Add tests for create_client_registration_request and mark defensive code

Add tests to cover the fallback path in create_client_registration_request
when auth_server_metadata is None or lacks a registration_endpoint.

Mark the exception handler in is_valid_client_metadata_url as pragma: no cover
since urlparse rarely throws exceptions and this is purely defensive code.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: pcarleton

src/mcp/client/auth/utils.py

@@ -259,7 +259,7 @@ def is_valid_client_metadata_url(url: str | None) -> bool:
     try:
         parsed = urlparse(url)
         return parsed.scheme == "https" and parsed.path not in ("", "/")
-    except Exception:
+    except Exception:  # pragma: no cover
         return False
 
 

tests/client/test_auth.py

@@ -18,6 +18,7 @@
     build_oauth_authorization_server_metadata_discovery_urls,
     build_protected_resource_metadata_discovery_urls,
     create_client_info_from_metadata_url,
+    create_client_registration_request,
     create_oauth_metadata_request,
     extract_field_from_www_auth,
     extract_resource_metadata_from_www_auth,
@@ -948,6 +949,49 @@ def text(self):
         assert "Registration failed: 400" in str(exc_info.value)
 
 
+class TestCreateClientRegistrationRequest:
+    """Test client registration request creation."""
+
+    def test_uses_registration_endpoint_from_metadata(self):
+        """Test that registration URL comes from metadata when available."""
+        oauth_metadata = OAuthMetadata(
+            issuer=AnyHttpUrl("https://auth.example.com"),
+            authorization_endpoint=AnyHttpUrl("https://auth.example.com/authorize"),
+            token_endpoint=AnyHttpUrl("https://auth.example.com/token"),
+            registration_endpoint=AnyHttpUrl("https://auth.example.com/register"),
+        )
+        client_metadata = OAuthClientMetadata(redirect_uris=[AnyHttpUrl("http://localhost:3000/callback")])
+
+        request = create_client_registration_request(oauth_metadata, client_metadata, "https://auth.example.com")
+
+        assert str(request.url) == "https://auth.example.com/register"
+        assert request.method == "POST"
+
+    def test_falls_back_to_default_register_endpoint_when_no_metadata(self):
+        """Test that registration uses fallback URL when auth_server_metadata is None."""
+        client_metadata = OAuthClientMetadata(redirect_uris=[AnyHttpUrl("http://localhost:3000/callback")])
+
+        request = create_client_registration_request(None, client_metadata, "https://auth.example.com")
+
+        assert str(request.url) == "https://auth.example.com/register"
+        assert request.method == "POST"
+
+    def test_falls_back_when_metadata_has_no_registration_endpoint(self):
+        """Test fallback when metadata exists but lacks registration_endpoint."""
+        oauth_metadata = OAuthMetadata(
+            issuer=AnyHttpUrl("https://auth.example.com"),
+            authorization_endpoint=AnyHttpUrl("https://auth.example.com/authorize"),
+            token_endpoint=AnyHttpUrl("https://auth.example.com/token"),
+            # No registration_endpoint
+        )
+        client_metadata = OAuthClientMetadata(redirect_uris=[AnyHttpUrl("http://localhost:3000/callback")])
+
+        request = create_client_registration_request(oauth_metadata, client_metadata, "https://auth.example.com")
+
+        assert str(request.url) == "https://auth.example.com/register"
+        assert request.method == "POST"
+
+
 class TestAuthFlow:
     """Test the auth flow in httpx."""