Improved supported for ProtectedResourceMetadata (#1235)

Co-authored-by: Paul Carleton <[email protected]>

Author: yannj-fr

src/mcp/server/auth/routes.py

@@ -190,6 +190,8 @@ def create_protected_resource_routes(
     resource_url: AnyHttpUrl,
     authorization_servers: list[AnyHttpUrl],
     scopes_supported: list[str] | None = None,
+    resource_name: str | None = None,
+    resource_documentation: AnyHttpUrl | None = None,
 ) -> list[Route]:
     """
     Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728).
@@ -209,6 +211,8 @@ def create_protected_resource_routes(
         resource=resource_url,
         authorization_servers=authorization_servers,
         scopes_supported=scopes_supported,
+        resource_name=resource_name,
+        resource_documentation=resource_documentation,
         # bearer_methods_supported defaults to ["header"] in the model
     )
 

src/mcp/shared/auth.py

@@ -139,6 +139,17 @@ class ProtectedResourceMetadata(BaseModel):
 
     resource: AnyHttpUrl
     authorization_servers: list[AnyHttpUrl] = Field(..., min_length=1)
+    jwks_uri: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
     bearer_methods_supported: list[str] | None = Field(default=["header"])  # MCP only supports header method
+    resource_signing_alg_values_supported: list[str] | None = None
+    resource_name: str | None = None
     resource_documentation: AnyHttpUrl | None = None
+    resource_policy_uri: AnyHttpUrl | None = None
+    resource_tos_uri: AnyHttpUrl | None = None
+    # tls_client_certificate_bound_access_tokens default is False, but ommited here for clarity
+    tls_client_certificate_bound_access_tokens: bool | None = None
+    authorization_details_types_supported: list[str] | None = None
+    dpop_signing_alg_values_supported: list[str] | None = None
+    # dpop_bound_access_tokens_required default is False, but ommited here for clarity
+    dpop_bound_access_tokens_required: bool | None = None