Description
Is your feature request related to a problem? Please describe.
Yes. The current implementation of the MCP Python SDK only accepts HTTP(S) URLs for redirect_uris
due to the use of AnyHttpUrl
in the model definition (source). This results in a 400 error when attempting to register a client using a custom scheme URI (e.g., cursor://.../callback
), as used by apps like Cursor, because OAuthClientMetadata.model_validate(body)
rejects the URI (source).
This effectively prevents using the SDK in environments or apps that rely on deep linking for OAuth callback URIs, such as desktop or mobile apps.
Describe the solution you'd like
Support for custom URI schemes (e.g., cursor://
) in the redirect_uris
validation. Ideally, the validation logic should allow any valid URI, or allow for a configurable override to support non-HTTP schemes. A possible solution would be to change AnyHttpUrl
to a more permissive type like AnyUrl
or a custom validator that supports a broader set of schemes.
Describe alternatives you've considered
- Forking the SDK and modifying the redirect_uris validation to allow non-HTTP schemes.
- Proxying the OAuth callback through an HTTP server that translates the redirect to a deep link (not ideal due to added complexity and limitations in environments like Electron apps).
- Avoiding use of the Python SDK entirely and implementing a custom client (which is inefficient and leads to duplication of effort).
Additional context
This issue impacts integration with applications using custom URI schemes for OAuth callbacks (such as cursor://callback). The limitation seems arbitrary given that OAuth 2.0 allows native apps to use custom URI schemes for redirects. Adjusting this would improve compatibility for a wider range of applications and development platforms.