MCP Python SDK Implementation Gap-13: Server Missing Token Issuer Validation

[younaman]

Initial Checks

• I confirm that I'm using the latest version of MCP Python SDK
• I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue

Description

Summary

The MCP Python SDK server violates the specification requirement that "MCP servers MUST validate that tokens presented to them were specifically issued for their use." The server's verify_token() implementation only performs token loading without validating the token's issuer, allowing tokens from other authorization servers to be accepted.

Issue Details

Rule Violation

MCP Specification: "MCP servers MUST validate that tokens presented to them were specifically issued for their use."

Root Cause

File: src/mcp/server/auth/provider.py

# Lines 304-306: ProviderTokenVerifier.verify_token()
async def verify_token(self, token: str) -> AccessToken | None:
    """Verify token using the provider's load_access_token method."""
    return await self.provider.load_access_token(token)

Current validation only checks:

• ✅ Token exists in storage
• ✅ Token is not expired (in BearerAuthBackend)

Missing critical validation:

• ❌ Token issuer verification

Evidence of Missing Issuer Validation

File: src/mcp/server/auth/middleware/bearer_auth.py

# Lines 30-49: BearerAuthBackend.authenticate()
async def authenticate(self, conn: HTTPConnection):
    # ... extract token ...
    
    # Validate the token with the verifier
    auth_info = await self.token_verifier.verify_token(token)
    
    if not auth_info:
        return None
    
    if auth_info.expires_at and auth_info.expires_at < int(time.time()):
        return None
    
    return AuthCredentials(auth_info.scopes), AuthenticatedUser(auth_info)
    # ❌ Missing: No validation of token issuer against server's issuer

Impact

• Compliance Violation: Fails "MUST validate tokens were specifically issued for their use" requirement

Files Affected

• src/mcp/server/auth/provider.py (lines 304-306)
• src/mcp/server/auth/middleware/bearer_auth.py (lines 30-49)

One Possible Solution

Add issuer validation to verify_token() or BearerAuthBackend.authenticate():

# Validate token issuer matches server's issuer
if auth_info.issuer and auth_info.issuer != self.server_issuer_url:
    return None  # Token not issued for this server

Related Issues

This issue is related to #1435 (RFC 8707 resource validation), both stemming from incomplete verify_token() implementation. While they address different compliance requirements, fixing the comprehensive token validation in verify_token() would resolve both issues.

Example Code

Python & MCP Python SDK

latest

[felixweinberger]

Hi @younaman thanks for all these submissions so far - could you confirm whether you've validated and discovered these gaps directly via inspection or are these generated via an LLM or coding agent analysis?

That would help us evaluate the priority here - in general if these are gaps you were able to confirm yourself that would provide a higher priority here.