Add OAuth Protected Resource Metadata support #807
+285
−31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduced OAuthProtectedResourceMetadata class for enhanced resource metadata handling. - Updated create_auth_routes to include resource_server_url and resource_name parameters. - Modified AuthSettings to include resource_server_url and resource_name fields. - Adjusted MetadataHandler to accept both OAuthMetadata and OAuthProtectedResourceMetadata. - Updated FastMCP to utilize new resource metadata features. Signed-off-by: Xin Fu <xfu83@bloomberg.net>
- Updated RequireAuthMiddleware to accept an optional resource_metadata_url parameter for enhanced error handling. - Adjusted create_auth_routes to include resource_server_url and resource_name parameters. - Modified OAuthProtectedResourceMetadata to change resource_documentation type to AnyHttpUrl. - Updated tests to reflect changes in resource_server_url and resource_name parameters. Signed-off-by: Xin Fu <xfu83@bloomberg.net>
- Added resource_server_url and resource_name to AuthSettings for improved metadata handling. - Updated FastMCP to utilize resource metadata URL in RequireAuthMiddleware. - Introduced get_oauth_protected_resource_metadata_url function for generating resource metadata URLs. - Modified tests to validate new metadata endpoints and middleware behavior. Signed-off-by: Xin Fu <xfu83@bloomberg.net>
Signed-off-by: Xin Fu <xfu83@bloomberg.net>
- Added a new method to discover OAuth Protected Resource Metadata, improving the handling of authorization server URLs. - Updated the OAuthClientProvider to utilize the discovered protected resource metadata when fetching OAuth metadata. - Refactored tests to validate the new discovery logic and ensure correct URL calls for protected resource and authorization server metadata. Signed-off-by: Xin Fu <xfu83@bloomberg.net>
Signed-off-by: Xin Fu <xfu83@bloomberg.net>
Signed-off-by: Xin Fu <xfu83@bloomberg.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for RFC 9728 Section 5.1 – "WWW-Authenticate" Response, enabling proper OAuth Protected Resource Metadata responses from the server, and aligns with the MCP TypeScript SDK implementation.
Motivation and Context
WWW-Authenticateresponses per RFC 9728 described in the latest draft Authorization spec.How Has This Been Tested?
Breaking Changes
Types of changes
Checklist
Additional context