merge with recent branch

Author: SoldierSacha

src/mcp/client/auth/extensions/client_credentials.py

@@ -92,7 +92,7 @@ async def _exchange_token_authorization_code(
 
     async def _perform_authorization(self) -> httpx.Request:  # pragma: no cover
         """Perform the authorization flow."""
-        if "urn:ietf:params:oauth:grant-type:jwt-bearer" in self.context.client_metadata.grant_types:
+        if "jwt-bearer" in self.context.client_metadata.grant_types:
             token_request = await self._exchange_token_jwt_bearer()
             return token_request
         else:
@@ -112,7 +112,7 @@ def _add_client_authentication_jwt(self, *, token_data: dict[str, Any]):  # prag
 
         # When using private_key_jwt, in a client_credentials flow, we use RFC 7523 Section 2.2
         token_data["client_assertion"] = assertion
-        token_data["client_assertion_type"] = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+        token_data["client_assertion_type"] = "jwt-bearer"
         # We need to set the audience to the resource server, the audience is difference from the one in claims
         # it represents the resource server that will validate the token
         token_data["audience"] = self.context.get_resource_url()
@@ -132,7 +132,7 @@ async def _exchange_token_jwt_bearer(self) -> httpx.Request:
         assertion = self.jwt_parameters.to_assertion(with_audience_fallback=issuer)
 
         token_data = {
-            "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
+            "grant_type": "jwt-bearer",
             "assertion": assertion,
         }
 

src/mcp/shared/auth.py

@@ -54,7 +54,7 @@ class OAuthClientMetadata(BaseModel):
             "client_credentials",
             "token_exchange",
             "device_code",
-            "urn:ietf:params:oauth:grant-type:jwt-bearer",
+            "jwt-bearer",
         ]
         | str
     ] = [

tests/client/auth/extensions/test_client_credentials.py

@@ -70,7 +70,7 @@ async def test_token_exchange_request_jwt_predefined(self, rfc7523_oauth_provide
         """Test token exchange request building with a predefined JWT assertion."""
         # Set up required context
         rfc7523_oauth_provider.context.client_info = OAuthClientInformationFull(
-            grant_types=["urn:ietf:params:oauth:grant-type:jwt-bearer"],
+            grant_types=["jwt-bearer"],
             token_endpoint_auth_method="private_key_jwt",
             redirect_uris=None,
             scope="read write",
@@ -96,7 +96,7 @@ async def test_token_exchange_request_jwt_predefined(self, rfc7523_oauth_provide
 
         # Check form data
         content = urllib.parse.unquote_plus(request.content.decode())
-        assert "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" in content
+        assert "grant_type=jwt-bearer" in content
         assert "scope=read write" in content
         assert "resource=https://api.example.com/v1/mcp" in content
         assert (
@@ -109,7 +109,7 @@ async def test_token_exchange_request_jwt(self, rfc7523_oauth_provider: RFC7523O
         """Test token exchange request building wiith a generated JWT assertion."""
         # Set up required context
         rfc7523_oauth_provider.context.client_info = OAuthClientInformationFull(
-            grant_types=["urn:ietf:params:oauth:grant-type:jwt-bearer"],
+            grant_types=["jwt-bearer"],
             token_endpoint_auth_method="private_key_jwt",
             redirect_uris=None,
             scope="read write",
@@ -143,7 +143,7 @@ async def test_token_exchange_request_jwt(self, rfc7523_oauth_provider: RFC7523O
 
         # Check form data
         content = urllib.parse.unquote_plus(request.content.decode()).split("&")
-        assert "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" in content
+        assert "grant_type=jwt-bearer" in content
         assert "scope=read write" in content
         assert "resource=https://api.example.com/v1/mcp" in content
 

tests/unit/client/test_oauth2_providers.py

@@ -400,7 +400,7 @@ async def provide_actor() -> str:
         subject_token_supplier=provide_subject,
         subject_token_type="access_token",
         actor_token_supplier=provide_actor,
-        actor_token_type="urn:ietf:params:oauth:token-type:jwt",
+        actor_token_type="jwt",
         audience="https://audience.example.com",
         resource="https://resource.example.com",
     )
@@ -454,6 +454,7 @@ async def provide_subject() -> str:
 async def test_token_exchange_validate_token_scopes_rejects_extra() -> None:
     storage = InMemoryStorage()
     client_metadata = OAuthClientMetadata(redirect_uris=["https://client.example.com/callback"], scope="alpha")
+
     async def provide_subject() -> str:
         return "subject-token"
 

tests/unit/server/auth/test_token_handler.py

@@ -61,9 +61,7 @@ async def load_refresh_token(self, client_info: object, token: str) -> object:
         assert token == "refresh-token"
         return self.refresh_token
 
-    async def exchange_refresh_token(
-        self, client_info: object, refresh_token: object, scopes: list[str]
-    ) -> OAuthToken:
+    async def exchange_refresh_token(self, client_info: object, refresh_token: object, scopes: list[str]) -> OAuthToken:
         return OAuthToken(access_token="refreshed-token")