Called after the initialization of the backend application is complete. Use this to configure the Express app before it is started, for example to offer additional endpoints.
The implementation may be async, however it will still block the configuration step until it's resolved.
the express application to configure.
either undefined or a Promise resolving to undefined.
ProtectedgetProtectedhandle
Browser/hosted transport for the MCP OAuth callback: a thin Express adapter over the shared MCPOAuthCallbackResponder. It only parses
req.queryinto the responder's input and writes the responder's output; thestate-bound dispatch, error sanitization, and locked-down headers all live in the responder.Unauthenticated by design: OAuth redirects from the authorization server don't carry Theia's security-token cookie. Safety relies on the responder's
state-bound dispatch, HTML escaping of reflected error text, and a locked-down CSP. In Electron the redirect is delivered to the loopback callback server instead, so this origin-based route is unused there.