//authorize?…
   The server is using WorkOS for auth with DCR and Apollo MCP Server which is Rust based and uses this SDK. I believe Goose also uses this SDK.

What’s interesting is if you:

1. goose configure
2. Add Command Line Extension
3. Enter npx mcp-remote https://events.apollo.dev/mcp
4. goose
5. you can successfully complete the auth flow

So I’ve found that auth with this sdk works fine with mcp-remote but every other agent I use has this issues (goose, cursor, smithery etc.)

[4t145]

@jokemanfire would you like to help to fix this?

[jokemanfire]

Let me check this problem.