Fix/simple auth example#2846
Conversation
|
Reproduced #2826 end-to-end against current `upstream/main` and verified this fix resolves it. Before the fix, running the exact repro from #2826 (auth server on :9000, resource server on :8001, then the auth client with `MCP_TRANSPORT_TYPE=streamable-http`) fails during the OAuth flow with: After applying this PR's diff to the same checkout: the resource server now logs `MCP Resource Server running on http://localhost:8001/\` (no `/mcp`), and the client completes the full OAuth flow (`resource=http%3A%2F%2Flocalhost%3A8001%2F` in the `/authorize` request now matches) and reaches `✨ Session initialization complete!` / `✅ Connected to MCP server`. Also checked the second half of the diff (`revoke_token` signature fix in `simple_auth_provider.py`): the base `OAuthAuthorizationServerProvider.revoke_token` protocol in `src/mcp/server/auth/provider.py` is `async def revoke_token(self, token: AccessTokenT | RefreshTokenT) -> None`, so the old override (`token: str, token_type_hint: str | None = None`) was indeed a real signature mismatch, not just a stylistic TODO — this PR's `token: AccessToken | RefreshToken` + `token.token` lookup now matches the protocol it implements. Both fixes are small, correct, and directly resolve #2826 — no regressions spotted in the surrounding code. |
Fixes #2826 .
Motivation and Context
Fixes an error in the simple-auth example:
server_urllinkHow Has This Been Tested?
In addition to the tests, type checking and linting provided in the repo, I have tried to recreate the issue described in #2826 and it is now working fine.
Breaking Changes
No.
Types of changes
Checklist
Additional context