Remove strict validation on response_modes_supported member of OAuthMetadata (modelcontextprotocol#1243)

Author: joesavage-silabs

src/mcp/shared/auth.py

@@ -114,7 +114,7 @@ class OAuthMetadata(BaseModel):
     registration_endpoint: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
     response_types_supported: list[str] = ["code"]
-    response_modes_supported: list[Literal["query", "fragment", "form_post"]] | None = None
+    response_modes_supported: list[str] | None = None
     grant_types_supported: list[str] | None = None
     token_endpoint_auth_methods_supported: list[str] | None = None
     token_endpoint_auth_signing_alg_values_supported: list[str] | None = None

tests/shared/test_auth.py

@@ -37,3 +37,25 @@ def test_oidc(self):
                 "userinfo_endpoint": "https://example.com/oauth2/userInfo",
             }
         )
+
+    def test_oauth_with_jarm(self):
+        """Should not throw when parsing OAuth metadata that includes JARM response modes."""
+        OAuthMetadata.model_validate(
+            {
+                "issuer": "https://example.com",
+                "authorization_endpoint": "https://example.com/oauth2/authorize",
+                "token_endpoint": "https://example.com/oauth2/token",
+                "scopes_supported": ["read", "write"],
+                "response_types_supported": ["code", "token"],
+                "response_modes_supported": [
+                    "query",
+                    "fragment",
+                    "form_post",
+                    "query.jwt",
+                    "fragment.jwt",
+                    "form_post.jwt",
+                    "jwt",
+                ],
+                "token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"],
+            }
+        )