Merge branch 'modelcontextprotocol:main' into ReuelAlbert-Dev-patch-1

ReuelAlbert-Dev · web-flow · commit 3490ae98f5e8 · 2025-08-10T00:27:11.000+08:00
diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
@@ -114,20 +114,20 @@ class OAuthMetadata(BaseModel):
     registration_endpoint: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
     response_types_supported: list[str] = ["code"]
-    response_modes_supported: list[Literal["query", "fragment", "form_post"]] | None = None
+    response_modes_supported: list[str] | None = None
     grant_types_supported: list[str] | None = None
     token_endpoint_auth_methods_supported: list[str] | None = None
-    token_endpoint_auth_signing_alg_values_supported: None = None
+    token_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     service_documentation: AnyHttpUrl | None = None
     ui_locales_supported: list[str] | None = None
     op_policy_uri: AnyHttpUrl | None = None
     op_tos_uri: AnyHttpUrl | None = None
     revocation_endpoint: AnyHttpUrl | None = None
     revocation_endpoint_auth_methods_supported: list[str] | None = None
-    revocation_endpoint_auth_signing_alg_values_supported: None = None
+    revocation_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     introspection_endpoint: AnyHttpUrl | None = None
     introspection_endpoint_auth_methods_supported: list[str] | None = None
-    introspection_endpoint_auth_signing_alg_values_supported: None = None
+    introspection_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     code_challenge_methods_supported: list[str] | None = None
 
 
diff --git a/tests/shared/test_auth.py b/tests/shared/test_auth.py
@@ -37,3 +37,25 @@ def test_oidc(self):
                 "userinfo_endpoint": "https://example.com/oauth2/userInfo",
             }
         )
+
+    def test_oauth_with_jarm(self):
+        """Should not throw when parsing OAuth metadata that includes JARM response modes."""
+        OAuthMetadata.model_validate(
+            {
+                "issuer": "https://example.com",
+                "authorization_endpoint": "https://example.com/oauth2/authorize",
+                "token_endpoint": "https://example.com/oauth2/token",
+                "scopes_supported": ["read", "write"],
+                "response_types_supported": ["code", "token"],
+                "response_modes_supported": [
+                    "query",
+                    "fragment",
+                    "form_post",
+                    "query.jwt",
+                    "fragment.jwt",
+                    "form_post.jwt",
+                    "jwt",
+                ],
+                "token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"],
+            }
+        )
