From 02da247993640d72c3ae633c3d0c2e018784428a Mon Sep 17 00:00:00 2001 From: siddhirajkatkar Date: Tue, 12 May 2026 21:37:09 +0530 Subject: [PATCH] fix: strip trailing slash from resource URL in get_resource_url() Pydantic v2 AnyHttpUrl adds a trailing slash to bare-domain URLs when str() is called, causing audience mismatch with Entra ID v2.0 which registers the resource without a trailing slash. Fixes #2578 --- src/mcp/client/auth/oauth2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mcp/client/auth/oauth2.py b/src/mcp/client/auth/oauth2.py index 72309f577..551340875 100644 --- a/src/mcp/client/auth/oauth2.py +++ b/src/mcp/client/auth/oauth2.py @@ -151,7 +151,7 @@ def get_resource_url(self) -> str: # If PRM provides a resource that's a valid parent, use it if self.protected_resource_metadata and self.protected_resource_metadata.resource: - prm_resource = str(self.protected_resource_metadata.resource) + prm_resource = str(self.protected_resource_metadata.resource).rstrip("/") if check_resource_allowed(requested_resource=resource, configured_resource=prm_resource): resource = prm_resource