Skip to content

fix: accept HTTP 201 status code in token exchange #1503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pcarleton merged 4 commits into from
Dec 19, 2025
Merged

fix: accept HTTP 201 status code in token exchange #1503

pcarleton merged 4 commits into from
Dec 19, 2025
+111 −1

Conversation

@jnjpng
Copy link
Contributor

@jnjpng jnjpng commented Oct 21, 2025

Accept HTTP 201 status code in addition to 200 for successful OAuth token exchanges.

Motivation and Context

Fixes #1502, some OAuth servers (like Supabase) return 201 Created instead of 200 OK for successful token exchanges. The OAuth 2.0 spec doesn't mandate a specific success status code, so we should accept both 200 and 201.

How Has This Been Tested?

Tested locally against remote MCP servers that return this status code, and ran the tests specified in the contribution guide.
image

Breaking Changes

No.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@jnjpng
fix: accept HTTP 201 status code in token exchange
27d1566 
Fixes modelcontextprotocol#1502

Some OAuth servers (like Supabase) return 201 Created instead of 200 OK
for successful token exchanges. The OAuth 2.0 spec doesn't mandate a
specific success status code, so we should accept both 200 and 201.
@jnjpng jnjpng force-pushed the fix-oauth-token-status-codes branch from 3c482be to 27d1566 Compare October 21, 2025 19:09
@felixweinberger felixweinberger added bug Something isn't working auth Issues and PRs related to Authentication / OAuth enhancement and removed bug Something isn't working labels Oct 24, 2025
pcarleton
pcarleton requested changes Oct 24, 2025
View reviewed changes
Copy link
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change looks good, can you please add a test?

@felixweinberger felixweinberger added the needs more work Not ready to be merged yet, needs additional follow-up from the author(s). label Oct 24, 2025
@jnjpng jnjpng requested a review from pcarleton November 3, 2025 22:21
@jnjpng
Copy link
Contributor Author

jnjpng commented Nov 3, 2025

@pcarleton done! let me know if this look good

@felixweinberger felixweinberger added enhancement Request for a new feature that's not currently supported and removed enhancement deprecated labels Nov 12, 2025
@jnjpng
Copy link
Contributor Author

jnjpng commented Dec 15, 2025
edited
Loading

@pcarleton what's the status on this?

pcarleton
pcarleton previously approved these changes Dec 19, 2025
View reviewed changes
@pcarleton pcarleton enabled auto-merge (squash) December 19, 2025 18:18
@pcarleton
Copy link
Member

pcarleton commented Dec 19, 2025

@jnjpng sorry about that, missed the ping on this

@pcarleton pcarleton merged commit a9cc822 into modelcontextprotocol:main Dec 19, 2025
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton approved these changes

Assignees

No one assigned

Labels

auth Issues and PRs related to Authentication / OAuth enhancement Request for a new feature that's not currently supported needs more work Not ready to be merged yet, needs additional follow-up from the author(s).

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

_handle_token_response should accept 201 responses

3 participants

@jnjpng @pcarleton @felixweinberger