Merge branch 'main' into auth-metadata

Signed-off-by: Xin Fu <[email protected]>

Author: imfing

.github/workflows/publish-docs-manually.yml

@@ -19,6 +19,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
       - uses: actions/cache@v4

.github/workflows/publish-pypi.yml

@@ -16,6 +16,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - name: Set up Python 3.12
         run: uv python install 3.12
@@ -67,6 +68,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
       - uses: actions/cache@v4

.github/workflows/shared.yml

@@ -13,6 +13,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - name: Install the project
         run: uv sync --frozen --all-extras --dev --python 3.12
@@ -29,6 +30,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - name: Install the project
         run: uv sync --frozen --all-extras --dev --python 3.12
@@ -50,6 +52,7 @@ jobs:
         uses: astral-sh/setup-uv@v3
         with:
           enable-cache: true
+          version: 0.7.2
 
       - name: Install the project
         run: uv sync --frozen --all-extras --dev --python ${{ matrix.python-version }}

README.md

@@ -160,7 +160,7 @@ from dataclasses import dataclass
 
 from fake_database import Database  # Replace with your actual DB type
 
-from mcp.server.fastmcp import Context, FastMCP
+from mcp.server.fastmcp import FastMCP
 
 # Create a named server
 mcp = FastMCP("My App")
@@ -192,9 +192,10 @@ mcp = FastMCP("My App", lifespan=app_lifespan)
 
 # Access type-safe lifespan context in tools
 @mcp.tool()
-def query_db(ctx: Context) -> str:
+def query_db() -> str:
     """Tool that uses initialized resources"""
-    db = ctx.request_context.lifespan_context.db
+    ctx = mcp.get_context()
+    db = ctx.request_context.lifespan_context["db"]
     return db.query()
 ```
 
@@ -631,7 +632,7 @@ server = Server("example-server", lifespan=server_lifespan)
 # Access lifespan context in handlers
 @server.call_tool()
 async def query_db(name: str, arguments: dict) -> list:
-    ctx = server.get_context()
+    ctx = server.request_context
     db = ctx.lifespan_context["db"]
     return await db.query(arguments["query"])
 ```

pyproject.toml

@@ -44,6 +44,7 @@ mcp = "mcp.cli:app [cli]"
 [tool.uv]
 resolution = "lowest-direct"
 default-groups = ["dev", "docs"]
+required-version = ">=0.7.2"
 
 [dependency-groups]
 dev = [
@@ -55,6 +56,7 @@ dev = [
     "pytest-xdist>=3.6.1",
     "pytest-examples>=0.0.14",
     "pytest-pretty>=1.2.0",
+    "inline-snapshot>=0.23.0",
 ]
 docs = [
     "mkdocs>=1.6.1",
@@ -63,7 +65,6 @@ docs = [
     "mkdocstrings-python>=1.12.2",
 ]
 
-
 [build-system]
 requires = ["hatchling", "uv-dynamic-versioning"]
 build-backend = "hatchling.build"

src/mcp/server/auth/routes.py

@@ -166,31 +166,19 @@ def create_auth_routes(
     return routes
 
 
-def modify_url_path(url: AnyHttpUrl, path_mapper: Callable[[str], str]) -> AnyHttpUrl:
-    return AnyHttpUrl.build(
-        scheme=url.scheme,
-        username=url.username,
-        password=url.password,
-        host=url.host,
-        port=url.port,
-        path=path_mapper(url.path or ""),
-        query=url.query,
-        fragment=url.fragment,
-    )
-
-
 def build_metadata(
     issuer_url: AnyHttpUrl,
     service_documentation_url: AnyHttpUrl | None,
     client_registration_options: ClientRegistrationOptions,
     revocation_options: RevocationOptions,
 ) -> OAuthMetadata:
-    authorization_url = modify_url_path(
-        issuer_url, lambda path: path.rstrip("/") + AUTHORIZATION_PATH.lstrip("/")
+    authorization_url = AnyHttpUrl(
+        str(issuer_url).rstrip("/") + AUTHORIZATION_PATH
     )
-    token_url = modify_url_path(
-        issuer_url, lambda path: path.rstrip("/") + TOKEN_PATH.lstrip("/")
+    token_url = AnyHttpUrl(
+        str(issuer_url).rstrip("/") + TOKEN_PATH
     )
+
     # Create metadata
     metadata = OAuthMetadata(
         issuer=issuer_url,
@@ -212,14 +200,14 @@ def build_metadata(
 
