@@ -5220,6 +5220,57 @@ def __post_init__(self) -> None:
52205220 transports = ("streamable-http" ,),
52215221 note = "OAuth is HTTP-only." ,
52225222 ),
5223+ "client-auth:stepup:retry-cap" : Requirement (
5224+ source = f"{ SPEC_BASE_URL } /basic/authorization#step-up-authorization-flow" ,
5225+ behavior = (
5226+ "Step-up re-authorization is bounded per request send: one re-authorization and one "
5227+ "retry, after which a further insufficient_scope 403 on the retried request "
5228+ "surfaces to the caller as an error without another authorization attempt."
5229+ ),
5230+ transports = ("streamable-http" ,),
5231+ note = (
5232+ "OAuth is HTTP-only. The bound is structural -- the auth flow performs at most one "
5233+ "step-up before its generator ends -- not a configurable retry count; the surfaced "
5234+ "error is the transport's INTERNAL_ERROR stand-in for a non-2xx final response. "
5235+ "Cross-request attempt tracking is the separate deferred "
5236+ "client-auth:stepup:attempt-tracking."
5237+ ),
5238+ ),
5239+ "client-auth:stepup:get-stream-403" : Requirement (
5240+ source = f"{ SPEC_BASE_URL } /basic/authorization#step-up-authorization-flow" ,
5241+ behavior = (
5242+ "A 403 insufficient_scope challenge on the standalone GET stream open receives the "
5243+ "same step-up handling as the POST path: the scope union is re-authorized once and "
5244+ "the stream is established on the retried GET with the upgraded token."
5245+ ),
5246+ transports = ("streamable-http" ,),
5247+ removed_in = "2026-07-28" ,
5248+ note = (
5249+ "OAuth is HTTP-only. The standalone GET stream is a 2025-11-25 transport mechanism "
5250+ "removed at 2026-07-28; the auth suite's legacy-mode connect is its natural home. "
5251+ "The uniformity is structural (the OAuth provider wraps every request the transport "
5252+ "issues), but the GET leg's choreography is pinned because a failed step-up there "
5253+ "would otherwise vanish into the stream's silent reconnect loop."
5254+ ),
5255+ ),
5256+ "client-auth:stepup:attempt-tracking" : Requirement (
5257+ source = f"{ SPEC_BASE_URL } /basic/authorization#step-up-authorization-flow" ,
5258+ behavior = (
5259+ "The client tracks scope-upgrade attempts across request sends to avoid repeated "
5260+ "failures for the same resource and operation combination."
5261+ ),
5262+ transports = ("streamable-http" ,),
5263+ note = "OAuth is HTTP-only. The per-send bound is client-auth:stepup:retry-cap." ,
5264+ deferred = (
5265+ "Not implemented in the SDK: the client OAuth provider keeps no cross-request memory "
5266+ "of scope-upgrade attempts. The 403 insufficient_scope branch "
5267+ "(src/mcp/client/auth/oauth2.py:704-734) performs one inline step-up per send with no "
5268+ "attempt counter and no (resource, operation) key, and OAuthContext (oauth2.py:98) "
5269+ "carries no field recording prior step-up failures, so a second send for the same "
5270+ "resource and operation re-attempts the upgrade unconditionally. The per-send "
5271+ '"repeated 403s do not loop" half of this spec line is client-auth:403-scope-upgrade.'
5272+ ),
5273+ ),
52235274 "client-auth:as-metadata-discovery:priority-order" : Requirement (
52245275 source = f"{ SPEC_BASE_URL } /basic/authorization#authorization-server-metadata-discovery" ,
52255276 behavior = (
@@ -5306,12 +5357,68 @@ def __post_init__(self) -> None:
53065357 transports = ("streamable-http" ,),
53075358 note = "OAuth is HTTP-only." ,
53085359 ),
5309- "client-auth:as-binding" : Requirement (
5360+ "client-auth:dcr:app-type-heuristic" : Requirement (
5361+ source = (
5362+ f"{ SPEC_2026_BASE_URL } "
5363+ "/basic/authorization/client-registration#application-type-and-redirect-uri-constraints"
5364+ ),
5365+ behavior = (
5366+ "When the client metadata does not set application_type, dynamic client "
5367+ "registration derives it from the redirect URIs: a loopback host or custom URI "
5368+ "scheme yields 'native', otherwise 'web' (SEP-837)."
5369+ ),
5370+ added_in = "2026-07-28" ,
5371+ transports = ("streamable-http" ,),
5372+ note = (
5373+ "OAuth is HTTP-only. The spec MUST (always send an application_type) IS satisfied "
5374+ "at this pin: OAuthClientMetadata defaults the field to 'native' and every "
5375+ "registration body carries it, pinned incidentally by the "
5376+ "client-auth:dcr:grant-types-default body snapshot. Only the derive-from-redirect-"
5377+ "URIs strategy for the 'web' SHOULD is unimplemented; a web-app consumer sets "
5378+ "application_type='web' explicitly and it is transmitted verbatim."
5379+ ),
5380+ deferred = (
5381+ "Not implemented in the SDK: application_type is a static model default ('native') "
5382+ "on OAuthClientMetadata (src/mcp/shared/auth.py); no code path inspects the "
5383+ "redirect URIs to choose between 'native' and 'web'."
5384+ ),
5385+ ),
5386+ "client-auth:dcr:grant-types-default" : Requirement (
5387+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#refresh-tokens" ,
5388+ behavior = (
5389+ "When the client metadata does not set grant_types, the dynamic-registration "
5390+ "request carries ['authorization_code', 'refresh_token'] so the authorization "
5391+ "server may issue refresh tokens (SEP-2207); a consumer-set grant_types is sent "
5392+ "verbatim, never rewritten."
5393+ ),
5394+ added_in = "2026-07-28" ,
5395+ transports = ("streamable-http" ,),
5396+ note = (
5397+ "OAuth is HTTP-only. A SHOULD. Python implements the default on the "
5398+ "OAuthClientMetadata model (a field default), not in registration code, so it is "
5399+ "present from construction -- wire-observably identical to injecting it at "
5400+ "registration time, which is what the registration body pins."
5401+ ),
5402+ ),
5403+ "client-auth:as-binding:reregister" : Requirement (
5404+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization/client-registration#authorization-server-binding" ,
5405+ behavior = (
5406+ "Stored client credentials are bound to the issuer that registered them; when the "
5407+ "authorization server changes, the client discards them and re-registers with the "
5408+ "new authorization server (SEP-2352)."
5409+ ),
5410+ added_in = "2026-07-28" ,
5411+ transports = ("streamable-http" ,),
5412+ note = "OAuth is HTTP-only." ,
5413+ ),
5414+ "client-auth:as-binding:no-cred-reuse" : Requirement (
53105415 source = f"{ SPEC_2026_BASE_URL } /basic/authorization/client-registration#authorization-server-binding" ,
53115416 behavior = (
5312- "Stored client credentials are bound to the issuer that registered them; when the authorization "
5313- "server changes, the client discards them and re-registers rather than reusing them (SEP-2352)."
5417+ "When the authorization server changes, the client never reuses credentials from "
5418+ "the previous authorization server: the stale client_id reaches neither the "
5419+ "authorize nor the token endpoint (SEP-2352)."
53145420 ),
5421+ added_in = "2026-07-28" ,
53155422 transports = ("streamable-http" ,),
53165423 note = "OAuth is HTTP-only." ,
53175424 ),
@@ -5406,6 +5513,29 @@ def __post_init__(self) -> None:
54065513 transports = ("streamable-http" ,),
54075514 note = "OAuth is HTTP-only." ,
54085515 ),
5516+ "client-auth:refresh:rotation-handling" : Requirement (
5517+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#refresh-tokens" ,
5518+ behavior = (
5519+ "On a refresh-token exchange, a new refresh_token in the response replaces the "
5520+ "stored one, and a response that omits refresh_token leaves the stored one in "
5521+ "place -- the client never assumes a refresh token will be issued "
5522+ "(RFC 6749 section 6 / SEP-2207)."
