merge with recent branch

Author: SoldierSacha

examples/servers/simple-auth/mcp_simple_auth/github_oauth_provider.py

@@ -245,6 +245,28 @@ async def revoke_token(self, token: str, token_type_hint: str | None = None) ->
         if token in self.tokens:
             del self.tokens[token]
 
+    async def exchange_client_credentials(
+        self,
+        client: OAuthClientInformationFull,
+        scopes: list[str],
+    ) -> OAuthToken:
+        """Client credentials flow is not supported in this example."""
+        raise NotImplementedError("client_credentials not supported")
+
+    async def exchange_token(
+        self,
+        client: OAuthClientInformationFull,
+        subject_token: str,
+        subject_token_type: str,
+        actor_token: str | None,
+        actor_token_type: str | None,
+        scope: list[str] | None,
+        audience: str | None,
+        resource: str | None,
+    ) -> OAuthToken:
+        """Token exchange is not supported in this example."""
+        raise NotImplementedError("token_exchange not supported")
+
     async def get_github_user_info(self, mcp_token: str) -> dict[str, Any]:
         """Get GitHub user info using MCP token."""
         github_token = self.token_mapping.get(mcp_token)

src/mcp/client/auth.py

@@ -119,15 +119,15 @@ def update_token_expiry(self, token: OAuthToken) -> None:
             self.token_expiry_time = None
 
     def is_token_valid(self) -> bool:
-        """Check if current token is valid."""
+        """Check if the current token is valid."""
         return bool(
             self.current_tokens
             and self.current_tokens.access_token
             and (not self.token_expiry_time or time.time() <= self.token_expiry_time)
         )
 
     def can_refresh_token(self) -> bool:
-        """Check if token can be refreshed."""
+        """Check if the token can be refreshed."""
         return bool(self.current_tokens and self.current_tokens.refresh_token and self.client_info)
 
     def clear_tokens(self) -> None:
@@ -496,12 +496,14 @@ def __init__(
         server_url: str,
         client_metadata: OAuthClientMetadata,
         storage: TokenStorage,
+        resource: str | None = None,
         timeout: float = 300.0,
     ):
         self.server_url = server_url
         self.client_metadata = client_metadata
         self.storage = storage
         self.timeout = timeout
+        self.resource = resource or resource_url_from_server_url(server_url)
 
         self._current_tokens: OAuthToken | None = None
         self._metadata: OAuthMetadata | None = None
@@ -626,6 +628,7 @@ async def _request_token(self) -> None:
         token_data = {
             "grant_type": "client_credentials",
             "client_id": client_info.client_id,
+            "resource": self.resource,
         }
 
         if client_info.client_secret:
@@ -692,7 +695,7 @@ def __init__(
         resource: str | None = None,
         timeout: float = 300.0,
     ):
-        super().__init__(server_url, client_metadata, storage, timeout)
+        super().__init__(server_url, client_metadata, storage, resource, timeout)
         self.subject_token_supplier = subject_token_supplier
         self.subject_token_type = subject_token_type
         self.actor_token_supplier = actor_token_supplier

tests/client/test_auth.py

@@ -132,7 +132,7 @@ def oauth_client_info():
 def oauth_token():
     return OAuthToken(
         access_token="test_access_token",
-        token_type="bearer",
+        token_type="Bearer",
         expires_in=3600,
         refresh_token="test_refresh_token",
         scope="read write",
@@ -419,6 +419,8 @@ async def test_request_token_success(
             await client_credentials_provider.ensure_token()
 
             mock_client.post.assert_called_once()
+            args, kwargs = mock_client.post.call_args
+            assert kwargs["data"]["resource"] == "https://api.example.com/v1/mcp"
             assert client_credentials_provider._current_tokens.access_token == oauth_token.access_token
 
     @pytest.mark.anyio
@@ -466,4 +468,6 @@ async def test_request_token_success(
             await token_exchange_provider.ensure_token()
 
             mock_client.post.assert_called_once()
+            args, kwargs = mock_client.post.call_args
+            assert kwargs["data"]["resource"] == "https://api.example.com/v1/mcp"
             assert token_exchange_provider._current_tokens.access_token == oauth_token.access_token