MCP Python SDK Implementation Gap-12: Server Missing Token Validation - "MUST NOT accept or transit any other tokens" #1444
Description
Initial Checks
- I confirm that I'm using the latest version of MCP Python SDK
- I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue
Description
Summary
The MCP Python SDK server violates the specification requirement that "MCP servers MUST NOT accept or transit any other tokens." The server's verify_token() implementation only performs token loading rather than proper validation, allowing potentially invalid or unauthorized tokens to be accepted.
Issue Details
Rule Violation
MCP Specification: "MCP servers MUST NOT accept or transit any other tokens."
Root Cause
File: src/mcp/server/auth/provider.py
# Lines 304-306: ProviderTokenVerifier.verify_token()
async def verify_token(self, token: str) -> AccessToken | None:
"""Verify token using the provider's load_access_token method."""
return await self.provider.load_access_token(token)Current validation only checks:
- ✅ Token exists in storage (
load_access_token) - ✅ Token is not expired (in
BearerAuthBackend)
Missing critical validations:
- ❌ MUST NOT check
Impact
- Compliance Violation: Fails "MUST NOT accept or transit any other tokens" requirement
- Security Risk: Server may accept forged, invalid, or unauthorized tokens
Files Affected
src/mcp/server/auth/provider.py(lines 304-306)src/mcp/server/auth/middleware/bearer_auth.py(lines 30-49)
Proposed Solution
Implement comprehensive token validation in verify_token() that includes signature verification, format validation, issuer verification, and other OAuth 2.1 Section 5.2 requirements.
Related Issues
This issue is part of a broader token validation gap. Related issues have been reported for resource validation (#1435) and OAuth 2.1 Section 5.2 compliance, all stemming from the same root cause of incomplete verify_token() implementation.
Example Code
Python & MCP Python SDK
latest