Skip to content

Issue 1379 patch - Fix MCP server OAuth not working with Visual Studio Code and others with extra grant_types #1380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Sep 29, 2025
Merged

Issue 1379 patch - Fix MCP server OAuth not working with Visual Studio Code and others with extra grant_types #1380

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
929df70
Update grant types validation logic in register.py
automaton82 Sep 19, 2025
8eabbdb
Update grant_types to allow string values
automaton82 Sep 19, 2025
744134e
Fix formatting in auth.py for grant_types list
automaton82 Sep 19, 2025
4053955
Add Union type to imports in auth.py
automaton82 Sep 19, 2025
591e153
Update error description for client metadata validation
automaton82 Sep 19, 2025
0c46320
Refactor typing for grant_types in auth.py
automaton82 Sep 19, 2025
f983a04
Add test for client registration with additional grant type
automaton82 Sep 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/mcp/server/auth/handlers/register.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ async def handle(self, request: Request) -> Response:
),
status_code=400,
)
if set(client_metadata.grant_types) != {"authorization_code", "refresh_token"}:
if not {"authorization_code", "refresh_token"}.issubset(set(client_metadata.grant_types)):
return PydanticJSONResponse(
content=RegistrationErrorResponse(
error="invalid_client_metadata",
Expand Down
2 changes: 1 addition & 1 deletion src/mcp/shared/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class OAuthClientMetadata(BaseModel):
# ie: we do not support client_secret_basic
token_endpoint_auth_method: Literal["none", "client_secret_post"] = "client_secret_post"
# grant_types: this implementation only supports authorization_code & refresh_token
grant_types: list[Literal["authorization_code", "refresh_token"]] = [
grant_types: list[Literal["authorization_code", "refresh_token"] | str] = [
"authorization_code",
"refresh_token",
]
Expand Down
17 changes: 17 additions & 0 deletions tests/server/fastmcp/auth/test_auth_integration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -937,6 +937,23 @@ async def test_client_registration_invalid_grant_type(self, test_client: httpx.A
assert error_data["error"] == "invalid_client_metadata"
assert error_data["error_description"] == "grant_types must be authorization_code and refresh_token"

@pytest.mark.anyio
async def test_client_registration_with_additional_grant_type(self, test_client: httpx.AsyncClient):
client_metadata = {
"redirect_uris": ["https://client.example.com/callback"],
"client_name": "Test Client",
"grant_types": ["authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code"],
}

response = await test_client.post("/register", json=client_metadata)
assert response.status_code == 201
client_info = response.json()

# Verify client was registered successfully
assert "client_id" in client_info
assert "client_secret" in client_info
assert client_info["client_name"] == "Test Client"

@pytest.mark.anyio
async def test_client_registration_with_additional_response_types(
self, test_client: httpx.AsyncClient, mock_oauth_provider: MockOAuthProvider
Expand Down
Loading