axios+telemetry cleanup

services/mcp/auth.ts

@@ -24,7 +24,7 @@ import {
   OAuthTokensSchema,
 } from '@modelcontextprotocol/sdk/shared/auth.js'
 import type { FetchLike } from '@modelcontextprotocol/sdk/shared/transport.js'
-import axios from 'axios'
+import { isHttpError, nativeRequest } from '../../utils/http.js'
 import { createHash, randomBytes, randomUUID } from 'crypto'
 import { mkdir } from 'fs/promises'
 import { createServer, type Server } from 'http'
@@ -428,25 +428,30 @@ async function revokeToken({
   }
 
   try {
-    await axios.post(endpoint, params, { headers })
+    await nativeRequest(endpoint, {
+      method: 'POST',
+      headers: { ...headers, 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: params.toString(),
+      responseType: 'text',
+    })
     logMCPDebug(serverName, `Successfully revoked ${tokenTypeHint}`)
   } catch (error: unknown) {
-    // Fallback for non-RFC-7009-compliant servers that require Bearer auth
     if (
-      axios.isAxiosError(error) &&
-      error.response?.status === 401 &&
+      isHttpError(error) &&
+      error.status === 401 &&
       accessToken
     ) {
       logMCPDebug(
         serverName,
         `Got 401, retrying ${tokenTypeHint} revocation with Bearer auth`,
       )
-      // RFC 6749 §2.3.1: must not send more than one auth method. The retry
-      // switches to Bearer — clear any client creds from the body.
       params.delete('client_id')
       params.delete('client_secret')
-      await axios.post(endpoint, params, {
-        headers: { ...headers, Authorization: `Bearer ${accessToken}` },
+      await nativeRequest(endpoint, {
+        method: 'POST',
+        headers: { ...headers, Authorization: `Bearer ${accessToken}`, 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: params.toString(),
+        responseType: 'text',
       })
       logMCPDebug(
         serverName,