Align auth-test with MCP_CONFORMANCE_SCENARIO env var pattern

Update auth-test.ts and testClient.ts to use MCP_CONFORMANCE_SCENARIO
env var instead of scenario in context object. This aligns with PR #54.

Author: pcarleton

examples/clients/typescript/auth-test.ts

@@ -2,6 +2,11 @@
 
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import {
+  ClientCredentialsProvider,
+  PrivateKeyJwtProvider
+} from '@modelcontextprotocol/sdk/client/auth-extensions.js';
+import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
 import { withOAuthRetry, handle401 } from './helpers/withOAuthRetry';
 import { runAsCli } from './helpers/cliRunner';
 import { logger } from './helpers/logger';
@@ -15,36 +20,140 @@ const CIMD_CLIENT_METADATA_URL =
   'https://conformance-test.local/client-metadata.json';
 
 /**
- * Well-behaved auth client that follows all OAuth protocols correctly.
+ * Context passed from the conformance test framework via MCP_CONFORMANCE_CONTEXT env var.
+ *
+ * WARNING: This schema is unstable and subject to change.
+ * Currently only used for client credentials scenarios.
+ * See: https://github.com/modelcontextprotocol/conformance/issues/51
  */
-export async function runClient(serverUrl: string): Promise<void> {
+interface ConformanceContext {
+  client_id?: string;
+  // For JWT auth (private_key_jwt)
+  private_key_pem?: string;
+  signing_algorithm?: string;
+  // For basic auth (client_secret_basic)
+  client_secret?: string;
+}
+
+function getContext(
+  passedContext?: Record<string, unknown>
+): ConformanceContext {
+  if (passedContext) {
+    return passedContext as ConformanceContext;
+  }
+  const contextJson = process.env.MCP_CONFORMANCE_CONTEXT;
+  if (!contextJson) {
+    // Context is optional - only needed for client credentials scenarios
+    return {};
+  }
+  return JSON.parse(contextJson);
+}
+
+/**
+ * Create an OAuth provider based on the scenario type.
+ */
+function createProviderForScenario(
+  scenario: string,
+  context: ConformanceContext
+): OAuthClientProvider | undefined {
+  // Client credentials scenarios use the dedicated provider classes
+  if (scenario === 'auth/client-credentials-jwt') {
+    if (
+      !context.client_id ||
+      !context.private_key_pem ||
+      !context.signing_algorithm
+    ) {
+      throw new Error(
+        'auth/client-credentials-jwt requires client_id, private_key_pem, and signing_algorithm in context'
+      );
+    }
+    return new PrivateKeyJwtProvider({
+      clientId: context.client_id,
+      privateKey: context.private_key_pem,
+      algorithm: context.signing_algorithm,
+      clientName: 'conformance-client-credentials'
+    });
+  }
+
+  if (scenario === 'auth/client-credentials-basic') {
+    if (!context.client_id || !context.client_secret) {
+      throw new Error(
+        'auth/client-credentials-basic requires client_id and client_secret in context'
+      );
+    }
+    return new ClientCredentialsProvider({
+      clientId: context.client_id,
+      clientSecret: context.client_secret,
+      clientName: 'conformance-client-credentials'
+    });
+  }
+
+  // For authorization code flow scenarios, return undefined to use withOAuthRetry
+  return undefined;
+}
+
+/**
+ * Auth client that handles both authorization code flow and client credentials flow
+ * based on the scenario name in the conformance context.
+ */
+export async function runClient(
+  serverUrl: string,
+  passedContext?: Record<string, unknown>
+): Promise<void> {
+  const scenario = process.env.MCP_CONFORMANCE_SCENARIO;
+  if (!scenario) {
+    throw new Error(
+      'MCP_CONFORMANCE_SCENARIO environment variable is required'
+    );
+  }
+
+  const context = getContext(passedContext);
+  logger.debug('Scenario:', scenario);
+  logger.debug('Parsed context:', JSON.stringify(context, null, 2));
+
   const client = new Client(
     { name: 'test-auth-client', version: '1.0.0' },
     { capabilities: {} }
   );
 
-  const oauthFetch = withOAuthRetry(
-    'test-auth-client',
-    new URL(serverUrl),
-    handle401,
-    CIMD_CLIENT_METADATA_URL
-  )(fetch);
+  // Check if this is a client credentials scenario
+  const clientCredentialsProvider = createProviderForScenario(
+    scenario,
+    context
+  );
+
+  let transport: StreamableHTTPClientTransport;
+
+  if (clientCredentialsProvider) {
+    // Client credentials flow - use the provider directly
+    transport = new StreamableHTTPClientTransport(new URL(serverUrl), {
+      authProvider: clientCredentialsProvider
+    });
+  } else {
+    // Authorization code flow - use withOAuthRetry middleware
+    const oauthFetch = withOAuthRetry(
+      'test-auth-client',
+      new URL(serverUrl),
+      handle401,
+      CIMD_CLIENT_METADATA_URL
+    )(fetch);
 