     # Add registration endpoint if supported
     if client_registration_options.enabled:
-        metadata.registration_endpoint = modify_url_path(
-            issuer_url, lambda path: path.rstrip("/") + REGISTRATION_PATH.lstrip("/")
+        metadata.registration_endpoint = AnyHttpUrl(
+            str(issuer_url).rstrip("/") + REGISTRATION_PATH
         )
 
     # Add revocation endpoint if supported
     if revocation_options.enabled:
-        metadata.revocation_endpoint = modify_url_path(
-            issuer_url, lambda path: path.rstrip("/") + REVOCATION_PATH.lstrip("/")
+        metadata.revocation_endpoint = AnyHttpUrl(
+            str(issuer_url).rstrip("/") + REVOCATION_PATH
         )
         metadata.revocation_endpoint_auth_methods_supported = ["client_secret_post"]
 

tests/client/test_auth.py

@@ -10,9 +10,12 @@
 
 import httpx
 import pytest
+from inline_snapshot import snapshot
 from pydantic import AnyHttpUrl
 
 from mcp.client.auth import OAuthClientProvider
+from mcp.server.auth.routes import build_metadata
+from mcp.server.auth.settings import ClientRegistrationOptions, RevocationOptions
 from mcp.shared.auth import (
     OAuthClientInformationFull,
     OAuthClientMetadata,
@@ -905,3 +908,76 @@ async def test_token_exchange_error_basic(self, oauth_provider, oauth_client_inf
                 await oauth_provider._exchange_code_for_token(
                     "invalid_auth_code", oauth_client_info
                 )
+
+
+@pytest.mark.parametrize(
+    (
+        "issuer_url",
+        "service_documentation_url",
+        "authorization_endpoint",
+        "token_endpoint",
+        "registration_endpoint",
+        "revocation_endpoint",
+    ),
+    (
+        pytest.param(
+            "https://auth.example.com",
+            "https://auth.example.com/docs",
+            "https://auth.example.com/authorize",
+            "https://auth.example.com/token",
+            "https://auth.example.com/register",
+            "https://auth.example.com/revoke",
+            id="simple-url",
+        ),
+        pytest.param(
+            "https://auth.example.com/",
+            "https://auth.example.com/docs",
+            "https://auth.example.com/authorize",
+            "https://auth.example.com/token",
+            "https://auth.example.com/register",
+            "https://auth.example.com/revoke",
+            id="with-trailing-slash",
+        ),
+        pytest.param(
+            "https://auth.example.com/v1/mcp",
+            "https://auth.example.com/v1/mcp/docs",
+            "https://auth.example.com/v1/mcp/authorize",
+            "https://auth.example.com/v1/mcp/token",
+            "https://auth.example.com/v1/mcp/register",
+            "https://auth.example.com/v1/mcp/revoke",
+            id="with-path-param",
+        ),
+    ),
+)
+def test_build_metadata(
+    issuer_url: str,
+    service_documentation_url: str,
+    authorization_endpoint: str,
+    token_endpoint: str,
+    registration_endpoint: str,
+    revocation_endpoint: str,
+):
+    metadata = build_metadata(
+        issuer_url=AnyHttpUrl(issuer_url),
+        service_documentation_url=AnyHttpUrl(service_documentation_url),
+        client_registration_options=ClientRegistrationOptions(
+            enabled=True, valid_scopes=["read", "write", "admin"]
+        ),
+        revocation_options=RevocationOptions(enabled=True),
+    )
+
+    assert metadata == snapshot(
+        OAuthMetadata(
+            issuer=AnyHttpUrl(issuer_url),
+            authorization_endpoint=AnyHttpUrl(authorization_endpoint),
+            token_endpoint=AnyHttpUrl(token_endpoint),
+            registration_endpoint=AnyHttpUrl(registration_endpoint),
+            scopes_supported=["read", "write", "admin"],
+            grant_types_supported=["authorization_code", "refresh_token"],
+            token_endpoint_auth_methods_supported=["client_secret_post"],
+            service_documentation=AnyHttpUrl(service_documentation_url),
+            revocation_endpoint=AnyHttpUrl(revocation_endpoint),
+            revocation_endpoint_auth_methods_supported=["client_secret_post"],
+            code_challenge_methods_supported=["S256"],
+        )
+    )