fix(core): Add required field validation to MCP OAuth client registration

[JoseBra]

Summary

• Add validation for client_name, grant_types, and redirect_uris in the MCP OAuth client registration endpoint (/mcp-oauth/register)
• Previously, requests with missing required fields silently succeeded but the DB insert failed on NOT NULL constraints, resulting in phantom client_ids that couldn't be used
• Add 3 test cases covering each missing field scenario

Related Linear tickets, Github issues, and Community forum posts

closes #27293
Linear Reference: https://linear.app/n8n/issue/AI-2267

Review / Merge checklist

• PR title and summary are descriptive
• Tests included
• I have seen this code, I have run this code, and I take responsibility for this code.

[codecov]

Codecov Report

❌ Patch coverage is 63.63636% with 4 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
packages/cli/src/modules/mcp/mcp-oauth-service.ts	63.63%	4 Missing ⚠️

📢 Thoughts on this report? Let us know!

[github-actions]

Performance Comparison

Comparing current → latest master → 14-day baseline

docker-stats

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
docker-image-size-runners	393.00 MB	393.00 MB	391.63 MB (σ 11.06)	+0.0%	+0.3%	✅
docker-image-size-n8n	1269.76 MB	1269.76 MB	1269.76 MB (σ 0.00)	+0.0%	+0.0%	—

Idle baseline with Instance AI module loaded

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
instance-ai-rss-baseline	383.71 MB	388.20 MB	372.63 MB (σ 22.95)	-1.2%	+3.0%	✅
instance-ai-heap-used-baseline	186.49 MB	186.52 MB	186.34 MB (σ 0.24)	-0.0%	+0.1%	✅

Memory consumption baseline with starter plan resources

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
memory-heap-used-baseline	114.32 MB	114.05 MB	113.86 MB (σ 0.84)	+0.2%	+0.4%	✅
memory-rss-baseline	278.14 MB	287.98 MB	284.98 MB (σ 42.51)	-3.4%	-2.4%	✅

How to read this table

• Current: This PR's value (or latest master if PR perf tests haven't run)
• Latest Master: Most recent nightly master measurement
• Baseline: Rolling 14-day average from master
• vs Master: PR impact (current vs latest master)
• vs Baseline: Drift from baseline (current vs rolling avg)
• Status: ✅ within 1σ | ⚠️ 1-2σ | 🔴 >2σ regression

[cubic-dev-ai]

No issues found across 2 files

Architecture diagram

sequenceDiagram
    participant Client as MCP OAuth Client
    participant Ctrl as MCP Controller
    participant Service as McpOAuthService
    participant DB as Database

    Note over Client,DB: Client Registration Flow (/mcp-oauth/register)

    Client->>Ctrl: POST /mcp-oauth/register (payload)
    Ctrl->>Service: registerClient(payload)
    
    rect rgb(240, 240, 240)
    Note over Service: NEW: Validation Logic
    Service->>Service: validateClientRegistration()
    
    alt Missing client_name, grant_types, OR redirect_uris
        Service-->>Ctrl: Throw Error (Validation failed)
        Ctrl-->>Client: 4xx Bad Request
    else Fields Valid
        Service->>DB: Insert client record
        DB-->>Service: Success
        Service-->>Ctrl: client_id + credentials
        Ctrl-->>Client: 200/201 Success
    end
    end

    Note over DB: Prevents DB NOT NULL constraint<br/>violations and "phantom" client IDs.

Loading