-
Notifications
You must be signed in to change notification settings - Fork 139
[Client] Implement Authorization Server Metadata discovery (RFC 8414) #318
Copy link
Copy link
Open
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP1Significant bug affecting many users, highly requested featureSignificant bug affecting many users, highly requested featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Description
Metadata
Metadata
Assignees
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP1Significant bug affecting many users, highly requested featureSignificant bug affecting many users, highly requested featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Type
Fields
Give feedbackNo fields configured for issues without a type.
Context
Once the AS issuer is known (from PRM), the client must fetch its metadata at
/.well-known/oauth-authorization-server(RFC 8414) to learn theauthorization_endpoint,token_endpoint,registration_endpoint,scopes_supported,token_endpoint_auth_methods_supported, andgrant_types_supported.Scope
Mcp\Client\Auth\AuthorizationServerMetadataDiscoverer.TokenStorageis backed by it)./.well-known/openid-configuration) when RFC 8414 endpoint 404s.Conformance scenarios unblocked
auth/metadata-*(full set),auth/scope-from-scopes-supported.Dependencies
Blocked by: #317 (PRM provides the issuer URL).
Acceptance
Mcp\Server\Transport\Http\OAuth\OidcDiscoveryfor shape parity if practical.cc @soyuka