From f348481def35639c26ef49c056aef2b2721a2ac8 Mon Sep 17 00:00:00 2001 From: yannj-fr <4557670+yannj-fr@users.noreply.github.com> Date: Mon, 4 Aug 2025 20:06:32 +0200 Subject: [PATCH 1/2] Improved supported for ProtectedResourceMetadata --- src/mcp/server/auth/routes.py | 4 ++++ src/mcp/shared/auth.py | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/mcp/server/auth/routes.py b/src/mcp/server/auth/routes.py index e4db806e7..bce32df52 100644 --- a/src/mcp/server/auth/routes.py +++ b/src/mcp/server/auth/routes.py @@ -190,6 +190,8 @@ def create_protected_resource_routes( resource_url: AnyHttpUrl, authorization_servers: list[AnyHttpUrl], scopes_supported: list[str] | None = None, + resource_name: str | None = None, + resource_documentation: AnyHttpUrl | None = None, ) -> list[Route]: """ Create routes for OAuth 2.0 Protected Resource Metadata (RFC 9728). @@ -209,6 +211,8 @@ def create_protected_resource_routes( resource=resource_url, authorization_servers=authorization_servers, scopes_supported=scopes_supported, + resource_name=resource_name, + resource_documentation=resource_documentation, # bearer_methods_supported defaults to ["header"] in the model ) diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py index 33878ee15..a5d476809 100644 --- a/src/mcp/shared/auth.py +++ b/src/mcp/shared/auth.py @@ -139,6 +139,17 @@ class ProtectedResourceMetadata(BaseModel): resource: AnyHttpUrl authorization_servers: list[AnyHttpUrl] = Field(..., min_length=1) + jwks_uri: AnyHttpUrl | None = None scopes_supported: list[str] | None = None bearer_methods_supported: list[str] | None = Field(default=["header"]) # MCP only supports header method + resource_signing_alg_values_supported: list[str] | None = None + resource_name: str | None = None resource_documentation: AnyHttpUrl | None = None + resource_policy_uri: AnyHttpUrl | None = None + resource_tos_uri: AnyHttpUrl | None = None + #tls_client_certificate_bound_access_tokens default is False, but ommited here for clarity + tls_client_certificate_bound_access_tokens: bool | None = None + authorization_details_types_supported: list[str] | None = None + dpop_signing_alg_values_supported: list[str] | None = None + #dpop_bound_access_tokens_required default is False, but ommited here for clarity + dpop_bound_access_tokens_required: bool | None = None From 39e7576c50cb17db13bdf58500404fcefff6d912 Mon Sep 17 00:00:00 2001 From: Paul Carleton Date: Mon, 4 Aug 2025 19:26:31 +0100 Subject: [PATCH 2/2] formatting --- src/mcp/shared/auth.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py index a5d476809..53a56882b 100644 --- a/src/mcp/shared/auth.py +++ b/src/mcp/shared/auth.py @@ -147,9 +147,9 @@ class ProtectedResourceMetadata(BaseModel): resource_documentation: AnyHttpUrl | None = None resource_policy_uri: AnyHttpUrl | None = None resource_tos_uri: AnyHttpUrl | None = None - #tls_client_certificate_bound_access_tokens default is False, but ommited here for clarity + # tls_client_certificate_bound_access_tokens default is False, but ommited here for clarity tls_client_certificate_bound_access_tokens: bool | None = None authorization_details_types_supported: list[str] | None = None dpop_signing_alg_values_supported: list[str] | None = None - #dpop_bound_access_tokens_required default is False, but ommited here for clarity + # dpop_bound_access_tokens_required default is False, but ommited here for clarity dpop_bound_access_tokens_required: bool | None = None