-  const transport = new StreamableHTTPClientTransport(new URL(serverUrl), {
-    fetch: oauthFetch
-  });
+    transport = new StreamableHTTPClientTransport(new URL(serverUrl), {
+      fetch: oauthFetch
+    });
+  }
 
   await client.connect(transport);
-  logger.debug('✅ Successfully connected to MCP server');
+  logger.debug('Successfully connected to MCP server');
 
   await client.listTools();
-  logger.debug('✅ Successfully listed tools');
+  logger.debug('Successfully listed tools');
 
   await client.callTool({ name: 'test-tool', arguments: {} });
-  logger.debug('✅ Successfully called tool');
+  logger.debug('Successfully called tool');
 
   await transport.close();
-  logger.debug('✅ Connection closed successfully');
+  logger.debug('Connection closed successfully');
 }
 
 runAsCli(runClient, import.meta.url, 'auth-test <server-url>');

src/scenarios/client/auth/test_helpers/testClient.ts

@@ -11,8 +11,10 @@ export interface ClientRunner {
   /**
    * Run the client against the given server URL.
    * Should reject if the client fails.
+   * @param serverUrl The MCP server URL to connect to
+   * @param context Optional context object passed via MCP_CONFORMANCE_CONTEXT env var
    */
-  run(serverUrl: string): Promise<void>;
+  run(serverUrl: string, context?: Record<string, unknown>): Promise<void>;
 }
 
 /**
@@ -21,10 +23,19 @@ export interface ClientRunner {
 export class SpawnedClientRunner implements ClientRunner {
   constructor(private clientPath: string) {}
 
-  async run(serverUrl: string): Promise<void> {
+  async run(
+    serverUrl: string,
+    context?: Record<string, unknown>
+  ): Promise<void> {
     await new Promise<void>((resolve, reject) => {
+      const env = { ...process.env };
+      if (context) {
+        env.MCP_CONFORMANCE_CONTEXT = JSON.stringify(context);
+      }
+
       const clientProcess = spawn('npx', ['tsx', this.clientPath, serverUrl], {
-        stdio: ['ignore', 'pipe', 'pipe']
+        stdio: ['ignore', 'pipe', 'pipe'],
+        env
       });
 
       let stdout = '';
@@ -76,10 +87,18 @@ export class SpawnedClientRunner implements ClientRunner {
  * Client runner that executes a client function inline without spawning a shell.
  */
 export class InlineClientRunner implements ClientRunner {
-  constructor(private clientFn: (serverUrl: string) => Promise<void>) {}
-
-  async run(serverUrl: string): Promise<void> {
-    await this.clientFn(serverUrl);
+  constructor(
+    private clientFn: (
+      serverUrl: string,
+      context?: Record<string, unknown>
+    ) => Promise<void>
+  ) {}
+
+  async run(
+    serverUrl: string,
+    context?: Record<string, unknown>
+  ): Promise<void> {
+    await this.clientFn(serverUrl, context);
   }
 }
 
@@ -106,10 +125,17 @@ export async function runClientAgainstScenario(
   const urls = await scenario.start();
   const serverUrl = urls.serverUrl;
 
+  // Context contains scenario-specific data (credentials, etc.)
+  const context = urls.context;
+
+  // Set scenario env var for inline runners
+  const previousScenario = process.env.MCP_CONFORMANCE_SCENARIO;
+  process.env.MCP_CONFORMANCE_SCENARIO = scenarioName;
+
   try {
     // Run the client
     try {
-      await runner.run(serverUrl);
+      await runner.run(serverUrl, context);
     } catch (err) {
       if (expectedFailureSlugs.length === 0 && !allowClientError) {
         throw err; // Unexpected failure
@@ -166,6 +192,12 @@ export async function runClientAgainstScenario(
       }
     }
   } finally {
+    // Restore previous env var
+    if (previousScenario !== undefined) {
+      process.env.MCP_CONFORMANCE_SCENARIO = previousScenario;
+    } else {
+      delete process.env.MCP_CONFORMANCE_SCENARIO;
+    }
     // Stop the scenario server
     await scenario.stop();
   }