work

Author: SoldierSacha

README.md

@@ -865,7 +865,7 @@ async def main():
         client_metadata=OAuthClientMetadata(
             client_name="My Client",
             redirect_uris=["http://localhost:3000/callback"],
-            grant_types=["urn:ietf:params:oauth:grant-type:token-exchange"],
+            grant_types=["token-exchange"],
             response_types=["code"],
         ),
         storage=CustomTokenStorage(),

src/mcp/client/auth.py

@@ -689,7 +689,7 @@ def __init__(
         client_metadata: OAuthClientMetadata,
         storage: TokenStorage,
         subject_token_supplier: Callable[[], Awaitable[str]],
-        subject_token_type: str = "urn:ietf:params:oauth:token-type:access_token",
+        subject_token_type: str = "access_token",
         actor_token_supplier: Callable[[], Awaitable[str]] | None = None,
         actor_token_type: str | None = None,
         audience: str | None = None,
@@ -722,7 +722,7 @@ async def _request_token(self) -> None:
         )
 
         token_data = {
-            "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+            "grant_type": "token-exchange",
             "client_id": client_info.client_id,
             "subject_token": subject_token,
             "subject_token_type": self.subject_token_type,

src/mcp/server/auth/handlers/register.py

@@ -78,7 +78,7 @@ async def handle(self, request: Request) -> Response:
         valid_sets = [
             {"authorization_code", "refresh_token"},
             {"client_credentials"},
-            {"urn:ietf:params:oauth:grant-type:token-exchange"},
+            {"token-exchange"},
         ]
 
         if grant_types_set not in valid_sets:

src/mcp/server/auth/handlers/token.py

@@ -58,7 +58,7 @@ class ClientCredentialsRequest(BaseModel):
 class TokenExchangeRequest(BaseModel):
     """RFC 8693 token exchange request."""
 
-    grant_type: Literal["urn:ietf:params:oauth:grant-type:token-exchange"]
+    grant_type: Literal["token-exchange"]
     subject_token: str = Field(..., description="Token to exchange")
     subject_token_type: str = Field(..., description="Type of the subject token")
     actor_token: str | None = Field(None, description="Optional actor token")

src/mcp/server/auth/routes.py

@@ -168,7 +168,7 @@ def build_metadata(
             "authorization_code",
             "refresh_token",
             "client_credentials",
-            "urn:ietf:params:oauth:grant-type:token-exchange",
+            "token-exchange",
         ],
         token_endpoint_auth_methods_supported=["client_secret_post"],
         token_endpoint_auth_signing_alg_values_supported=None,

src/mcp/shared/auth.py

@@ -46,7 +46,7 @@ class OAuthClientMetadata(BaseModel):
             "authorization_code",
             "refresh_token",
             "client_credentials",
-            "urn:ietf:params:oauth:grant-type:token-exchange",
+            "token-exchange",
         ]
     ] = [
         "authorization_code",
@@ -127,7 +127,7 @@ class OAuthMetadata(BaseModel):
                 "authorization_code",
                 "refresh_token",
                 "client_credentials",
-                "urn:ietf:params:oauth:grant-type:token-exchange",
+                "token-exchange",
             ]
         ]
         | None

tests/server/fastmcp/auth/test_auth_integration.py

@@ -1362,14 +1362,14 @@ async def test_metadata_includes_token_exchange(
         assert response.status_code == 200
         metadata = response.json()
         assert (
-            "urn:ietf:params:oauth:grant-type:token-exchange"
+            "token-exchange"
             in metadata["grant_types_supported"]
         )
 
     @pytest.mark.anyio
     @pytest.mark.parametrize(
         "registered_client",
-        [{"grant_types": ["urn:ietf:params:oauth:grant-type:token-exchange"]}],
+        [{"grant_types": ["token-exchange"]}],
         indirect=True,
     )
     async def test_token_exchange_success(
@@ -1378,11 +1378,11 @@ async def test_token_exchange_success(
         response = await test_client.post(
             "/token",
             data={
-                "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+                "grant_type": "token-exchange",
                 "client_id": registered_client["client_id"],
                 "client_secret": registered_client["client_secret"],
                 "subject_token": "good_token",
-                "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
+                "subject_token_type": "access_token",
             },
         )
         assert response.status_code == 200
@@ -1392,7 +1392,7 @@ async def test_token_exchange_success(
     @pytest.mark.anyio
     @pytest.mark.parametrize(
         "registered_client",
-        [{"grant_types": ["urn:ietf:params:oauth:grant-type:token-exchange"]}],
+        [{"grant_types": ["token-exchange"]}],
         indirect=True,
     )
     async def test_token_exchange_invalid_subject(
@@ -1401,11 +1401,11 @@ async def test_token_exchange_invalid_subject(
         response = await test_client.post(
             "/token",
             data={
-                "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+                "grant_type": "token-exchange",
                 "client_id": registered_client["client_id"],
                 "client_secret": registered_client["client_secret"],
                 "subject_token": "bad_token",
-                "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
+                "subject_token_type": "access_token",
             },
         )
         assert response.status_code == 400