Merge branch 'main' into main

Author: SoldierSacha

src/mcp/server/auth/routes.py

@@ -195,6 +195,8 @@ def create_protected_resource_routes(
     resource_url: AnyHttpUrl,
     authorization_servers: list[AnyHttpUrl],
     scopes_supported: list[str] | None = None,
+    resource_name: str | None = None,
+    resource_documentation: AnyHttpUrl | None = None,
 ) -> list[Route]:
     """
     Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728).
@@ -214,6 +216,8 @@ def create_protected_resource_routes(
         resource=resource_url,
         authorization_servers=authorization_servers,
         scopes_supported=scopes_supported,
+        resource_name=resource_name,
+        resource_documentation=resource_documentation,
         # bearer_methods_supported defaults to ["header"] in the model
     )
 

src/mcp/shared/auth.py

@@ -159,6 +159,17 @@ class ProtectedResourceMetadata(BaseModel):
 
     resource: AnyHttpUrl
     authorization_servers: list[AnyHttpUrl] = Field(..., min_length=1)
+    jwks_uri: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
     bearer_methods_supported: list[str] | None = Field(default=["header"])  # MCP only supports header method
+    resource_signing_alg_values_supported: list[str] | None = None
+    resource_name: str | None = None
     resource_documentation: AnyHttpUrl | None = None
+    resource_policy_uri: AnyHttpUrl | None = None
+    resource_tos_uri: AnyHttpUrl | None = None
+    # tls_client_certificate_bound_access_tokens default is False, but ommited here for clarity
+    tls_client_certificate_bound_access_tokens: bool | None = None
+    authorization_details_types_supported: list[str] | None = None
+    dpop_signing_alg_values_supported: list[str] | None = None
+    # dpop_bound_access_tokens_required default is False, but ommited here for clarity
+    dpop_bound_access_tokens_required: bool | None = None