fix: add OpenID Connect discovery support per spec-2025-11-25 4.3#598
Merged
alexhancock merged 2 commits intomodelcontextprotocol:mainfrom Jan 9, 2026
Merged
fix: add OpenID Connect discovery support per spec-2025-11-25 4.3#598alexhancock merged 2 commits intomodelcontextprotocol:mainfrom
alexhancock merged 2 commits intomodelcontextprotocol:mainfrom
Conversation
Previously only tried OAuth 2.0 endpoints. Now tries OAuth first, then OpenID Connect Discovery 1.0 in the spec-mandated priority order. Signed-off-by: tanish111 <tanishdesai37@gmail.com>
github-actions
bot
added
T-core
Reformat assert_eq! statements to satisfy rustfmt checks in CI. Signed-off-by: tanish111 <tanishdesai37@gmail.com>
Contributor
Author
|
@alexhancock @jokemanfire I identified a minor violation in the metadata discovery priority order and implemented a fix. |
Contributor
Author
|
This will also be required to add full support for OpenID Connect and to implement SEP-990. |
Contributor
Author
Follow up. |
alexhancock
approved these changes
Jan 9, 2026
Contributor
|
@tanish111 Thanks. Sorry for the delay in review |
Contributor
Author
|
@alexhancock thanks for looking at it. |
Merged
takumi-earth
pushed a commit
to earthlings-dev/rmcp
that referenced
this pull request
Jan 27, 2026
…delcontextprotocol#598) * fix: add OpenID Connect discovery support per spec-2025-11-25 4.3 Previously only tried OAuth 2.0 endpoints. Now tries OAuth first, then OpenID Connect Discovery 1.0 in the spec-mandated priority order. Signed-off-by: tanish111 <tanishdesai37@gmail.com> * fix: format auth.rs test assertions Reformat assert_eq! statements to satisfy rustfmt checks in CI. Signed-off-by: tanish111 <tanishdesai37@gmail.com> --------- Signed-off-by: tanish111 <tanishdesai37@gmail.com>
bolinfest
pushed a commit
to openai/codex
that referenced
this pull request
Feb 12, 2026
modelcontextprotocol/rust-sdk#598 in 0.14 broke some MCP oauth (like Linear) and modelcontextprotocol/rust-sdk#641 fixed it in 0.15
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation and Context
Previously, discovery only tried OAuth 2.0 Authorization Server Metadata endpoints.
Now follows the spec-mandated priority order (Version 2025-11-25 Section 4.3 Authorization Server Metadata Discovery):
This ensures interoperability with both OAuth 2.0 and OpenID Connect Discovery 1.0 specifications.
How Has This Been Tested?
Added unit tests for discovery URL generation covering root URLs, single/multiple path segments, and trailing slashes. All existing tests pass;
Breaking Changes
No
Types of changes
Checklist
Additional context
#597
Typescript Implementation