✔️ fix: Resource field TypeError & Missing Role Permission Type (danny-avila#8606)

* fix: resource parameter undefined TypeError in log

* chore: Add missing FILE_SEARCH permission type to IRole interface

* chore: Bump version of @librechat/data-schemas to 0.0.11

* fix: Ensure resource is defined and handle potential null values in OAuth flow

Author: danny-avila

package-lock.json

@@ -269,18 +269,17 @@ export class MCPOAuthHandler {
         authorizationUrl.searchParams.set('state', flowId);
         logger.debug(`[MCPOAuth] Added state parameter to authorization URL`);
 
-        if (resourceMetadata?.resource) {
+        if (resourceMetadata?.resource != null && resourceMetadata.resource) {
           authorizationUrl.searchParams.set('resource', resourceMetadata.resource);
+          logger.debug(
+            `[MCPOAuth] Added resource parameter to authorization URL: ${resourceMetadata.resource}`,
+          );
         } else {
           logger.warn(
             `[MCPOAuth] Resource metadata missing 'resource' property for ${serverName}. ` +
               'This can cause issues with some Authorization Servers who expect a "resource" parameter.',
           );
         }
-
-        logger.debug(
-          `[MCPOAuth] Added resource parameter to authorization URL: ${resourceMetadata.resource}`,
-        );
       } catch (error) {
         logger.error(`[MCPOAuth] startAuthorization failed:`, error);
         throw error;
@@ -343,9 +342,9 @@ export class MCPOAuthHandler {
         throw new Error('Invalid flow metadata');
       }
 
-      let resource;
+      let resource: URL | undefined;
       try {
-        if (metadata.resourceMetadata?.resource) {
+        if (metadata.resourceMetadata?.resource != null && metadata.resourceMetadata.resource) {
           resource = new URL(metadata.resourceMetadata.resource);
           logger.debug(`[MCPOAuth] Resource URL for flow ${flowId}: ${resource.toString()}`);
         }
@@ -358,12 +357,12 @@ export class MCPOAuthHandler {
       }
 
       const tokens = await exchangeAuthorization(metadata.serverUrl, {
+        redirectUri: metadata.clientInfo.redirect_uris?.[0] || this.getDefaultRedirectUri(),
         metadata: metadata.metadata as unknown as SDKOAuthMetadata,
         clientInformation: metadata.clientInfo,
-        authorizationCode,
         codeVerifier: metadata.codeVerifier,
-        redirectUri: metadata.clientInfo.redirect_uris?.[0] || this.getDefaultRedirectUri(),
-        resource: resource,
+        authorizationCode,
+        resource,
       });
 
       logger.debug('[MCPOAuth] Raw tokens from exchange:', {

packages/api/src/mcp/oauth/handler.ts

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/data-schemas",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "description": "Mongoose schemas and models for LibreChat",
   "type": "module",
   "main": "dist/index.cjs",

packages/data-schemas/package.json

@@ -35,5 +35,8 @@ export interface IRole extends Document {
     [PermissionTypes.WEB_SEARCH]?: {
       [Permissions.USE]?: boolean;
     };
+    [PermissionTypes.FILE_SEARCH]?: {
+      [Permissions.USE]?: boolean;
+    };
   };
 }