Skip to content

Comments

feat: url based client metadata registration (SEP 991)#1098

Closed
mattzcarey wants to merge 0 commit intomodelcontextprotocol:mainfrom
mattzcarey:feat-client-url
Closed

feat: url based client metadata registration (SEP 991)#1098
mattzcarey wants to merge 0 commit intomodelcontextprotocol:mainfrom
mattzcarey:feat-client-url

Conversation

@mattzcarey
Copy link
Contributor

@mattzcarey mattzcarey commented Nov 11, 2025
edited
Loading

closes #1052

Motivation and Context

How Has This Been Tested?

npx tsx src/examples/client/simpleOAuthClient.ts
'https://stytch-as-demo.val.run/mcp'
'https://pcarleton--c1073a0b670949da87f3911be7feb5d5.web.val.run/mcp.json'

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@mattzcarey mattzcarey requested a review from a team as a code owner November 11, 2025 14:33
@pkg-pr-new
Copy link

pkg-pr-new bot commented Nov 11, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/sdk@1098

commit: 05bcad1

@chipgpt
Copy link
Contributor

chipgpt commented Nov 11, 2025

The server side support for this is #839 and should also be merged before closing #1052

@mattzcarey mattzcarey mentioned this pull request Nov 11, 2025
Closed
9 tasks
@mattzcarey
Copy link
Contributor Author

mattzcarey commented Nov 11, 2025

The server side support for this is #839 and should also be merged before closing #1052

Hey chatting with Paul and there is discussion about how the server auth handlers. Will keep this PR up to date.

@mattzcarey mattzcarey requested a review from a team as a code owner November 11, 2025 18:57
pcarleton
pcarleton requested changes Nov 17, 2025
View reviewed changes
Copy link
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good.

one tweak on non-https url.

Also I'd like to get a conformance test in before we merge, opened an issue here:
modelcontextprotocol/conformance#34

src/client/auth.ts Outdated
}
const supportsUrlBasedClientId = metadata?.client_id_metadata_document_supported === true;
const clientMetadataUrl = provider.clientMetadataUrl;
const shouldUseUrlBasedClientId = supportsUrlBasedClientId && clientMetadataUrl && isHttpsUrl(clientMetadataUrl);
Copy link
Member

@pcarleton pcarleton Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thinking about this: if it's not an HTTPS url, throwing an error would be better I think. It would be confusing and surprising if I was meaning to provide a non-HTTPS URL and it silently fell back to DCR, or failed later on for no available methods.

src/examples/client/simpleOAuthClient.ts
grant_types: ['authorization_code', 'refresh_token'],
response_types: ['code'],
token_endpoint_auth_method: 'client_secret_post',
scope: 'mcp:tools'
Copy link
Member

@pcarleton pcarleton Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 confirmed this works on the demo server too. I think we added this when scope selection was more broken early on.

@mattzcarey mattzcarey closed this Nov 17, 2025
@mattzcarey mattzcarey mentioned this pull request Nov 17, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement SEP-991: URL-based Client Registration (OAuth Client ID Metadata)

3 participants

@mattzcarey @chipgpt @pcarleton