Skip to content

RFC 8707 Resource Indicators Implementation #638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 41 commits into from
Jun 18, 2025
Merged

RFC 8707 Resource Indicators Implementation #638

Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
7b5bfce
implementation of RFC 8707 Resource Indicators (Fixes #592, Fixes #635)
ochafik Jun 16, 2025
1f4e42c
cleanup auth-utils and remove example files
ochafik Jun 16, 2025
cba6a6e
Update authorize.config.test.ts
ochafik Jun 16, 2025
ccccb4b
simplify PR / only keep verification in demo inmemory oauth provider
ochafik Jun 16, 2025
e542ec1
docs: update PR description to clarify server-side validation is in d…
ochafik Jun 16, 2025
6656d23
Simplify demo in-memory oauth provider
ochafik Jun 16, 2025
02ce81b
simplify diff
ochafik Jun 16, 2025
36f338a
Update demoInMemoryOAuthProvider.ts
ochafik Jun 16, 2025
224a2e2
update resource to be a url
ochafik Jun 16, 2025
551a439
use URL for resource throughout
ochafik Jun 16, 2025
6e4fc52
Update demoInMemoryOAuthProvider.test.ts
ochafik Jun 16, 2025
ec0c504
rm noise
ochafik Jun 17, 2025
b16a415
cleanups
ochafik Jun 17, 2025
badb5dc
fix tests
ochafik Jun 17, 2025
515abb4
fix lints
ochafik Jun 17, 2025
40f61d8
show how to enable strict resource checking in mcp server
ochafik Jun 17, 2025
617facc
Add test for default protocol version negotiation in bearerAuth middl…
ochafik Jun 17, 2025
c2150f0
Update README.md
ochafik Jun 17, 2025
bf72f87
cleanups
ochafik Jun 18, 2025
4a88cac
Update simpleStreamableHttp.ts
ochafik Jun 18, 2025
d58c2eb
Update simpleStreamableHttp.ts
ochafik Jun 18, 2025
aebb2ab
Update simpleStreamableHttp.ts
ochafik Jun 18, 2025
049170d
minimize diff
ochafik Jun 18, 2025
b77361b
Update streamableHttp.ts
ochafik Jun 18, 2025
8475e43
drop redundant resource canonicalization tests
ochafik Jun 18, 2025
e5b2a5b
fix simpleStreamableHttp.ts
ochafik Jun 18, 2025
4fcbb68
verify PRM resource
ochafik Jun 18, 2025
68424ef
simplify changes
ochafik Jun 18, 2025
9e2a565
minimize changes
ochafik Jun 18, 2025
6a01d0d
shrink token.test.ts
ochafik Jun 18, 2025
5c60c77
shrink diff
ochafik Jun 18, 2025
354318f
auth: don't fail the prm if the resource doesn't match
ochafik Jun 18, 2025
bac384f
simplify tests
ochafik Jun 18, 2025
a7f9c59
Fix SSE test resource URL validation errors
ochafik Jun 18, 2025
f0ea31c
Update auth.test.ts
ochafik Jun 18, 2025
3f07bdb
shrink tests
ochafik Jun 18, 2025
4b3db9b
stricter PRM check overridable w/ OAuthClientProvider.validateProtect…
ochafik Jun 18, 2025
f854b58
test validateProtectedResourceMetadata override
ochafik Jun 18, 2025
dada5f6
wip helper func
pcarleton Jun 18, 2025
4c51230
fix tests
pcarleton Jun 18, 2025
86bed6a
adjust comment
pcarleton Jun 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update demoInMemoryOAuthProvider.ts
  • Loading branch information
@ochafik
ochafik committed Jun 16, 2025
commit 36f338ae23503ce837f12c0f166e09de50885d16
4 changes: 2 additions & 2 deletions src/examples/server/demoInMemoryOAuthProvider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ export class DemoInMemoryAuthProvider implements OAuthServerProvider {
private tokens = new Map<string, AuthInfo>();
private validateResource?: (resource?: URL) => boolean;

constructor(mcpServerUrl?: URL) {
constructor({mcpServerUrl}: {mcpServerUrl?: URL} = {}) {
if (mcpServerUrl) {
const expectedResource = resourceUrlFromServerUrl(mcpServerUrl);
this.validateResource = (resource?: URL) => {
Expand Down Expand Up @@ -157,7 +157,7 @@ export const setupAuthServer = (authServerUrl: URL, mcpServerUrl: URL): OAuthMet
// how to separate an OAuth Authorization Server from a Resource
// server in the SDK. The SDK is not intended to be provide a standalone
// authorization server.
const provider = new DemoInMemoryAuthProvider(mcpServerUrl);
const provider = new DemoInMemoryAuthProvider({mcpServerUrl});
const authApp = express();
authApp.use(express.json());
// For introspection requests
Expand Down