fix: add RFC 8707 resource validation to OAuth client by felixweinberger · Pull Request #2069 · modelcontextprotocol/python-sdk
Stacked on #2068.
Partial backport of #2010.
Motivation and Context
The conformance test auth/resource-mismatch requires the client to validate that the Protected Resource Metadata (PRM) resource field matches the server URL before proceeding with authorization (RFC 8707). This was implemented on main in PR #2010 but missing from v1.x.
How Has This Been Tested?
- 3 unit tests added (reject mismatch, accept match, trailing slash normalization)
- Full conformance suite: 251/251 passing (server 40/40, client 211/211)
- Baseline check passes with empty expected-failures
Breaking Changes
None.
Types of changes
- Bug fix (non-breaking change which fixes an issue)
- New feature (non-breaking change which adds functionality)
- Breaking change (fix or feature that would cause existing functionality to change)
- Documentation update
Checklist
- I have read the MCP Documentation
- My code follows the repository's style guidelines
- New and existing tests pass locally
- I have added appropriate error handling
- I have added or updated documentation as needed
Additional context
Backport of main PR #2010. The validation method rejects PRM resources that don't match the server URL, with trailing slash normalization to handle root URL variations.