Add client credentials support to everything-client #89
+201
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit: |
- Add ConformanceContextSchema with discriminated union for auth contexts - Add runClientCredentialsJwt and runClientCredentialsBasic handlers - Update runner to include scenario name in context for discriminated union parsing - Update test helpers to set env vars for inline client runners - Fix JWT audience validation to match SDK behavior (no trailing slash) - Remove client credentials scenarios from skip list
pcarleton
force-pushed
the
paulc/client-credentials-support
branch
from
15a7731 to
c8663c1
Compare
Per RFC 3986, URLs with and without trailing slash are equivalent. The MCP spec recommends (SHOULD) the form without trailing slash, but since it's not a MUST, the conformance test should accept both forms for interoperability with clients like Pydantic that normalize URLs.
pcarleton
commented
Jan 5, 2026
pcarleton
commented
Jan 5, 2026
pcarleton
commented
Jan 5, 2026
pcarleton
commented
Jan 5, 2026
- Remove unused issuerUrl variable and comment - Simplify audience array to exactly 2 values with clearer naming - Add comment explaining strip-then-add-back logic - Rename ConformanceContextSchema to ClientConformanceContextSchema
Instead of importing individual handlers, tests can now import getHandler and look up handlers by scenario name.
- Add CIMD support to runAuthClient in everything-client - Add auth fallback to getHandler for unregistered auth/* scenarios - Remove goodClient import from test file
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds support for OAuth 2.0 client credentials flow testing in the conformance suite, enabling both
private_key_jwtandclient_secret_basicauthentication methods.Changes
New Files
src/schemas/context.ts- Zod schema for conformance test context with discriminated union for auth scenariosModified Files
examples/clients/typescript/everything-client.tsrunClientCredentialsJwtandrunClientCredentialsBasichandlersPrivateKeyJwtProviderandClientCredentialsProviderfrom the SDKsrc/runner/client.tssrc/scenarios/client/auth/test_helpers/testClient.tssrc/scenarios/client/auth/index.test.tssrc/scenarios/client/auth/client-credentials.tsTesting
All 56 tests pass, including the two new client credentials tests:
auth/client-credentials-jwtauth/client-credentials-basicAlso verified with the Python SDK conformance client: