Change backend token name to be compliant with OAuth specifications

golja · golja · commit 0d4c70f3a4f2 · 2025-12-01T16:45:57.000+01:00
diff --git a/config/config.json b/config/config.json
@@ -3,7 +3,7 @@
   "BACKEND_API_AUDIENCE": "https://demo-stable.ofbiz.apache.org",
   "BACKEND_API_RESOURCE": "https://demo-stable.ofbiz.apache.org",
   "BACKEND_API_AUTH": "https://demo-stable.ofbiz.apache.org/rest/auth/token",
-  "BACKEND_AUTH_TOKEN": "",
+  "BACKEND_ACCESS_TOKEN": "",
   "AUTHZ_SERVER_BASE_URL": "",
   "MCP_SERVER_BASE_URL": "",
   "SERVER_PORT": 3000,
diff --git a/src/server-remote.ts b/src/server-remote.ts
@@ -36,7 +36,7 @@ export const USER_AGENT = 'OFBiz-MCP-server';
 export const BACKEND_API_BASE = configData.BACKEND_API_BASE;
 const BACKEND_API_AUDIENCE = configData.BACKEND_API_AUDIENCE;
 const BACKEND_API_RESOURCE = configData.BACKEND_API_RESOURCE;
-const BACKEND_AUTH_TOKEN = () => getConfigData().BACKEND_AUTH_TOKEN;
+const BACKEND_ACCESS_TOKEN = () => getConfigData().BACKEND_ACCESS_TOKEN;
 const MCP_SERVER_BASE_URL = configData.MCP_SERVER_BASE_URL;
 const MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS =
   configData.MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS || [];
@@ -363,7 +363,7 @@ const handleMcpRequest = async (req: express.Request, res: express.Response) =>
         setDownstreamToken(sessionId, downstreamToken);
       } else {
         // No downstream token obtained from token exchange, fallback to static token
-        downstreamToken = BACKEND_AUTH_TOKEN();
+        downstreamToken = BACKEND_ACCESS_TOKEN();
       }
     }
     if (downstreamToken) {