5523+ ),
5524+ transports = ("streamable-http" ,),
5525+ note = (
5526+ "OAuth is HTTP-only. No added_in: the replace/preserve mechanics are RFC 6749 "
5527+ "section 6 client behaviour that predates the 2026 Refresh Tokens section restating "
5528+ "them (the add plan classifies this entry era PRE-EXISTING), and the auth tests "
5529+ "bypass the connect fixture so era fields drive no cells. The follow-on claim -- "
5530+ "the NEXT refresh presents the rotated token -- is real-time-bound at this pin: a "
5531+ "token that is already expired when its refresh response arrives is not refreshed "
5532+ "again on the same request; the request goes out unauthenticated and 401s into a "
5533+ "full re-authorization (oauth2.py sends at most one refresh per request and only "
5534+ "attaches a bearer it considers valid), so a second same-connection refresh cannot "
5535+ "be driven without wall-clock waits. The tests therefore pin replacement and "
5536+ "preservation at the storage/wire seam of a single refresh."
5537+ ),
5538+ ),
54095539 "client-auth:refresh:transparent" : Requirement (
54105540 source = "sdk" ,
54115541 behavior = (
@@ -5460,12 +5590,127 @@ def __post_init__(self) -> None:
54605590 transports = ("streamable-http" ,),
54615591 note = "OAuth is HTTP-only." ,
54625592 ),
5593+ "client-auth:iss:match" : Requirement (
5594+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5595+ behavior = (
5596+ "When the authorization server's metadata advertises "
5597+ "authorization_response_iss_parameter_supported and the callback's iss equals the "
5598+ "recorded metadata issuer, the client proceeds to redeem the authorization code "
5599+ "(RFC 9207 validation table row 1)."
5600+ ),
5601+ added_in = "2026-07-28" ,
5602+ transports = ("streamable-http" ,),
5603+ note = "OAuth is HTTP-only." ,
5604+ ),
5605+ "client-auth:iss:no-normalize" : Requirement (
5606+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5607+ behavior = (
5608+ "The iss comparison is simple string comparison (RFC 3986 section 6.2.1): a value "
5609+ "differing from the recorded issuer only by a trailing slash is rejected as a "
5610+ "mismatch -- no scheme or host case folding, default-port elision, trailing-slash, "
5611+ "or percent-encoding normalization is applied before comparison."
5612+ ),
5613+ added_in = "2026-07-28" ,
5614+ transports = ("streamable-http" ,),
5615+ note = (
5616+ "OAuth is HTTP-only. The comparison is a single string inequality; the test pins the "
5617+ "trailing-slash arm as the representative normalization class."
5618+ ),
5619+ ),
5620+ "client-auth:iss:supported-missing-reject" : Requirement (
5621+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5622+ behavior = (
5623+ "When the authorization server's metadata advertises "
5624+ "authorization_response_iss_parameter_supported: true and the callback carries no "
5625+ "iss, the client rejects the authorization response before redeeming the code "
5626+ "(RFC 9207 validation table row 2)."
5627+ ),
5628+ added_in = "2026-07-28" ,
5629+ transports = ("streamable-http" ,),
5630+ note = "OAuth is HTTP-only." ,
5631+ ),
5632+ "client-auth:iss:unadvertised-proceed" : Requirement (
5633+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5634+ behavior = (
5635+ "When the authorization server's metadata does not advertise "
5636+ "authorization_response_iss_parameter_supported and the callback carries no iss, "
5637+ "the client proceeds with the code exchange (RFC 9207 validation table row 4)."
5638+ ),
5639+ added_in = "2026-07-28" ,
5640+ transports = ("streamable-http" ,),
5641+ note = "OAuth is HTTP-only." ,
5642+ ),
5643+ "client-auth:iss:unadvertised-present-validated" : Requirement (
5644+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5645+ behavior = (
5646+ "A present iss is validated against the recorded issuer regardless of metadata "
5647+ "advertisement (RFC 9207 validation table row 3, where this specification "
5648+ "deliberately exceeds RFC 9207's local-policy provision): a matching iss proceeds "
5649+ "and a mismatching iss is rejected."
