Skip to content

Issue 687 fix #740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Issue 687 fix #740

wants to merge 2 commits into from
+147 −5

Conversation

Vinisha-projects
Copy link

This PR implements authorization support as per RFC 9728 (#686).
It introduces robust token generation and validation methods, fully aligned with the new MCP authorization specification.
The changes include:
Implementation of token generation using JWT with proper encoding and expiration.
Validation of JWT tokens with issuer and audience verification.
Error handling for expired or invalid tokens.
Unit tests for token generation, validation, claim extraction, and expiration scenarios.

Motivation and Context

The primary motivation for this change is to ensure MCP Python SDK’s compliance with RFC 9728, the new authorization specification.
By adding proper token management, it
*Enhances security by leveraging JWT-based authentication.
*Aligns with the authorization standards outlined in the MCP specification.
*Provides a robust framework for secure client-server communication.
*This change addresses Issue #686 by implementing the authorization flow, including token creation, validation, and handling edge cases like expiration and invalid claims.

How Has This Been Tested?

*All unit tests have been executed and passed successfully, covering the following scenarios:
*Generating a valid token and verifying its claims.
*Detecting an expired token.
*Extracting a specific claim from a valid token.
*Handling a token with invalid claims.

Handling a completely invalid or malformed token.

Breaking Changes

None.
The introduced features are additive and do not affect existing functionality.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

This feature aligns the MCP Python SDK with the latest authorization standards as outlined in RFC 9728.
It also improves security practices by ensuring token validity and proper claim extraction in a structured and standardized way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Vinisha-projects