Skip to content

Conversation

jokemanfire
Copy link
Collaborator

response_types_supported should be judement while try to do 'Authorization Code Flow'

Motivation and Context

according to rfc8414

How Has This Been Tested?

No

Breaking Changes

auth server should be more standardized.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@github-actions github-actions bot added T-core Core library changes T-examples Example code changes T-transport Transport layer changes labels Oct 15, 2025
@jokemanfire
Copy link
Collaborator Author

response_types_supported
REQUIRED. JSON array containing a list of the OAuth 2.0
"response_type" values that this authorization server supports.
The array values used are the same as those used with the
"response_types" parameter defined by "OAuth 2.0 Dynamic Client
Registration Protocol" [RFC7591].

pub issuer: Option<String>,
pub jwks_uri: Option<String>,
pub scopes_supported: Option<Vec<String>>,
pub response_types_supported: Option<Vec<String>>,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the option here be removed for compatibility with rfc8414?

@4t145 4t145 requested a review from Copilot October 15, 2025 10:26
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements RFC 8414 compliance by adding validation for the response_types_supported field in OAuth 2.0 authorization server metadata to ensure servers support the "code" response type used in Authorization Code Flow.

  • Adds response_types_supported field to AuthorizationMetadata struct
  • Implements validation in both registration and authorization flows to check for "code" support
  • Updates example server to include the required field and simplifies metadata creation using Default

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
crates/rmcp/src/transport/auth.rs Adds response_types_supported field and validation logic for RFC 8414 compliance
examples/servers/src/complex_auth_sse.rs Updates example server to include response_types_supported field

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

response_types_supported should be judement while try to do 'Authorization Code Flow'

Signed-off-by: jokemanfire <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

T-core Core library changes T-examples Example code changes T-transport Transport layer changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant