Refactor client metadata endpoint

Author: praboud-ant

src/mcp/server/auth/handlers/metadata.py

@@ -1,19 +1,18 @@
 from dataclasses import dataclass
-from typing import Any
 
 from starlette.requests import Request
-from starlette.responses import JSONResponse, Response
+from starlette.responses import Response
+
+from mcp.server.auth.json_response import PydanticJSONResponse
+from mcp.shared.auth import OAuthMetadata
 
 
 @dataclass
 class MetadataHandler:
-    metadata: dict[str, Any]
+    metadata: OAuthMetadata
 
     async def handle(self, request: Request) -> Response:
-        # Remove any None values from metadata
-        clean_metadata = {k: v for k, v in self.metadata.items() if v is not None}
-
-        return JSONResponse(
-            content=clean_metadata,
+        return PydanticJSONResponse(
+            content=self.metadata,
             headers={"Cache-Control": "public, max-age=3600"},  # Cache for 1 hour
         )

src/mcp/server/auth/router.py

@@ -1,5 +1,4 @@
 from dataclasses import dataclass
-from typing import Any
 
 from pydantic import AnyUrl
 from starlette.routing import Route, Router
@@ -11,6 +10,7 @@
 from mcp.server.auth.handlers.token import TokenHandler
 from mcp.server.auth.middleware.client_auth import ClientAuthenticator
 from mcp.server.auth.provider import OAuthServerProvider
+from mcp.shared.auth import OAuthMetadata
 
 
 @dataclass
@@ -139,29 +139,29 @@ def build_metadata(
     service_documentation_url: AnyUrl | None,
     client_registration_options: ClientRegistrationOptions,
     revocation_options: RevocationOptions,
-) -> dict[str, Any]:
+) -> OAuthMetadata:
     issuer_url_str = str(issuer_url).rstrip("/")
     # Create metadata
-    metadata = {
-        "issuer": issuer_url_str,
-        "service_documentation": str(service_documentation_url).rstrip("/")
+    metadata = OAuthMetadata(
+        issuer=issuer_url_str,
+        service_documentation=str(service_documentation_url).rstrip("/")
         if service_documentation_url
         else None,
-        "authorization_endpoint": f"{issuer_url_str}{AUTHORIZATION_PATH}",
-        "response_types_supported": ["code"],
-        "code_challenge_methods_supported": ["S256"],
-        "token_endpoint": f"{issuer_url_str}{TOKEN_PATH}",
-        "token_endpoint_auth_methods_supported": ["client_secret_post"],
-        "grant_types_supported": ["authorization_code", "refresh_token"],
-    }
+        authorization_endpoint=f"{issuer_url_str}{AUTHORIZATION_PATH}",
+        response_types_supported=["code"],
+        code_challenge_methods_supported=["S256"],
+        token_endpoint=f"{issuer_url_str}{TOKEN_PATH}",
+        token_endpoint_auth_methods_supported=["client_secret_post"],
+        grant_types_supported=["authorization_code", "refresh_token"],
+    )
 
     # Add registration endpoint if supported
     if client_registration_options.enabled:
-        metadata["registration_endpoint"] = f"{issuer_url_str}{REGISTRATION_PATH}"
+        metadata.registration_endpoint = f"{issuer_url_str}{REGISTRATION_PATH}"
 
     # Add revocation endpoint if supported
     if revocation_options.enabled:
-        metadata["revocation_endpoint"] = f"{issuer_url_str}{REVOCATION_PATH}"
-        metadata["revocation_endpoint_auth_methods_supported"] = ["client_secret_post"]
+        metadata.revocation_endpoint = f"{issuer_url_str}{REVOCATION_PATH}"
+        metadata.revocation_endpoint_auth_methods_supported = ["client_secret_post"]
 
     return metadata

src/mcp/shared/auth.py

@@ -51,9 +51,10 @@ class OAuthClientMetadata(BaseModel):
     software_version: Optional[str] = None
 
 
-class OAuthClientInformation(BaseModel):
+class OAuthClientInformationFull(OAuthClientMetadata):
     """
-    RFC 7591 OAuth 2.0 Dynamic Client Registration client information.
+    RFC 7591 OAuth 2.0 Dynamic Client Registration full response
+    (client information plus metadata).
     """
 
     client_id: str
@@ -62,24 +63,6 @@ class OAuthClientInformation(BaseModel):
     client_secret_expires_at: Optional[int] = None
 
 
-class OAuthClientInformationFull(OAuthClientMetadata, OAuthClientInformation):
-    """
-    RFC 7591 OAuth 2.0 Dynamic Client Registration full response
-    (client information plus metadata).
-    """
-
-    pass
-
-
-class OAuthClientRegistrationError(BaseModel):
-    """
-    RFC 7591 OAuth 2.0 Dynamic Client Registration error response.
-    """
-
-    error: str
-    error_description: Optional[str] = None
-
-
 class OAuthMetadata(BaseModel):
     """
     RFC 8414 OAuth 2.0 Authorization Server Metadata.