fix: pass conformance auth scenarios, add RFC 8707 resource validation by felixweinberger · Pull Request #2010 · modelcontextprotocol/python-sdk
marked this pull request as ready for review
Kludex previously approved these changes Feb 7, 2026
The conformance test suite was broken by @modelcontextprotocol/conformance@0.1.13 introducing new auth scenarios that require: 1. Pre-registered client credentials from MCP_CONFORMANCE_CONTEXT 2. RFC 8707 resource validation (PRM resource must match server URL) SDK changes: - Add _validate_resource_match() to OAuthClientProvider that validates the Protected Resource Metadata resource field matches the server URL before proceeding with the auth flow - Add validate_resource_url callback parameter for custom validation Conformance client changes: - Pre-load client credentials from MCP_CONFORMANCE_CONTEXT into token storage when available, allowing the existing flow to skip DCR when pre-registered credentials are present CI: bump conformance package from 0.1.10 to 0.1.13
Address review feedback: - Convert TestResourceValidation class to standalone test functions - Use inline_snapshot for assertion values
Reverts the disable from #2007 now that the conformance client supports the new auth scenarios.
felixweinberger added a commit that referenced this pull request
Feb 16, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
felixweinberger added a commit that referenced this pull request
Feb 16, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
felixweinberger added a commit that referenced this pull request
Feb 16, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
felixweinberger added a commit that referenced this pull request
Feb 16, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
felixweinberger added a commit that referenced this pull request
Feb 17, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
felixweinberger added a commit that referenced this pull request
Feb 17, 2026
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters