python-sdk icon indicating copy to clipboard operation
python-sdk copied to clipboard
verified publisher icon modelcontextprotocol

Make refresh_token grant type optional in DCR handler

Open gazzadownunder opened this issue 3 months ago • 0 comments

Updated the Dynamic Client Registration (DCR) handler to comply with RFC 7591 by making the refresh_token grant type optional. Previously, the handler incorrectly required both authorization_code and refresh_token grant types, which was unnecessarily restrictive and non-compliant with the RFC.

Changes:

  • Modified grant_types validation to only require authorization_code
  • Updated error message to reflect the new requirement
  • Renamed test to test_client_registration_with_authorization_code_only
  • Added test for missing authorization_code (now the true error case)
  • Updated test assertions to match new validation behavior

This change improves RFC 7591 compliance and provides clients with greater flexibility in their registration options.

Github-Issue: #1650

gazzadownunder avatar Nov 22 '25 00:11 gazzadownunder