RewriteEngine On

# TODO MOVE FROM PLUGIN TO CORE
#
# Right now this redirects the following:
#  https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-protected-resource
#  https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-authorization-server
#
# @see https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization
#
# Breakdown:
# ^\.well-known/oauth-protected-resource$ — matches the exact .well-known path (the dot is escaped)
# /dan.baluta/tina3/project/disp.php?... — the internal PHP script that handles the request
# [L] — last rule, stop processing further rules
# [QSA] — Query String Append, in case any extra query params are passed to the .well-known URL
# Place this in the .htaccess at the root of php85.devel.tina.dcs (or whichever docroot covers the .well-known path).
# Result:
# A request to: https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-protected-resource
# will be internally served by your PHP script, with no redirect visible to the client — which is what OAuth metadata discovery expects.
#

RewriteRule ^\.well-known/oauth-protected-resource$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthProtectedResource [L,QSA]
RewriteRule ^\.well-known/oauth-authorization-server$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthAuthorizationServer [L,QSA]

RewriteRule ^authorize$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=authorize [L,QSA]
RewriteRule ^token$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=token [L,QSA]
RewriteRule ^register$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=register [L,QSA]
