-
Notifications
You must be signed in to change notification settings - Fork 139
[Client] Add OAuth 2025-03-26 metadata backcompat fallback #326
Copy link
Copy link
Open
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP2Moderate issues affecting some users, edge cases, potentially valuable featureModerate issues affecting some users, edge cases, potentially valuable featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Description
Metadata
Metadata
Assignees
Labels
ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP2Moderate issues affecting some users, edge cases, potentially valuable featureModerate issues affecting some users, edge cases, potentially valuable featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Type
Fields
Give feedbackNo fields configured for issues without a type.
Context
Older MCP servers (spec revision
2025-03-26) do not publish/.well-known/oauth-protected-resource. The client must fall back to discovering OAuth metadata directly from the MCP server origin's/.well-known/oauth-authorization-serverand, if missing, from the issuer derived by URL convention.Scope
WWW-Authenticatelacksresource_metadata:/.well-known/oauth-protected-resourceat MCP server origin./.well-known/oauth-authorization-serverat MCP server origin./.well-known/openid-configuration).initialize; only enable fallback chain when the server announced2025-03-26.Conformance scenarios unblocked
auth/2025-03-26-oauth-metadata-backcompat,auth/2025-03-26-oauth-endpoint-fallback.Dependencies
Blocked by: #317, #318.
Acceptance
cc @soyuka