Skip to content

feat: url based client metadata registration (SEP 991) #1098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 0 commits into from
Closed

feat: url based client metadata registration (SEP 991) #1098

wants to merge 0 commits into from

Conversation

@mattzcarey
Copy link
Contributor

@mattzcarey mattzcarey commented Nov 11, 2025
edited
Loading

closes #1052

Motivation and Context

How Has This Been Tested?

npx tsx src/examples/client/simpleOAuthClient.ts
'https://stytch-as-demo.val.run/mcp'
'https://pcarleton--c1073a0b670949da87f3911be7feb5d5.web.val.run/mcp.json'

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@mattzcarey mattzcarey requested a review from a team as a code owner November 11, 2025 14:33
@pkg-pr-new
Copy link

pkg-pr-new bot commented Nov 11, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/sdk@1098

commit: 05bcad1

@chipgpt
Copy link
Contributor

chipgpt commented Nov 11, 2025

The server side support for this is #839 and should also be merged before closing #1052

@mattzcarey mattzcarey mentioned this pull request Nov 11, 2025
Open
9 tasks
@mattzcarey
Copy link
Contributor Author

mattzcarey commented Nov 11, 2025

The server side support for this is #839 and should also be merged before closing #1052

Hey chatting with Paul and there is discussion about how the server auth handlers. Will keep this PR up to date.

@mattzcarey mattzcarey requested a review from a team as a code owner November 11, 2025 18:57
pcarleton
pcarleton requested changes Nov 17, 2025
View reviewed changes
Copy link
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good.

one tweak on non-https url.

Also I'd like to get a conformance test in before we merge, opened an issue here:
modelcontextprotocol/conformance#34

src/client/auth.ts Outdated
}
const supportsUrlBasedClientId = metadata?.client_id_metadata_document_supported === true;
const clientMetadataUrl = provider.clientMetadataUrl;
const shouldUseUrlBasedClientId = supportsUrlBasedClientId && clientMetadataUrl && isHttpsUrl(clientMetadataUrl);
Copy link
Member

@pcarleton pcarleton Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thinking about this: if it's not an HTTPS url, throwing an error would be better I think. It would be confusing and surprising if I was meaning to provide a non-HTTPS URL and it silently fell back to DCR, or failed later on for no available methods.

src/examples/client/simpleOAuthClient.ts
grant_types: ['authorization_code', 'refresh_token'],
response_types: ['code'],
token_endpoint_auth_method: 'client_secret_post',
scope: 'mcp:tools'
Copy link
Member

@pcarleton pcarleton Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 confirmed this works on the demo server too. I think we added this when scope selection was more broken early on.

@mattzcarey mattzcarey closed this Nov 17, 2025
@mattzcarey mattzcarey mentioned this pull request Nov 17, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement SEP-991: URL-based Client Registration (OAuth Client ID Metadata)

3 participants

@mattzcarey @chipgpt @pcarleton