[FEATURE]: Allow custom OAuth redirect URI configuration for MCP servers

[christso]

Summary

This feature request is focused on adding support for custom OAuth redirect URI configuration for MCP servers.

Problem

OpenCode currently hardcodes the OAuth callback URL as http://127.0.0.1:19876/mcp/oauth/callback. Many OAuth servers (Azure AD, Okta, Keycloak, GitHub OAuth apps, etc.) require exact matching of pre-registered redirect URIs, which prevents users from:

• Using OpenCode with enterprise OAuth providers that use different domains
• Configuring OAuth for deployment scenarios with custom hostnames
• Using Claude Code with different callback port configurations

Design Philosophy

OpenCode already allows overriding the clientId to impersonate different OAuth clients. Since OAuth servers validate both the client ID and the redirect URI as part of the security model, it follows logically that users should also be able to override the redirect URI.

Without this capability, there's an asymmetry where users can point to any OAuth server and any client, but are still constrained by OpenCode's hardcoded callback URL. This defeats the purpose of flexible client configuration.

Therefore, supporting custom redirectUri is essential for feature completeness when users have the ability to override clientId.

Solution

Add a new optional redirectUri configuration parameter to MCP OAuth settings, allowing users to specify custom callback URLs:

{
  "mcp": {
    "my-server": {
      "type": "remote",
      "url": "https://api.example.com",
      "oauth": {
        "clientId": "my-client-id",           // Already configurable
        "redirectUri": "https://custom.example.com/callback"  // NEW: Also configurable
      }
    }
  }
}

Implementation Details

• Add optional redirectUri field to MCP OAuth config schema
• Update OAuth provider to use configured URI when available
• Dynamically configure callback server port/path based on parsed redirect URI
• Fall back to defaults (http://127.0.0.1:19876/mcp/oauth/callback) when not specified
• Full test coverage for custom URI parsing and edge cases

Backward Compatibility

✅ Fully backward compatible - when redirectUri is not specified, uses the default OpenCode callback URL.

Related Issues

This feature was originally part of #5766 which also addressed MCP SDK version updates for authorization endpoint discovery.

Splitting these concerns:

• bug: OAuth uses wrong authorization URL and missing redirectUri config #5766: MCP SDK upgrade (authorization endpoint fix)
• This issue: Custom redirect URI support

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• bug: OAuth uses wrong authorization URL and missing redirectUri config #5766: OAuth uses wrong authorization URL and missing redirectUri config - This issue directly addresses the need for custom redirect URI configuration for MCP OAuth
• OAuth: client_credentials configuration results in authorization_code flow #7306: OAuth: client_credentials configuration results in authorization_code flow - Related to OAuth configuration flexibility for MCP servers

Feel free to ignore if none of these address your specific case.

[christso]

PR Created: #7379 - feat: add OAuth redirect URI configuration for MCP servers

This PR implements the feature requested in this issue. Ready for review!