examples/lazy-auth-server: mobile-friendly consent page and view buttons#714
Merged
ochafik merged 1 commit intoJul 16, 2026
Conversation
The consent page shipped without a viewport meta tag, so mobile browsers laid it out at a desktop width. Its Approve/Deny buttons were 37px tall and nested a <button> inside an <a>, which is invalid HTML — interactive content is not permitted inside a link. - Add a viewport meta tag to the consent page - Replace the <a><button> nesting with anchors styled as buttons (role="button" plus a Space-key handler to keep button keyboard semantics) - Lay the actions out as a wrapping flex row with equal 56px tap targets - Add touch-action: manipulation so a tap resolves to a click immediately rather than waiting on the double-tap-to-zoom gesture - Suppress long-press text selection and the iOS callout menu on the buttons, scoped so the card's client/redirect details stay copyable - Give buttons an :active style since removing the native tap highlight otherwise leaves no press feedback - Apply the same 56px minimum and touch handling to the in-app view's buttons (the fullscreen toggle was ~33x33)
@modelcontextprotocol/ext-apps
@modelcontextprotocol/server-basic-preact
@modelcontextprotocol/server-basic-react
@modelcontextprotocol/server-basic-solid
@modelcontextprotocol/server-basic-svelte
@modelcontextprotocol/server-basic-vanillajs
@modelcontextprotocol/server-basic-vue
@modelcontextprotocol/server-budget-allocator
@modelcontextprotocol/server-cohort-heatmap
@modelcontextprotocol/server-customer-segmentation
@modelcontextprotocol/server-debug
@modelcontextprotocol/server-lazy-auth
@modelcontextprotocol/server-map
@modelcontextprotocol/server-pdf
@modelcontextprotocol/server-scenario-modeler
@modelcontextprotocol/server-shadertoy
@modelcontextprotocol/server-sheet-music
@modelcontextprotocol/server-system-monitor
@modelcontextprotocol/server-threejs
@modelcontextprotocol/server-transcript
@modelcontextprotocol/server-video-resource
@modelcontextprotocol/server-wiki-explorer
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The lazy-auth example's OAuth consent page and in-app view were both built desktop-first. On a phone:
<meta name="viewport">, so it rendered at a desktop layout width.<button>inside<a>, which is invalid HTML5.touch-action, leaving double-tap-to-zoom armed and delaying every click; long-presses started text selection or the iOS callout instead of feeling like a button.After: consent buttons are equal-width anchors (
role="button"+ a Space-key handler to keep button keyboard semantics) in a wrapping flex row at a 56px minimum; in-app buttons get the same 56px minimum and touch handling; both surfaces suppress long-press selection/callout on the button rows only (the card's client/redirect details stay copyable) and add an:activestyle, since removing the native tap highlight otherwise leaves no press feedback.Testing