Skip to content

OAuth TokenHandler Enhancement: Authorization Header Fallback Support #1316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

OAuth TokenHandler Enhancement: Authorization Header Fallback Support #1316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
88f6ccb
feat(auth): add Authorization header fallback for OAuth client creden…
ChenyangLi4288 Aug 27, 2025
6956c44
Fix markdownlint issues
ChenyangLi4288 Aug 27, 2025
73b9b62
fix(tests): resolve type checking and linting issues in TokenHandler …
ChenyangLi4288 Aug 27, 2025
55d8b42
feat: Add Authorization header fallback for OAuth TokenHandler
ChenyangLi4288 Aug 27, 2025
592ceaa
Delete OAUTH_ENHANCEMENT_SUMMARY.md
ChenyangLi4288 Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions src/mcp/server/auth/handlers/token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import base64
import hashlib
import time
import urllib.parse
from dataclasses import dataclass
from typing import Annotated, Any, Literal

Expand Down Expand Up @@ -92,8 +93,20 @@ def response(self, obj: TokenSuccessResponse | TokenErrorResponse):

async def handle(self, request: Request):
try:
form_data = await request.form()
token_request = TokenRequest.model_validate(dict(form_data)).root
form_data = dict(await request.form())

# Try to get client credentials from header if missing in body
if "client_id" not in form_data:
auth_header = request.headers.get("Authorization")
if auth_header and auth_header.startswith("Basic "):
encoded = auth_header.split(" ")[1]
decoded = base64.b64decode(encoded).decode("utf-8")
client_id, _, client_secret = decoded.partition(":")
client_secret = urllib.parse.unquote(client_secret)
form_data.setdefault("client_id", client_id)
form_data.setdefault("client_secret", client_secret)

token_request = TokenRequest.model_validate(form_data).root
except ValidationError as validation_error:
return self.response(
TokenErrorResponse(
Expand Down
Loading
Loading