Fix ngrok invocation

- The OAUTH from ngrok could not be handled by OpenAI and was
only haölf implemented. The policy file is the right way but it still
wont detect it..

- Most importantly we trail the logs at the end of the script to
avoid the script from terminating.

scripts/oauth_policy.yml

@@ -0,0 +1,9 @@
+on_http_request:
+  - actions:
+    - type: oauth
+      config:
+        provider: google
+  - expressions:
+      - "!(actions.ngrok.oauth.identity.email in ['andre.heinecke@gmail.com'])"
+    actions:
+      - type: deny

scripts/run_mcp_ngrok.sh

@@ -20,10 +20,7 @@ Options:
                            (default: https://platform.openai.com).
   --ngrok-domain DOMAIN    Reserved ngrok domain to use (optional).
   --ngrok-region REGION    ngrok region code (optional).
-  --ngrok-oauth-provider PROVIDER   Enable ngrok OAuth (e.g. google, github).
+  --ngrok-oauth-policy-file PROVIDER   Enable ngrok OAuth (e.g. google, github).
-  --ngrok-oauth-allow-email EMAIL  Restrict OAuth to a specific email (repeatable).
-  --ngrok-oauth-allow-domain DOMAIN Restrict OAuth to an email domain (repeatable).
-  --ngrok-oauth-scope SCOPE        Additional OAuth scope (repeatable).
   --ngrok-inspect true|false    Enable ngrok inspector (default: false).
   --mcp-arg ARG             Extra argument passed to mcp-browser (repeatable).
   --ngrok-arg ARG           Extra argument passed to ngrok (repeatable).
@@ -47,11 +44,9 @@ HTTP_PATH="/mcp"
 ALLOW_ORIGIN="https://platform.openai.com"
 NGROK_DOMAIN=""
 NGROK_REGION=""
-NGROK_OAUTH_PROVIDER=""
+NGROK_OAUTH_POLICY_FILE=""
-NGROK_OAUTH_ALLOW_EMAILS=()
+#""$(dirname $0)/oauth_policy.yml"
-NGROK_OAUTH_ALLOW_DOMAINS=()
+NGROK_INSPECT="true"
-NGROK_OAUTH_SCOPES=()
-NGROK_INSPECT="false"
 MCP_EXTRA_ARGS=()
 NGROK_EXTRA_ARGS=()
 
@@ -73,14 +68,8 @@ while [[ $# -gt 0 ]]; do
       NGROK_DOMAIN=$2; shift 2;;
     --ngrok-region)
       NGROK_REGION=$2; shift 2;;
-    --ngrok-oauth-provider)
+    --ngrok-oauth-policy-file)
-      NGROK_OAUTH_PROVIDER=$2; shift 2;;
+      NGROK_OAUTH_POLICY_FILE=$2; shift 2;;
-    --ngrok-oauth-allow-email)
-      NGROK_OAUTH_ALLOW_EMAILS+=("$2"); shift 2;;
-    --ngrok-oauth-allow-domain)
-      NGROK_OAUTH_ALLOW_DOMAINS+=("$2"); shift 2;;
-    --ngrok-oauth-scope)
-      NGROK_OAUTH_SCOPES+=("$2"); shift 2;;
     --ngrok-inspect)
       NGROK_INSPECT=$2; shift 2;;
     --mcp-arg)
@@ -178,6 +167,7 @@ fi
 
 NGROK_CMD=("$NGROK_BIN" http "http://$HTTP_HOST:$HTTP_PORT")
 NGROK_CMD+=(--request-header-add "X-MCP-Gateway:true")
+NGROK_CMD+=(--request-header-add "ngrok-skip-browser-warning:1")
 NGROK_CMD+=(--response-header-add "Cache-Control:no-store")
 NGROK_CMD+=(--inspect="$NGROK_INSPECT")
 if [[ -n "$NGROK_DOMAIN" ]]; then
@@ -186,18 +176,10 @@ fi
 if [[ -n "$NGROK_REGION" ]]; then
   NGROK_CMD+=(--region "$NGROK_REGION")
 fi
-if [[ -n "$NGROK_OAUTH_PROVIDER" ]]; then
+if [[ -n "$NGROK_OAUTH_POLICY_FILE" ]]; then
-  NGROK_CMD+=(--oauth="$NGROK_OAUTH_PROVIDER")
+  NGROK_CMD+=(--traffic-policy-file=$NGROK_OAUTH_POLICY_FILE)
-  for email in "${NGROK_OAUTH_ALLOW_EMAILS[@]}"; do
-    NGROK_CMD+=(--oauth-allow-email "$email")
-  done
-  for domain in "${NGROK_OAUTH_ALLOW_DOMAINS[@]}"; do
-    NGROK_CMD+=(--oauth-allow-domain "$domain")
-  done
-  for scope in "${NGROK_OAUTH_SCOPES[@]}"; do
-    NGROK_CMD+=(--oauth-scope "$scope")
-  done
 fi
+
 [[ ${#NGROK_EXTRA_ARGS[@]} -gt 0 ]] && NGROK_CMD+=("${NGROK_EXTRA_ARGS[@]}")
 
 "${NGROK_CMD[@]}" >"$NGROK_LOG" 2>&1 &
@@ -242,3 +224,6 @@ Local logs:
 
 Press Ctrl+C to stop.
 EOF
+
+echo "Showing log files"
+tail -f $MCP_LOG $NGROK_LOG