Allow client credentials in dynamic registration

SoldierSacha · SoldierSacha · commit 813168ad7940 · 2025-06-03T16:33:31.000-07:00
diff --git a/src/mcp/server/auth/handlers/register.py b/src/mcp/server/auth/handlers/register.py
@@ -74,12 +74,20 @@ async def handle(self, request: Request) -> Response:
                     ),
                     status_code=400,
                 )
-        if set(client_metadata.grant_types) != {"authorization_code", "refresh_token"}:
+        grant_types_set = set(client_metadata.grant_types)
+        valid_sets = [
+            {"authorization_code", "refresh_token"},
+            {"client_credentials"},
+        ]
+
+        if grant_types_set not in valid_sets:
             return PydanticJSONResponse(
                 content=RegistrationErrorResponse(
                     error="invalid_client_metadata",
-                    error_description="grant_types must be authorization_code "
-                    "and refresh_token",
+                    error_description=(
+                        "grant_types must be authorization_code and refresh_token "
+                        "or client_credentials"
+                    ),
                 ),
                 status_code=400,
             )
diff --git a/tests/server/fastmcp/auth/test_auth_integration.py b/tests/server/fastmcp/auth/test_auth_integration.py
@@ -1001,9 +1001,31 @@ async def test_client_registration_invalid_grant_type(
         assert error_data["error"] == "invalid_client_metadata"
         assert (
             error_data["error_description"]
-            == "grant_types must be authorization_code and refresh_token"
+            == (
+                "grant_types must be authorization_code and "
+                "refresh_token or client_credentials"
+            )
+        )
+
+    @pytest.mark.anyio
+    async def test_client_registration_client_credentials(
+        self, test_client: httpx.AsyncClient
+    ):
+        client_metadata = {
+            "redirect_uris": ["https://client.example.com/callback"],
+            "client_name": "CC Client",
+            "grant_types": ["client_credentials"],
+        }
+
+        response = await test_client.post(
+            "/register",
+            json=client_metadata,
         )
 
+        assert response.status_code == 201, response.content
+        client_info = response.json()
+        assert client_info["grant_types"] == ["client_credentials"]
+
 
 class TestAuthorizeEndpointErrors:
     """Test error handling in the OAuth authorization endpoint."""
