python-sdk icon indicating copy to clipboard operation
python-sdk copied to clipboard
verified publisher icon modelcontextprotocol

URL Validation on Client Metadata is too strict

Open antdres opened this issue 2 months ago • 1 comments

Initial Checks

  • [x] I confirm that I'm using the latest version of MCP Python SDK
  • [x] I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue

Description

Pydantic AnyHttpUrl is too strict for client metadata validation. https://datatracker.ietf.org/doc/html/rfc7591#section-2 specifies that all fields are optional. Empty strings are commonly emitted when there's no value.

In addition fields like client_uri are informational and I'm not sure they should even be validated as http. Any URL should technically be supported including non-http URLs. In general, I think the SDK should only apply strict pydantic validation where it affects the security or functioning of the client.

1 validation error for OAuthClientInformationFull client_uri Input should be a valid URL, input is empty [type=url_parsing, input_value='', input_type=str] For further information visit https://errors.pydantic.dev/2.11/v/url_parsing

Example Code

Python & MCP Python SDK

1.21.1

antdres avatar Nov 25 '25 02:11 antdres

See proposed solution in https://github.com/modelcontextprotocol/python-sdk/issues/1574#issuecomment-3577691058

ochafik avatar Dec 01 '25 16:12 ochafik