Fix tests and pyright errors

Author: SoldierSacha

README.md

@@ -814,7 +814,7 @@ async def main():
 The SDK includes [authorization support](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization) for connecting to protected MCP servers:
 
 ```python
-from mcp.client.auth import OAuthClientProvider, ClientCredentialsProvider, TokenStorage
+from mcp.client.auth import OAuthClientProvider, TokenStorage
 from mcp.client.session import ClientSession
 from mcp.client.streamable_http import streamablehttp_client
 from mcp.shared.auth import OAuthClientInformationFull, OAuthClientMetadata, OAuthToken

examples/servers/simple-auth/mcp_simple_auth/server.py

@@ -247,6 +247,24 @@ async def exchange_refresh_token(
         """Exchange refresh token"""
         raise NotImplementedError("Not supported")
 
+    async def exchange_client_credentials(
+        self, client: OAuthClientInformationFull, scopes: list[str]
+    ) -> OAuthToken:
+        """Exchange client credentials for an access token."""
+        token = f"mcp_{secrets.token_hex(32)}"
+        self.tokens[token] = AccessToken(
+            token=token,
+            client_id=client.client_id,
+            scopes=scopes,
+            expires_at=int(time.time()) + 3600,
+        )
+        return OAuthToken(
+            access_token=token,
+            token_type="bearer",
+            expires_in=3600,
+            scope=" ".join(scopes),
+        )
+
     async def revoke_token(
         self, token: str, token_type_hint: str | None = None
     ) -> None:

src/mcp/server/auth/handlers/register.py

@@ -74,7 +74,7 @@ async def handle(self, request: Request) -> Response:
                     ),
                     status_code=400,
                 )
-        grant_types_set = set(client_metadata.grant_types)
+        grant_types_set: set[str] = set(client_metadata.grant_types)
         valid_sets = [
             {"authorization_code", "refresh_token"},
             {"client_credentials"},

tests/client/test_auth.py

@@ -13,7 +13,12 @@
 from inline_snapshot import snapshot
 from pydantic import AnyHttpUrl
 
-from mcp.client.auth import ClientCredentialsProvider, OAuthClientProvider
+from mcp.client.auth import (
+    ClientCredentialsProvider,
+    OAuthClientProvider,
+    _discover_oauth_metadata,
+    _get_authorization_base_url,
+)
 from mcp.server.auth.routes import build_metadata
 from mcp.server.auth.settings import ClientRegistrationOptions, RevocationOptions
 from mcp.shared.auth import (
@@ -190,21 +195,19 @@ def test_get_authorization_base_url(self, oauth_provider):
         """Test authorization base URL extraction."""
         # Test with path
         assert (
-            oauth_provider._get_authorization_base_url("https://api.example.com/v1/mcp")
+            _get_authorization_base_url("https://api.example.com/v1/mcp")
             == "https://api.example.com"
         )
 
         # Test with no path
         assert (
-            oauth_provider._get_authorization_base_url("https://api.example.com")
+            _get_authorization_base_url("https://api.example.com")
             == "https://api.example.com"
         )
 
         # Test with port
         assert (
-            oauth_provider._get_authorization_base_url(
-                "https://api.example.com:8080/path/to/mcp"
-            )
+            _get_authorization_base_url("https://api.example.com:8080/path/to/mcp")
             == "https://api.example.com:8080"
         )
 
@@ -224,7 +227,7 @@ async def test_discover_oauth_metadata_success(
             mock_response.json.return_value = metadata_response
             mock_client.get.return_value = mock_response
 
-            result = await oauth_provider._discover_oauth_metadata(
+            result = await _discover_oauth_metadata(
                 "https://api.example.com/v1/mcp"
             )
 
@@ -253,7 +256,7 @@ async def test_discover_oauth_metadata_not_found(self, oauth_provider):
             mock_response.status_code = 404
             mock_client.get.return_value = mock_response
 
-            result = await oauth_provider._discover_oauth_metadata(
+            result = await _discover_oauth_metadata(
                 "https://api.example.com/v1/mcp"
             )
 
