Skip to content

Bump auth SDK to use Improved AS Discovery #702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 12, 2025
Merged

Bump auth SDK to use Improved AS Discovery #702

merged 2 commits into from
Aug 12, 2025

Conversation

2underscores
Copy link
Contributor

@2underscores 2underscores commented Aug 12, 2025
edited
Loading

Bump the MCP SDK pin from ^1.17.0 to ^1.17.2, to update the debugger to the latest AS metadata endpoint discovery method (discoverAuthorizationServerMetadata introduced in modelcontextprotocol/typescript-sdk#652) and include the CORS retry bug fix introduced in 1.17.2 (modelcontextprotocol/typescript-sdk#827).

Motivation and Context

Needed to connect Inspector's auth debugger to MCP servers that use Azure for AS. Needed support for metadata at /.well-known/openid-configuration, and needed CORS fix so it didn't fail on earlier attempted incorrect endpoints.

How Has This Been Tested?

Run all tests locally (and needed to update the mocks to the new method).
As tests were changed, also manually tested against an OOB MCP server (Neon's) and a custom one using Azure AD.

Breaking Changes

  • It shouldn't, bump to SDK is within same major version.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Related Issues

I suspect this will resolve these issues that are all related to metadata:

@olaservo olaservo added auth Issues and PRs related to authentication and/or authorization dependencies Pull requests that update a dependency file labels Aug 12, 2025
@olaservo olaservo enabled auto-merge August 12, 2025 13:48
@olaservo olaservo requested a review from pcarleton August 12, 2025 14:05
@olaservo olaservo disabled auto-merge August 12, 2025 14:05
olaservo
olaservo approved these changes Aug 12, 2025
View reviewed changes
Copy link
Member

@olaservo olaservo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR - I took a look at the linked sdk fixes and just wanted to confirm that swapping in this new method should be backwards compatible with auth flows that were already working with the debugger before this?

pcarleton
pcarleton approved these changes Aug 12, 2025
View reviewed changes
Copy link
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 this should be backwards compatible.

the change to the new function was to support OIDC metadata, and also there were some fixes to retries, but interface is the same and existing metadata discovery should be unchanged

cliffhall
cliffhall approved these changes Aug 12, 2025
View reviewed changes
Copy link
Member

@cliffhall cliffhall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍

@cliffhall cliffhall merged commit 618370d into modelcontextprotocol:main Aug 12, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcarleton pcarleton pcarleton approved these changes

@cliffhall cliffhall cliffhall approved these changes

@olaservo olaservo olaservo approved these changes

Assignees
No one assigned
Labels
auth Issues and PRs related to authentication and/or authorization dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@2underscores @pcarleton @cliffhall @olaservo