add client_id_metadata_document_supported flag

Author: martimfasantos

src/mcp/server/auth/routes.py

@@ -172,6 +172,9 @@ def build_metadata(
         op_tos_uri=None,
         introspection_endpoint=None,
         code_challenge_methods_supported=["S256"],
+        client_id_metadata_document_supported=(
+            client_registration_options.client_id_metadata_document_supported
+        ),
     )
 
     # Add registration endpoint if supported

src/mcp/server/auth/settings.py

@@ -6,6 +6,7 @@ class ClientRegistrationOptions(BaseModel):
     client_secret_expiry_seconds: int | None = None
     valid_scopes: list[str] | None = None
     default_scopes: list[str] | None = None
+    client_id_metadata_document_supported: bool = False
 
 
 class RevocationOptions(BaseModel):

tests/client/test_auth.py

@@ -1352,6 +1352,7 @@ def test_build_metadata(
             "revocation_endpoint": Is(revocation_endpoint),
             "revocation_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"],
             "code_challenge_methods_supported": ["S256"],
+            "client_id_metadata_document_supported": Is(bool)
         }
     )
 

tests/server/mcpserver/auth/test_auth_integration.py

@@ -303,6 +303,32 @@ async def auth_code(
 
 
 class TestAuthEndpoints:
+    @pytest.mark.anyio
+    async def test_metadata_endpoint_with_client_id_metadata_document_supported(self):
+        """Test metadata endpoint when client_id_metadata_document_supported is enabled."""
+        mock_provider = MockOAuthProvider()
+        auth_routes = create_auth_routes(
+            mock_provider,
+            AnyHttpUrl("https://auth.example.com"),
+            AnyHttpUrl("https://docs.example.com"),
+            client_registration_options=ClientRegistrationOptions(
+                enabled=True,
+                valid_scopes=["read", "write"],
+                client_id_metadata_document_supported=True,
+            ),
+            revocation_options=RevocationOptions(enabled=True),
+        )
+        app = Starlette(routes=auth_routes)
+
+        async with httpx.AsyncClient(
+            transport=httpx.ASGITransport(app=app), base_url="https://mcptest.com"
+        ) as client:
+            response = await client.get("/.well-known/oauth-authorization-server")
+            assert response.status_code == 200
+
+            metadata = response.json()
+            assert metadata["client_id_metadata_document_supported"] is True
+
     @pytest.mark.anyio
     async def test_metadata_endpoint(self, test_client: httpx.AsyncClient):
         """Test the OAuth 2.0 metadata endpoint."""
@@ -318,6 +344,7 @@ async def test_metadata_endpoint(self, test_client: httpx.AsyncClient):
         assert metadata["revocation_endpoint"] == "https://auth.example.com/revoke"
         assert metadata["response_types_supported"] == ["code"]
         assert metadata["code_challenge_methods_supported"] == ["S256"]
+        assert metadata["client_id_metadata_document_supported"] is False
         assert metadata["token_endpoint_auth_methods_supported"] == ["client_secret_post", "client_secret_basic"]
         assert metadata["grant_types_supported"] == [
             "authorization_code",