Skip to content

Commit 36d1e0d

Browse files
ihrprihrpr
committed
add legacy mcp server as AS server for testing backwards compatibility
1 parent beef439 commit 36d1e0d

File tree

2 files changed

+413
-1
lines changed

2 files changed

+413
-1
lines changed

examples/servers/simple-auth/README.md

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,11 +88,43 @@ curl http://localhost:9000/.well-known/oauth-authorization-server
8888
}
8989
```
9090

91+
## Legacy MCP Server as Authorization Server (Backwards Compatibility)
92+
93+
For backwards compatibility with older MCP implementations, a legacy server is provided that acts as an Authorization Server (following the old spec where MCP servers could optionally provide OAuth):
94+
95+
### Running the Legacy Server
96+
97+
```bash
98+
# Start legacy authorization server on port 8002
99+
python -m mcp_simple_auth.legacy_as_server --port=8002
100+
```
101+
102+
**Differences from the new architecture:**
103+
- **MCP server acts as AS:** The MCP server itself provides OAuth endpoints (old spec behavior)
104+
- **No separate RS:** The server handles both authentication and MCP tools
105+
- **Local token validation:** Tokens are validated internally without introspection
106+
- **No RFC 9728 support:** Does not provide `/.well-known/oauth-protected-resource`
107+
- **Direct OAuth discovery:** OAuth metadata is at the MCP server's URL
108+
109+
### Testing with Legacy Server
110+
111+
```bash
112+
# Test with client (will automatically fall back to legacy discovery)
113+
MCP_SERVER_PORT=8002 MCP_TRANSPORT_TYPE=streamable_http python -m mcp_simple_auth_client.main
114+
```
115+
116+
The client will:
117+
1. Try RFC 9728 discovery at `/.well-known/oauth-protected-resource` (404 on legacy server)
118+
2. Fall back to direct OAuth discovery at `/.well-known/oauth-authorization-server`
119+
3. Complete authentication with the MCP server acting as its own AS
120+
121+
This ensures existing MCP servers (which could optionally act as Authorization Servers under the old spec) continue to work while the ecosystem transitions to the new architecture where MCP servers are Resource Servers only.
122+
91123
## Manual Testing
92124

93125
### Test Discovery
94126
```bash
95-
# Test Resource Server discovery endpoint
127+
# Test Resource Server discovery endpoint (new architecture)
96128
curl -v http://localhost:8001/.well-known/oauth-protected-resource
97129

98130
# Test Authorization Server metadata

0 commit comments

Comments
 (0)