Update grant types validation logic in register.py

automaton82 · web-flow · commit 45a16a8584e0 · 2025-09-19T13:01:07.000-04:00
diff --git a/src/mcp/server/auth/handlers/register.py b/src/mcp/server/auth/handlers/register.py
@@ -68,11 +68,11 @@ async def handle(self, request: Request) -> Response:
                     ),
                     status_code=400,
                 )
-        if set(client_metadata.grant_types) != {"authorization_code", "refresh_token"}:
+        if not {"authorization_code", "refresh_token"}.issubset(set(client_metadata.grant_types)):
             return PydanticJSONResponse(
                 content=RegistrationErrorResponse(
                     error="invalid_client_metadata",
-                    error_description="grant_types must be authorization_code and refresh_token",
+                    error_description="grant_types must contain authorization_code and refresh_token",
                 ),
                 status_code=400,
             )

Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,11 @@ async def handle(self, request: Request) -> Response:`
`68`	`68`	`),`
`69`	`69`	`status_code=400,`
`70`	`70`	`)`
`71`		`- if set(client_metadata.grant_types) != {"authorization_code", "refresh_token"}:`
	`71`	`+ if not {"authorization_code", "refresh_token"}.issubset(set(client_metadata.grant_types)):`
`72`	`72`	`return PydanticJSONResponse(`
`73`	`73`	`content=RegistrationErrorResponse(`
`74`	`74`	`error="invalid_client_metadata",`
`75`		`- error_description="grant_types must be authorization_code and refresh_token",`
	`75`	`+ error_description="grant_types must contain authorization_code and refresh_token",`
`76`	`76`	`),`
`77`	`77`	`status_code=400,`
`78`	`78`	`)`