59873342e9
In external OAuth 2.1 mode, skip session storage entirely. The access token arrives fresh with every request from the external provider, there's no refresh_token, and the mcp_session_id is ephemeral (new UUID per request in stateless mode). Storing these transient tokens creates unbounded dict growth (memory leak) with entries that are never cleaned up or reused. Credit to @ljagiello in PR #383 Co-authored-by: lukasz@jagiello.org
32 KiB
32 KiB