feat: expose authProvider for HTTP MCP servers to enable OAuth token refresh

[PhoebeMay]

Summary

Exposes authProvider option for HTTP-based MCP servers to enable OAuth authentication with automatic token refresh.

Changes

• Add authProvider field to HttpServerDefinition type (excluded from stdio servers)
• Pass authProvider to both Streamable HTTP and SSE transports in connectHttp method
• Add comprehensive tests covering authProvider configuration and backward compatibility
• Update README with OAuth authentication documentation and usage examples
• Add changelog entry

Test plan

• New tests verify authProvider can be configured for HTTP servers
• Tests confirm authProvider is excluded from stdio server definitions
• Backward compatibility confirmed - servers work without authProvider
• Both HTTP transport types (Streamable HTTP and SSE fallback) receive authProvider

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[changeset-bot]

🦋 Changeset detected

Latest commit: df860c9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages

Name	Type
@mastra/mcp	Patch
mastra	Patch
@mastra/mcp-docs-server	Patch
@mastra/dane	Patch
create-mastra	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

@PhoebeMay is attempting to deploy a commit to the Mastra Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR exposes OAuth authentication support for HTTP-based MCP (Model Context Protocol) servers by adding an authProvider field to the client configuration. The implementation adds type-safe OAuth support that's restricted to HTTP servers only (excluding stdio servers), as OAuth authentication is only relevant for HTTP-based connections.

The key changes include:

• Type System Updates: Added authProvider?: StreamableHTTPClientTransportOptions['authProvider'] to HttpServerDefinition while explicitly excluding it from StdioServerDefinition with authProvider?: never
• Transport Integration: Modified the connectHttp method to extract and pass the authProvider to both StreamableHTTPClientTransport and SSEClientTransport constructors
• Comprehensive Testing: Added test coverage for authProvider configuration, backward compatibility, and proper exclusion from stdio servers
• Documentation: Updated README with OAuth authentication examples and usage patterns

This change enables automatic token refresh for long-running MCP client connections to HTTP servers that require OAuth authentication, addressing a critical need for production applications that need to maintain authenticated connections over extended periods.

Confidence score: 5/5

• This PR is very safe to merge with minimal risk of production issues
• The implementation follows established patterns, maintains backward compatibility, and includes comprehensive tests
• All files look well-implemented with proper type safety and no apparent issues

_{3 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[wardpeet]

LGTM, but @DanielSLew, does this look correct for you?