Add resource_owner field to AuthorizationCode and AccessToken classes

Author: yukuanj

examples/servers/simple-auth/mcp_simple_auth/simple_auth_provider.py

@@ -163,6 +163,7 @@ async def handle_simple_callback(self, username: str, password: str, state: str)
         redirect_uri_provided_explicitly = state_data["redirect_uri_provided_explicitly"] == "True"
         client_id = state_data["client_id"]
         resource = state_data.get("resource")  # RFC 8707
+        resource_owner = username  # Use username as resource owner
 
         # These are required values from our own state mapping
         assert redirect_uri is not None
@@ -184,6 +185,7 @@ async def handle_simple_callback(self, username: str, password: str, state: str)
             scopes=[self.settings.mcp_scope],
             code_challenge=code_challenge,
             resource=resource,  # RFC 8707
+            resource_owner=resource_owner,
         )
         self.auth_codes[new_code] = auth_code
 
@@ -220,6 +222,7 @@ async def exchange_authorization_code(
             scopes=authorization_code.scopes,
             expires_at=int(time.time()) + 3600,
             resource=authorization_code.resource,  # RFC 8707
+            resource_owner=authorization_code.resource_owner,
         )
 
         # Store user data mapping for this token

src/mcp/server/auth/provider.py

@@ -25,6 +25,7 @@ class AuthorizationCode(BaseModel):
     redirect_uri: AnyUrl
     redirect_uri_provided_explicitly: bool
     resource: str | None = None  # RFC 8707 resource indicator
+    resource_owner: str | None = None
 
 
 class RefreshToken(BaseModel):
@@ -40,6 +41,7 @@ class AccessToken(BaseModel):
     scopes: list[str]
     expires_at: int | None = None
     resource: str | None = None  # RFC 8707 resource indicator
+    resource_owner: str | None = None
 
 
 RegistrationErrorCode = Literal[