python-sdk icon indicating copy to clipboard operation
python-sdk copied to clipboard
verified publisher icon modelcontextprotocol

Add OAuth Protected Resource Metadata support

Open imfing opened this issue 8 months ago • 0 comments

This PR adds support for RFC 9728 Section 5.1 – "WWW-Authenticate" Response, enabling proper OAuth Protected Resource Metadata responses from the server, and aligns with the MCP TypeScript SDK implementation.

Motivation and Context

  • Current auth does not support structured WWW-Authenticate responses per RFC 9728 described in the latest draft Authorization spec.
  • The MCP TypeScript SDK already implements this.
  • Adding this support ensures the implementation is both backward and forward-compatible.
  • Related issue: #686

How Has This Been Tested?

  • Unit tests

Breaking Changes

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] Documentation update

Checklist

  • [x] I have read the MCP Documentation
  • [x] My code follows the repository's style guidelines
  • [x] New and existing tests pass locally
  • [x] I have added appropriate error handling
  • [ ] I have added or updated documentation as needed

Additional context

  • This change improves support for standardized OAuth 2.0 protected resource discovery.
  • May be useful for future integration with more OAuth-native tools and services.

imfing avatar May 26 '25 14:05 imfing