Skip to content

Commit 1d15ea1

Browse files
committed
Cover the auth families: the RFC 9207 iss table, step-up bounds, DCR and refresh
The full iss validation table from the 2026 authorization-response rules: match accepted, trailing-slash difference rejected without normalization (both comparison strings pinned as harness literals so server-side issuer serialization changes cannot invert the test), missing-iss rejected when advertised and tolerated when not, an unadvertised-but-present iss still validated, and an error redirect with a mismatched iss rejected on iss before the missing-code error - the ordering that proves validation applies equally to error responses. Step-up bounds: a second insufficient-scope 403 after one step-up surfaces as an error without another authorize round trip, and a 403 on the GET stream open steps up and reopens with the upgraded token (era-bound: the GET stream is removed at 2026-07-28). DCR defaults (grant_types omitted and passed through verbatim), refresh-token rotation handling at the single-refresh seam (replacement stored, preservation honoured when the server does not rotate), and a non-2xx token response surfacing typed. The as-binding entry splits into its two spec obligations (re-register and no-credential-reuse), both decorating the existing test unchanged. Harness: three small review-approved knobs (iss visibility, code override, persistent step-up shim, non-rotating provider). 16 entries minted (13 tested, 3 deferred), 931 -> 944 cells exact; suite green three runs.
1 parent d85f2b1 commit 1d15ea1

6 files changed

Lines changed: 851 additions & 17 deletions

File tree

tests/interaction/_requirements.py

Lines changed: 248 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5220,6 +5220,57 @@ def __post_init__(self) -> None:
52205220
transports=("streamable-http",),
52215221
note="OAuth is HTTP-only.",
52225222
),
5223+
"client-auth:stepup:retry-cap": Requirement(
5224+
source=f"{SPEC_BASE_URL}/basic/authorization#step-up-authorization-flow",
5225+
behavior=(
5226+
"Step-up re-authorization is bounded per request send: one re-authorization and one "
5227+
"retry, after which a further insufficient_scope 403 on the retried request "
5228+
"surfaces to the caller as an error without another authorization attempt."
5229+
),
5230+
transports=("streamable-http",),
5231+
note=(
5232+
"OAuth is HTTP-only. The bound is structural -- the auth flow performs at most one "
5233+
"step-up before its generator ends -- not a configurable retry count; the surfaced "
5234+
"error is the transport's INTERNAL_ERROR stand-in for a non-2xx final response. "
5235+
"Cross-request attempt tracking is the separate deferred "
5236+
"client-auth:stepup:attempt-tracking."
5237+
),
5238+
),
5239+
"client-auth:stepup:get-stream-403": Requirement(
5240+
source=f"{SPEC_BASE_URL}/basic/authorization#step-up-authorization-flow",
5241+
behavior=(
5242+
"A 403 insufficient_scope challenge on the standalone GET stream open receives the "
5243+
"same step-up handling as the POST path: the scope union is re-authorized once and "
5244+
"the stream is established on the retried GET with the upgraded token."
5245+
),
5246+
transports=("streamable-http",),
5247+
removed_in="2026-07-28",
5248+
note=(
5249+
"OAuth is HTTP-only. The standalone GET stream is a 2025-11-25 transport mechanism "
5250+
"removed at 2026-07-28; the auth suite's legacy-mode connect is its natural home. "
5251+
"The uniformity is structural (the OAuth provider wraps every request the transport "
5252+
"issues), but the GET leg's choreography is pinned because a failed step-up there "
5253+
"would otherwise vanish into the stream's silent reconnect loop."
5254+
),
5255+
),
5256+
"client-auth:stepup:attempt-tracking": Requirement(
5257+
source=f"{SPEC_BASE_URL}/basic/authorization#step-up-authorization-flow",
5258+
behavior=(
5259+
"The client tracks scope-upgrade attempts across request sends to avoid repeated "
5260+
"failures for the same resource and operation combination."
5261+
),
5262+
transports=("streamable-http",),
5263+
note="OAuth is HTTP-only. The per-send bound is client-auth:stepup:retry-cap.",
5264+
deferred=(
5265+
"Not implemented in the SDK: the client OAuth provider keeps no cross-request memory "
5266+
"of scope-upgrade attempts. The 403 insufficient_scope branch "
5267+
"(src/mcp/client/auth/oauth2.py:704-734) performs one inline step-up per send with no "
5268+
"attempt counter and no (resource, operation) key, and OAuthContext (oauth2.py:98) "
5269+
"carries no field recording prior step-up failures, so a second send for the same "
5270+
"resource and operation re-attempts the upgrade unconditionally. The per-send "
5271+
'"repeated 403s do not loop" half of this spec line is client-auth:403-scope-upgrade.'
5272+
),
5273+
),
52235274
"client-auth:as-metadata-discovery:priority-order": Requirement(
52245275
source=f"{SPEC_BASE_URL}/basic/authorization#authorization-server-metadata-discovery",
52255276
behavior=(
@@ -5306,12 +5357,68 @@ def __post_init__(self) -> None:
53065357
transports=("streamable-http",),
53075358
note="OAuth is HTTP-only.",
53085359
),
5309-
"client-auth:as-binding": Requirement(
5360+
"client-auth:dcr:app-type-heuristic": Requirement(
5361+
source=(
5362+
f"{SPEC_2026_BASE_URL}"
5363+
"/basic/authorization/client-registration#application-type-and-redirect-uri-constraints"
5364+
),
5365+
behavior=(
5366+
"When the client metadata does not set application_type, dynamic client "
5367+
"registration derives it from the redirect URIs: a loopback host or custom URI "
5368+
"scheme yields 'native', otherwise 'web' (SEP-837)."
5369+
),
5370+
added_in="2026-07-28",
5371+
transports=("streamable-http",),
5372+
note=(
5373+
"OAuth is HTTP-only. The spec MUST (always send an application_type) IS satisfied "
5374+
"at this pin: OAuthClientMetadata defaults the field to 'native' and every "
5375+
"registration body carries it, pinned incidentally by the "
5376+
"client-auth:dcr:grant-types-default body snapshot. Only the derive-from-redirect-"
5377+
"URIs strategy for the 'web' SHOULD is unimplemented; a web-app consumer sets "
5378+
"application_type='web' explicitly and it is transmitted verbatim."
5379+
),
5380+
deferred=(
5381+
"Not implemented in the SDK: application_type is a static model default ('native') "
5382+
"on OAuthClientMetadata (src/mcp/shared/auth.py); no code path inspects the "
5383+
"redirect URIs to choose between 'native' and 'web'."
5384+
),
5385+
),
5386+
"client-auth:dcr:grant-types-default": Requirement(
5387+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#refresh-tokens",
5388+
behavior=(
5389+
"When the client metadata does not set grant_types, the dynamic-registration "
5390+
"request carries ['authorization_code', 'refresh_token'] so the authorization "
5391+
"server may issue refresh tokens (SEP-2207); a consumer-set grant_types is sent "
5392+
"verbatim, never rewritten."
5393+
),
5394+
added_in="2026-07-28",
5395+
transports=("streamable-http",),
5396+
note=(
5397+
"OAuth is HTTP-only. A SHOULD. Python implements the default on the "
5398+
"OAuthClientMetadata model (a field default), not in registration code, so it is "
5399+
"present from construction -- wire-observably identical to injecting it at "
5400+
"registration time, which is what the registration body pins."
5401+
),
5402+
),
5403+
"client-auth:as-binding:reregister": Requirement(
5404+
source=f"{SPEC_2026_BASE_URL}/basic/authorization/client-registration#authorization-server-binding",
5405+
behavior=(
5406+
"Stored client credentials are bound to the issuer that registered them; when the "
5407+
"authorization server changes, the client discards them and re-registers with the "
5408+
"new authorization server (SEP-2352)."
5409+
),
5410+
added_in="2026-07-28",
5411+
transports=("streamable-http",),
5412+
note="OAuth is HTTP-only.",
5413+
),
5414+
"client-auth:as-binding:no-cred-reuse": Requirement(
53105415
source=f"{SPEC_2026_BASE_URL}/basic/authorization/client-registration#authorization-server-binding",
53115416
behavior=(
5312-
"Stored client credentials are bound to the issuer that registered them; when the authorization "
5313-
"server changes, the client discards them and re-registers rather than reusing them (SEP-2352)."
5417+
"When the authorization server changes, the client never reuses credentials from "
5418+
"the previous authorization server: the stale client_id reaches neither the "
5419+
"authorize nor the token endpoint (SEP-2352)."
53145420
),
5421+
added_in="2026-07-28",
53155422
transports=("streamable-http",),
53165423
note="OAuth is HTTP-only.",
53175424
),
@@ -5406,6 +5513,29 @@ def __post_init__(self) -> None:
54065513
transports=("streamable-http",),
54075514
note="OAuth is HTTP-only.",
54085515
),
5516+
"client-auth:refresh:rotation-handling": Requirement(
5517+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#refresh-tokens",
5518+
behavior=(
5519+
"On a refresh-token exchange, a new refresh_token in the response replaces the "
5520+
"stored one, and a response that omits refresh_token leaves the stored one in "
5521+
"place -- the client never assumes a refresh token will be issued "
5522+
"(RFC 6749 section 6 / SEP-2207)."
5523+
),
5524+
transports=("streamable-http",),
5525+
note=(
5526+
"OAuth is HTTP-only. No added_in: the replace/preserve mechanics are RFC 6749 "
5527+
"section 6 client behaviour that predates the 2026 Refresh Tokens section restating "
5528+
"them (the add plan classifies this entry era PRE-EXISTING), and the auth tests "
5529+
"bypass the connect fixture so era fields drive no cells. The follow-on claim -- "
5530+
"the NEXT refresh presents the rotated token -- is real-time-bound at this pin: a "
5531+
"token that is already expired when its refresh response arrives is not refreshed "
5532+
"again on the same request; the request goes out unauthenticated and 401s into a "
5533+
"full re-authorization (oauth2.py sends at most one refresh per request and only "
5534+
"attaches a bearer it considers valid), so a second same-connection refresh cannot "
5535+
"be driven without wall-clock waits. The tests therefore pin replacement and "
5536+
"preservation at the storage/wire seam of a single refresh."
5537+
),
5538+
),
54095539
"client-auth:refresh:transparent": Requirement(
54105540
source="sdk",
54115541
behavior=(
@@ -5460,12 +5590,127 @@ def __post_init__(self) -> None:
54605590
transports=("streamable-http",),
54615591
note="OAuth is HTTP-only.",
54625592
),
5593+
"client-auth:iss:match": Requirement(
5594+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5595+
behavior=(
5596+
"When the authorization server's metadata advertises "
5597+
"authorization_response_iss_parameter_supported and the callback's iss equals the "
5598+
"recorded metadata issuer, the client proceeds to redeem the authorization code "
5599+
"(RFC 9207 validation table row 1)."
5600+
),
5601+
added_in="2026-07-28",
5602+
transports=("streamable-http",),
5603+
note="OAuth is HTTP-only.",
5604+
),
5605+
"client-auth:iss:no-normalize": Requirement(
5606+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5607+
behavior=(
5608+
"The iss comparison is simple string comparison (RFC 3986 section 6.2.1): a value "
5609+
"differing from the recorded issuer only by a trailing slash is rejected as a "
5610+
"mismatch -- no scheme or host case folding, default-port elision, trailing-slash, "
5611+
"or percent-encoding normalization is applied before comparison."
5612+
),
5613+
added_in="2026-07-28",
5614+
transports=("streamable-http",),
5615+
note=(
5616+
"OAuth is HTTP-only. The comparison is a single string inequality; the test pins the "
5617+
"trailing-slash arm as the representative normalization class."
5618+
),
5619+
),
5620+
"client-auth:iss:supported-missing-reject": Requirement(
5621+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5622+
behavior=(
5623+
"When the authorization server's metadata advertises "
5624+
"authorization_response_iss_parameter_supported: true and the callback carries no "
5625+
"iss, the client rejects the authorization response before redeeming the code "
5626+
"(RFC 9207 validation table row 2)."
5627+
),
5628+
added_in="2026-07-28",
5629+
transports=("streamable-http",),
5630+
note="OAuth is HTTP-only.",
5631+
),
5632+
"client-auth:iss:unadvertised-proceed": Requirement(
5633+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5634+
behavior=(
5635+
"When the authorization server's metadata does not advertise "
5636+
"authorization_response_iss_parameter_supported and the callback carries no iss, "
5637+
"the client proceeds with the code exchange (RFC 9207 validation table row 4)."
5638+
),
5639+
added_in="2026-07-28",
5640+
transports=("streamable-http",),
5641+
note="OAuth is HTTP-only.",
5642+
),
5643+
"client-auth:iss:unadvertised-present-validated": Requirement(
5644+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5645+
behavior=(
5646+
"A present iss is validated against the recorded issuer regardless of metadata "
5647+
"advertisement (RFC 9207 validation table row 3, where this specification "
5648+
"deliberately exceeds RFC 9207's local-policy provision): a matching iss proceeds "
5649+
"and a mismatching iss is rejected."
5650+
),
5651+
added_in="2026-07-28",
5652+
transports=("streamable-http",),
5653+
note=(
5654+
"OAuth is HTTP-only. Covered by two tests: the match half directly, and the "
5655+
"mismatch half by the client-auth:iss:mismatch-reject test, which drives a "
5656+
"mismatched iss against the suite's unadvertising authorization server."
5657+
),
5658+
),
5659+
"client-auth:iss:error-response-validated": Requirement(
5660+
source=f"{SPEC_2026_BASE_URL}/basic/authorization#authorization-response-validation",
5661+
behavior=(
5662+
"iss validation applies equally to error responses: a mismatched iss on an error "
5663+
"callback is rejected before the flow acts on the response, and on mismatch the "
5664+
"client must not act on or display error, error_description, or error_uri."
5665+
),
5666+
added_in="2026-07-28",
5667+
transports=("streamable-http",),
5668+
note=(
5669+
"OAuth is HTTP-only. The non-surfacing half holds by construction: the callback "
5670+
"contract (AuthorizationCodeResult) carries no error fields, so those values never "
5671+
"enter the SDK; the test pins the observable half -- the iss mismatch is raised in "
5672+
"preference to the missing-authorization-code failure."
5673+
),
5674+
),
54635675
"client-auth:token-endpoint-auth-method": Requirement(
54645676
source="sdk",
54655677
behavior="The client authenticates to the token endpoint using the auth method established at registration.",
54665678
transports=("streamable-http",),
54675679
note="OAuth is HTTP-only.",
54685680
),
5681+
"client-auth:token-error:machine-readable-code": Requirement(
5682+
source="sdk",
5683+
behavior=(
5684+
"An RFC 6749 error response from the token endpoint (e.g. invalid_grant, "
5685+
"invalid_client, on either the authorization-code exchange or a refresh) surfaces "
5686+
"to the caller as a typed OAuth error carrying the wire error code as a "
5687+
"machine-readable field, not only embedded in the message text."
5688+
),
5689+
transports=("streamable-http",),
5690+
note="OAuth is HTTP-only. The weak testable sibling is client-auth:token:error-surfaces.",
5691+
deferred=(
5692+
"Not implemented in the SDK: OAuthTokenError (src/mcp/client/auth/exceptions.py) "
5693+
"carries only a message string; the token-response handler embeds the RFC 6749 "
5694+
"error body in an f-string and the refresh-response handler clears tokens without "
5695+
"reading the body (src/mcp/client/auth/oauth2.py), so there is no machine-readable "
5696+
"error code for a caller to branch on."
5697+
),
5698+
),
5699+
"client-auth:token:error-surfaces": Requirement(
5700+
source="sdk",
5701+
behavior=(
5702+
"A non-2xx response from the token endpoint on the authorization-code exchange "
5703+
"aborts the flow and surfaces to the caller as an error naming the HTTP status; "
5704+
"the flow does not loop, and no request is ever sent with a bearer token."
5705+
),
5706+
transports=("streamable-http",),
5707+
note=(
5708+
"OAuth is HTTP-only. Completes the endpoint error-surfaces family alongside "
5709+
"client-auth:authorize:error-surfaces and "
5710+
"client-auth:dcr:registration-rejected-error; the machine-readable half is "
5711+
"client-auth:token-error:machine-readable-code (deferred)."
5712+
),
5713+
),
54695714
"client-auth:token-provenance": Requirement(
54705715
source=f"{SPEC_BASE_URL}/basic/authorization#token-handling",
54715716
behavior=(

0 commit comments

Comments
 (0)