@@ -280,7 +283,7 @@ async def test_discover_oauth_metadata_cors_fallback(
                 mock_response_success,  # Second call succeeds
             ]
 
-            result = await oauth_provider._discover_oauth_metadata(
+            result = await _discover_oauth_metadata(
                 "https://api.example.com/v1/mcp"
             )
 
@@ -334,9 +337,7 @@ async def test_register_oauth_client_fallback_endpoint(
             mock_client.post.return_value = mock_response
 
             # Mock metadata discovery to return None (fallback)
-            with patch.object(
-                oauth_provider, "_discover_oauth_metadata", return_value=None
-            ):
+            with patch("mcp.client.auth._discover_oauth_metadata", return_value=None):
                 result = await oauth_provider._register_oauth_client(
                     "https://api.example.com/v1/mcp",
                     oauth_provider.client_metadata,
@@ -363,9 +364,7 @@ async def test_register_oauth_client_failure(self, oauth_provider):
             mock_client.post.return_value = mock_response
 
             # Mock metadata discovery to return None (fallback)
-            with patch.object(
-                oauth_provider, "_discover_oauth_metadata", return_value=None
-            ):
+            with patch("mcp.client.auth._discover_oauth_metadata", return_value=None):
                 with pytest.raises(httpx.HTTPStatusError):
                     await oauth_provider._register_oauth_client(
                         "https://api.example.com/v1/mcp",
@@ -993,26 +992,26 @@ def test_build_metadata(
         revocation_options=RevocationOptions(enabled=True),
     )
 
-    assert metadata == snapshot(
-        OAuthMetadata(
-            issuer=AnyHttpUrl(issuer_url),
-            authorization_endpoint=AnyHttpUrl(authorization_endpoint),
-            token_endpoint=AnyHttpUrl(token_endpoint),
-            registration_endpoint=AnyHttpUrl(registration_endpoint),
-            scopes_supported=["read", "write", "admin"],
-            grant_types_supported=[
-                "authorization_code",
-                "refresh_token",
-                "client_credentials",
-            ],
-            token_endpoint_auth_methods_supported=["client_secret_post"],
-            service_documentation=AnyHttpUrl(service_documentation_url),
-            revocation_endpoint=AnyHttpUrl(revocation_endpoint),
-            revocation_endpoint_auth_methods_supported=["client_secret_post"],
-            code_challenge_methods_supported=["S256"],
-        )
+    expected = OAuthMetadata(
+        issuer=AnyHttpUrl(issuer_url),
+        authorization_endpoint=AnyHttpUrl(authorization_endpoint),
+        token_endpoint=AnyHttpUrl(token_endpoint),
+        registration_endpoint=AnyHttpUrl(registration_endpoint),
+        scopes_supported=["read", "write", "admin"],
+        grant_types_supported=[
+            "authorization_code",
+            "refresh_token",
+            "client_credentials",
+        ],
+        token_endpoint_auth_methods_supported=["client_secret_post"],
+        service_documentation=AnyHttpUrl(service_documentation_url),
+        revocation_endpoint=AnyHttpUrl(revocation_endpoint),
+        revocation_endpoint_auth_methods_supported=["client_secret_post"],
+        code_challenge_methods_supported=["S256"],
     )
 
+    assert metadata == expected
+
 
 class TestClientCredentialsProvider:
     @pytest.mark.anyio

tests/server/fastmcp/resources/test_file_resources.py

@@ -100,11 +100,12 @@ async def test_missing_file_error(self, temp_file: Path):
         with pytest.raises(ValueError, match="Error reading file"):
             await resource.read()
 
-    @pytest.mark.skipif(
-        os.name == "nt", reason="File permissions behave differently on Windows"
-    )
-    @pytest.mark.anyio
-    async def test_permission_error(self, temp_file: Path):
+@pytest.mark.skipif(
+    os.name == "nt" or getattr(os, "geteuid", lambda: 0)() == 0,
+    reason="File permissions behave differently on Windows or when running as root",
+)
+@pytest.mark.anyio
+async def test_permission_error(self, temp_file: Path):
         """Test reading a file without permissions."""
         temp_file.chmod(0o000)  # Remove all permissions
         try: