python-sdk icon indicating copy to clipboard operation
python-sdk copied to clipboard
verified publisher icon modelcontextprotocol

Add support for remote-oauth-support Fix #686

Open ravibits opened this issue 8 months ago • 0 comments

This contains fix for the issue: #686

As per the new authorization spec for MCP Servers as outlined here: https://modelcontextprotocol.io/specification/draft/basic/authorization, implementing the remote oauth support for the FastMCP Servers.

  • [x] Add support for /.well-known/oauth-protected-resource endpoint when the MCP Server is created with support with auth based off of remote authorization server
  • [ ] Add support for custom bearer token validation with default JWT based bearer token validation out of the box for MCP servers with remote oauth support.
  • [ ] Implement middleware to check for the JWT token validity
  • [ ] (optional) at a per tool level, create indicators for whether auth required and if yes, what scopes are required for that tool.

As part of the spec, the only responsibility of the MCP Server should be to indicate to the client it's oauth protected resource and indicate to the client where to find the authorization server.

This is just the initial version and based on the feedback from @localden, @ihrpr , I intend to keep making changes to complete the test cases and full feature documentation.

Motivation and Context

Implement supoprt for RFC9728, along with other requirements outlined in the spec.

How Has This Been Tested?

  • [ ] TODO: We will implement a simple MCP Server using an authorization server that supports PKCE, DCR etc and ensure that the MCP Server is receiving the access tokens as presented by the MCP client.

Breaking Changes

May have breaking changes.

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [x] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] Documentation update

Checklist

  • [x] I have read the MCP Documentation
  • [x] My code follows the repository's style guidelines
  • [ ] New and existing tests pass locally
  • [ ] I have added appropriate error handling
  • [ ] I have added or updated documentation as needed

Additional context

ravibits avatar May 20 '25 22:05 ravibits