Slima MCP

Advanced: debug the OAuth flow

6 min read

Web OAuth client can't connect AND no reauth prompt → some step is silently failing. This article: how to trace.

Slima Authorized Apps: after successful OAuth flow, the client appears on this page

The full 9-step OAuth flow

1. Client → POST /register (DCR — Dynamic Client Registration)
   ← 200 + client_id

2. Client → GET /.well-known/oauth-authorization-server
   ← 200 + OAuth metadata

3. Client → opens /authorize?client_id=...&code_challenge=...
   ← Slima shows sign-in / authorize

4. User → "Authorize"
   ← Slima redirects to the client's redirect_uri + code=xxx

5. Client → POST /token (with code + code_verifier)
   ← 200 + access_token + refresh_token

6. Client → GET /mcp (Authorization: Bearer access_token)
   ← 200 + MCP capabilities

7-9. Subsequent tool calls:
     Client → POST /mcp/tools/call (+ Authorization)
     ← 200 + result

Self-host: wrangler tail

If you're self-hosting:

wrangler tail my-slima-mcp

Live worker logs — see exactly which step is failing.

Production: report

If using Slima's official server and can't connect:

  1. Check the client's logs (Claude Desktop / Cursor / ChatGPT) for the last successful step + the failing one
  2. Screenshot + report via Report a bug / Contact support
  3. Include: which client, version, error code

Manual testing with curl

Test DCR

curl -X POST https://mcp.slima.ai/register \
  -H "Content-Type: application/json" \
  -d '{
    "client_name": "test",
    "redirect_uris": ["http://localhost:8901/callback"]
  }'

Expect 200 + { client_id: "...", ... }

Test well-known

curl https://mcp.slima.ai/.well-known/oauth-authorization-server

Expect OAuth metadata JSON

Call /mcp with the access token

curl https://mcp.slima.ai/mcp \
  -H "Authorization: Bearer your_access_token"

Expect 200 + MCP capabilities

Common failure points

Step Failure Fix
1 (DCR) 400 invalid_redirect_uri Ensure redirect_uri is https or http://localhost
2 (well-known) 404 Wrong server URL
3 (authorize) Redirect doesn't reach Slima Network / DNS / proxy issue
4 (callback) "redirect_uri mismatch" DCR-registered uri ≠ callback
5 (token exchange) invalid_grant Code expired (30 sec); restart
6 (mcp) 401 Authorization header missing

Related

Was this helpful?