Skip to content

fix: add OpenID Connect discovery support per spec-2025-11-25 4.3 #598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tanish111 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: add OpenID Connect discovery support per spec-2025-11-25 4.3 #598

tanish111 wants to merge 2 commits into from

Conversation

@tanish111
Copy link
Contributor

@tanish111 tanish111 commented Dec 21, 2025
edited
Loading

Motivation and Context

Previously, discovery only tried OAuth 2.0 Authorization Server Metadata endpoints.
Now follows the spec-mandated priority order (​Version 2025-11-25 Section 4.3 Authorization Server Metadata Discovery):

  • For URLs with path components: OAuth with path insertion → OpenID Connect with path insertion → OpenID Connect with path appending
  • For URLs without path components: OAuth → OpenID Connect
    This ensures interoperability with both OAuth 2.0 and OpenID Connect Discovery 1.0 specifications.

How Has This Been Tested?

Added unit tests for discovery URL generation covering root URLs, single/multiple path segments, and trailing slashes. All existing tests pass;

Breaking Changes

No

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

#597
Typescript Implementation

@tanish111
fix: add OpenID Connect discovery support per spec-2025-11-25 4.3
a517bd4 
Previously only tried OAuth 2.0 endpoints. Now tries OAuth first, then
OpenID Connect Discovery 1.0 in the spec-mandated priority order.

Signed-off-by: tanish111 <tanishdesai37@gmail.com>
@github-actions github-actions bot added T-core Core library changes T-transport Transport layer changes labels Dec 21, 2025
@tanish111
fix: format auth.rs test assertions
59d9c02 
Reformat assert_eq! statements to satisfy rustfmt checks in CI.

Signed-off-by: tanish111 <tanishdesai37@gmail.com>
@tanish111
Copy link
Contributor Author

tanish111 commented Dec 21, 2025

@alexhancock @jokemanfire I identified a minor violation in the metadata discovery priority order and implemented a fix.
Requesting you to review it.

@tanish111
Copy link
Contributor Author

tanish111 commented Dec 21, 2025

This will also be required to add full support for OpenID Connect and to implement SEP-990.

@tanish111 tanish111 mentioned this pull request Dec 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

T-core Core library changes T-transport Transport layer changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tanish111