5650+ ),
5651+ added_in = "2026-07-28" ,
5652+ transports = ("streamable-http" ,),
5653+ note = (
5654+ "OAuth is HTTP-only. Covered by two tests: the match half directly, and the "
5655+ "mismatch half by the client-auth:iss:mismatch-reject test, which drives a "
5656+ "mismatched iss against the suite's unadvertising authorization server."
5657+ ),
5658+ ),
5659+ "client-auth:iss:error-response-validated" : Requirement (
5660+ source = f"{ SPEC_2026_BASE_URL } /basic/authorization#authorization-response-validation" ,
5661+ behavior = (
5662+ "iss validation applies equally to error responses: a mismatched iss on an error "
5663+ "callback is rejected before the flow acts on the response, and on mismatch the "
5664+ "client must not act on or display error, error_description, or error_uri."
5665+ ),
5666+ added_in = "2026-07-28" ,
5667+ transports = ("streamable-http" ,),
5668+ note = (
5669+ "OAuth is HTTP-only. The non-surfacing half holds by construction: the callback "
5670+ "contract (AuthorizationCodeResult) carries no error fields, so those values never "
5671+ "enter the SDK; the test pins the observable half -- the iss mismatch is raised in "
5672+ "preference to the missing-authorization-code failure."
5673+ ),
5674+ ),
54635675 "client-auth:token-endpoint-auth-method" : Requirement (
54645676 source = "sdk" ,
54655677 behavior = "The client authenticates to the token endpoint using the auth method established at registration." ,
54665678 transports = ("streamable-http" ,),
54675679 note = "OAuth is HTTP-only." ,
54685680 ),
5681+ "client-auth:token-error:machine-readable-code" : Requirement (
5682+ source = "sdk" ,
5683+ behavior = (
5684+ "An RFC 6749 error response from the token endpoint (e.g. invalid_grant, "
5685+ "invalid_client, on either the authorization-code exchange or a refresh) surfaces "
5686+ "to the caller as a typed OAuth error carrying the wire error code as a "
5687+ "machine-readable field, not only embedded in the message text."
5688+ ),
5689+ transports = ("streamable-http" ,),
5690+ note = "OAuth is HTTP-only. The weak testable sibling is client-auth:token:error-surfaces." ,
5691+ deferred = (
5692+ "Not implemented in the SDK: OAuthTokenError (src/mcp/client/auth/exceptions.py) "
5693+ "carries only a message string; the token-response handler embeds the RFC 6749 "
5694+ "error body in an f-string and the refresh-response handler clears tokens without "
5695+ "reading the body (src/mcp/client/auth/oauth2.py), so there is no machine-readable "
5696+ "error code for a caller to branch on."
5697+ ),
5698+ ),
5699+ "client-auth:token:error-surfaces" : Requirement (
5700+ source = "sdk" ,
5701+ behavior = (
5702+ "A non-2xx response from the token endpoint on the authorization-code exchange "
5703+ "aborts the flow and surfaces to the caller as an error naming the HTTP status; "
5704+ "the flow does not loop, and no request is ever sent with a bearer token."
5705+ ),
5706+ transports = ("streamable-http" ,),
5707+ note = (
5708+ "OAuth is HTTP-only. Completes the endpoint error-surfaces family alongside "
5709+ "client-auth:authorize:error-surfaces and "
5710+ "client-auth:dcr:registration-rejected-error; the machine-readable half is "
5711+ "client-auth:token-error:machine-readable-code (deferred)."
5712+ ),
5713+ ),
54695714 "client-auth:token-provenance" : Requirement (
54705715 source = f"{ SPEC_BASE_URL } /basic/authorization#token-handling" ,
54715716 behavior = (
0 commit comments