From bdb0dcd32a329199448d3eeef89649287b32031d Mon Sep 17 00:00:00 2001
From: Michael <michael.v.henderson@icloud.com>
Date: Fri, 14 Nov 2025 23:22:50 -0600
Subject: [PATCH] add none to test and the router.

---
 src/server/auth/router.test.ts | 2 +-
 src/server/auth/router.ts      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/server/auth/router.test.ts b/src/server/auth/router.test.ts
index 2f020b728..ae280286b 100644
--- a/src/server/auth/router.test.ts
+++ b/src/server/auth/router.test.ts
@@ -213,7 +213,7 @@ describe('MCP Auth Router', () => {
             expect(response.body.response_types_supported).toEqual(['code']);
             expect(response.body.grant_types_supported).toEqual(['authorization_code', 'refresh_token']);
             expect(response.body.code_challenge_methods_supported).toEqual(['S256']);
-            expect(response.body.token_endpoint_auth_methods_supported).toEqual(['client_secret_post']);
+            expect(response.body.token_endpoint_auth_methods_supported).toEqual(['client_secret_post', 'none']);
             expect(response.body.revocation_endpoint_auth_methods_supported).toEqual(['client_secret_post']);
 
             // Verify optional fields
diff --git a/src/server/auth/router.ts b/src/server/auth/router.ts
index dc0a85a33..5229c4df8 100644
--- a/src/server/auth/router.ts
+++ b/src/server/auth/router.ts
@@ -92,7 +92,7 @@ export const createOAuthMetadata = (options: {
         code_challenge_methods_supported: ['S256'],
 
         token_endpoint: new URL(token_endpoint, baseUrl || issuer).href,
-        token_endpoint_auth_methods_supported: ['client_secret_post'],
+        token_endpoint_auth_methods_supported: ['client_secret_post', 'none'],
         grant_types_supported: ['authorization_code', 'refresh_token'],
 
         scopes_supported: options.scopesSupported,