Validation of response_modes_supported member of OAuthMetadata is too strict

### Initial Checks

- [x] I confirm that I'm using the latest version of MCP Python SDK
- [x] I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue

### Description

Authentication providers such as Keycloak support an OAuth2 extension called JARM (JWT Secured Authorization Response Mode) which defines new values for the `response_modes_supported` member of the OAuthMetadata response.  See https://openid.net/specs/oauth-v2-jarm.html#name-response-encoding for details.

The pydantic model for OAuthMetadata only allows certain values in the response, which causes the model construction and remainder of the auth flow to fail.

I would propose relaxing the validation such that `response_modes_supported` is simply a `list[str]`.

### Example Code

```Python

```

### Python & MCP Python SDK

```Text
python 3.13
mcp v1.12.3
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Validation of response_modes_supported member of OAuthMetadata is too strict #1242

Initial Checks

Description

Example Code

Python & MCP Python SDK

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Validation of response_modes_supported member of OAuthMetadata is too strict #1242

Description

Initial Checks

Description

Example Code

Python & MCP Python SDK

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions