Chess MCP

# ✅ OAuth Implementation Complete - Next Steps ## Current Status ✅ **All OAuth endpoints working** with correct ngrok URLs ✅ **Cache-control headers added** to prevent ChatGPT caching ✅ **Debug logging enabled** for troubleshooting ✅ **Per-user game state** implemented ✅ **JWT token verification** working ## The Problem ChatGPT cached old metadata when your `MCP_SERVER_URL` was set to `localhost:8000`. Even though the endpoints now return the correct ngrok URL, ChatGPT is using its cached version. ## ⚠️ CRITICAL: Update Google OAuth Redirect URI First! **Before following the steps below**, you MUST update your Google OAuth redirect URI: 1. Go to [Google Cloud Console](https://console.cloud.google.com/apis/credentials) 2. Click on your OAuth 2.0 Client ID 3. Under **Authorized redirect URIs**, update to: ``` https://shimmery-genevive-wooly.ngrok-free.dev/oauth/callback ``` (Use your actual ngrok URL, not ChatGPT's callback!) 4. Click **Save** **The redirect URI has changed from:** - ❌ Old: `https://chat.openai.com/aip/oauth2/callback` - ✅ New: `https://your-ngrok-url.ngrok-free.dev/oauth/callback` ## The Solution (3 Steps) ### Step 1: Delete Old Connector in ChatGPT 1. Go to https://chat.openai.com/ 2. Click **Settings** (bottom left) 3. Navigate to **Connectors** or **Beta Features** 4. Find **Chess MCP** connector 5. Click **Delete** or **Remove** 6. **IMPORTANT:** Wait **2-3 minutes** for the cache to expire ### Step 2: Verify Endpoints (Optional but Recommended) Run these commands to confirm everything is ready: ```bash # 1. Protected resource (should show your ngrok URL) curl https://shimmery-genevive-wooly.ngrok-free.dev/.well-known/oauth-protected-resource # 2. Authorization server (should show ngrok URL in registration_endpoint) curl https://shimmery-genevive-wooly.ngrok-free.dev/.well-known/oauth-authorization-server | grep registration_endpoint # 3. DCR endpoint (should return client credentials) curl -X POST https://shimmery-genevive-wooly.ngrok-free.dev/.well-known/oauth-authorization-server/register \ -H "Content-Type: application/json" \ -d '{"redirect_uris":["https://chat.openai.com/aip/oauth2/callback"]}' ``` All should return success with your ngrok URL (not localhost). ### Step 3: Add New Connector in ChatGPT 1. Go back to ChatGPT Settings → Connectors 2. Click **Add Connector** or **+ New** 3. Fill in: - **Name:** Chess MCP - **URL:** `https://shimmery-genevive-wooly.ngrok-free.dev` - **Description:** Play chess with Google OAuth authentication 4. Click **Save** or **Add** ChatGPT will now: - Fetch fresh OAuth metadata (no cache) - Discover the DCR endpoint with correct URL - Register successfully - Be ready to authenticate users ### Step 4: Test the OAuth Flow 1. Start a new ChatGPT conversation 2. Type: `Let's play chess! I'll start with e4` 3. ChatGPT will prompt you to **Connect** or **Authenticate** 4. Click the authentication button 5. You'll be redirected to **Google login** 6. Sign in with your Google account 7. Grant permissions (openid, email, profile) 8. You'll be redirected back to ChatGPT 9. The chess board should appear! ♟️ ## What to Watch For ### Server Logs You should see these log messages when ChatGPT connects: ``` [OAuth] Protected resource metadata requested from xxx.xxx.xxx.xxx [OAuth] Authorization server metadata requested from xxx.xxx.xxx.xxx [OAuth] Returning registration_endpoint: https://shimmery-genevive-wooly.ngrok-free.dev/... [OAuth] DCR registration request received from xxx.xxx.xxx.xxx [OAuth] DCR returning client_id: 656546278993-j77tahcn... ``` ### ChatGPT Behavior - First tool call will prompt for authentication - Google login page appears - After authentication, tools work immediately - Each user gets their own isolated chess game ## If It Still Doesn't Work ### Option A: Try Incognito Browser 1. Open ChatGPT in **incognito/private browsing** 2. Add the connector there (completely fresh, no cache) 3. Test the OAuth flow ### Option B: Get New ngrok URL 1. Stop ngrok (Ctrl+C) 2. Run `ngrok http 8000` again (gets new subdomain) 3. Update `server/.env` with the NEW ngrok URL 4. Restart Python server: `python3 main.py` 5. Add connector with the new URL ChatGPT has no cached data for a new URL, so this guarantees a fresh start. ## Pre-Flight Checklist Before adding the connector, verify: - [ ] Server running: `python3 server/main.py` - [ ] ngrok running: `ngrok http 8000` - [ ] `.env` has correct ngrok URL (no trailing slash) - [ ] Protected resource endpoint returns ngrok URL - [ ] Auth server metadata has ngrok URL in `registration_endpoint` - [ ] DCR endpoint returns client credentials - [ ] **Old connector deleted from ChatGPT** - [ ] **Waited 2-3 minutes after deletion** ## Support Files - **Detailed Setup:** `GOOGLE_OAUTH_SETUP.md` - **Quick Start:** `OAUTH_QUICK_START.md` - **Troubleshooting:** `CHATGPT_CONNECTOR_TROUBLESHOOTING.md` - **Implementation Details:** `OAUTH_IMPLEMENTATION_COMPLETE.md` ## Summary Your server is **100% ready**. The only remaining step is to **delete the old connector in ChatGPT, wait 2-3 minutes, and add it again**. The cache-control headers ensure this won't happen again in the future! 🎉