fix: add RFC 8707 resource validation to OAuth client by felixweinberger · Pull Request #2069 · modelcontextprotocol/python-sdk
marked this pull request as draft
Base automatically changed from fweinberger/v1x-conformance-ci to v1.x
February 16, 2026 19:27
Backport from main (PR #2010). The client now validates that the Protected Resource Metadata resource field matches the server URL before proceeding with authorization, rejecting mismatched resources per RFC 8707. This fixes the auth/resource-mismatch conformance test, bringing client conformance to 251/251 (100%) on v1.x.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters