refactor: use canonical SEP-2133 extension identifiers

EXTENSION_IDS now holds the wire identifiers from the spec's extension docs
(client-matrix.mdx, docs/extensions/auth/*.mdx) so extensionId values can be
cross-referenced against capabilities.extensions keys directly:

  io.modelcontextprotocol/oauth-client-credentials
  io.modelcontextprotocol/enterprise-managed-authorization

The previous commit used a shortened 'enterprise-managed-auth' which doesn't
match the canonical '-authorization'. Re-renames the scenario file/class/slug
and downstream references to align.

Author: pcarleton

examples/clients/typescript/everything-client.ts

@@ -375,20 +375,20 @@ registerScenario('auth/pre-registration', runPreRegistration);
 // ============================================================================
 
 /**
- * Enterprise Managed Auth (SEP-990)
+ * Enterprise-Managed Authorization (SEP-990)
  * Tests the complete flow: IDP ID token -> authorization grant -> access token -> MCP access.
  */
-export async function runEnterpriseManagedAuth(
+export async function runEnterpriseManagedAuthorization(
   serverUrl: string
 ): Promise<void> {
   const ctx = parseContext();
-  if (ctx.name !== 'auth/enterprise-managed-auth') {
+  if (ctx.name !== 'auth/enterprise-managed-authorization') {
     throw new Error(
-      `Expected enterprise-managed-auth context, got ${ctx.name}`
+      `Expected enterprise-managed-authorization context, got ${ctx.name}`
     );
   }
 
-  logger.debug('Starting enterprise managed auth flow...');
+  logger.debug('Starting enterprise-managed authorization flow...');
   logger.debug('IDP Issuer:', ctx.idp_issuer);
   logger.debug('IDP Token Endpoint:', ctx.idp_token_endpoint);
 
@@ -494,7 +494,7 @@ export async function runEnterpriseManagedAuth(
   // Step 3: Use access token to access MCP server
   logger.debug('Step 3: Accessing MCP server with access token...');
   const client = new Client(
-    { name: 'conformance-enterprise-managed-auth', version: '1.0.0' },
+    { name: 'conformance-enterprise-managed-authorization', version: '1.0.0' },
     { capabilities: {} }
   );
 
@@ -516,10 +516,13 @@ export async function runEnterpriseManagedAuth(
   logger.debug('Successfully called tool');
 
   await transport.close();
-  logger.debug('Enterprise managed auth flow completed successfully');
+  logger.debug('Enterprise-managed authorization flow completed successfully');
 }
 
-registerScenario('auth/enterprise-managed-auth', runEnterpriseManagedAuth);
+registerScenario(
+  'auth/enterprise-managed-authorization',
+  runEnterpriseManagedAuthorization
+);
 
 // ============================================================================
 // Main entry point

src/scenarios/client/auth/client-credentials.ts

@@ -32,7 +32,9 @@ async function generateTestKeypair(): Promise<{
  */
 export class ClientCredentialsJwtScenario implements Scenario {
   name = 'auth/client-credentials-jwt';
-  readonly source = { extensionId: 'client-credentials' } as const;
+  readonly source = {
+    extensionId: 'io.modelcontextprotocol/oauth-client-credentials'
+  } as const;
   description =
     'Tests OAuth client_credentials flow with private_key_jwt authentication (SEP-1046)';
 
@@ -251,7 +253,9 @@ export class ClientCredentialsJwtScenario implements Scenario {
  */
 export class ClientCredentialsBasicScenario implements Scenario {
   name = 'auth/client-credentials-basic';
-  readonly source = { extensionId: 'client-credentials' } as const;
+  readonly source = {
+    extensionId: 'io.modelcontextprotocol/oauth-client-credentials'
+  } as const;
   description =
     'Tests OAuth client_credentials flow with client_secret_basic authentication';
 

…s/client/auth/enterprise-managed-auth.ts …auth/enterprise-managed-authorization.tssrc/scenarios/client/auth/enterprise-managed-auth.ts renamed to src/scenarios/client/auth/enterprise-managed-authorization.ts src/scenarios/client/auth/enterprise-managed-auth.ts renamed to src/scenarios/client/auth/enterprise-managed-authorization.ts

@@ -48,16 +48,18 @@ async function createIdpIdToken(
 }
 
 /**
- * Scenario: Enterprise Managed Auth (SEP-990)
+ * Scenario: Enterprise-Managed Authorization (SEP-990)
  *
  * Tests the complete SEP-990 flow: IDP ID token -> authorization grant -> access token
  * This scenario combines both RFC 8693 token exchange and RFC 7523 JWT bearer grant.
  */
-export class EnterpriseManagedAuthScenario implements Scenario {
-  name = 'auth/enterprise-managed-auth';
-  readonly source = { extensionId: 'enterprise-managed-auth' } as const;
+export class EnterpriseManagedAuthorizationScenario implements Scenario {
+  name = 'auth/enterprise-managed-authorization';
+  readonly source = {
+    extensionId: 'io.modelcontextprotocol/enterprise-managed-authorization'
+  } as const;
   description =
-    'Tests complete SEP-990 flow: token exchange + JWT bearer grant (Enterprise Managed OAuth)';
+    'Tests complete SEP-990 flow: token exchange + JWT bearer grant (Enterprise-Managed Authorization)';
 
   private idpServer = new ServerLifecycle();
   private authServer = new ServerLifecycle();

src/scenarios/client/auth/index.ts

@@ -23,7 +23,7 @@ import {
 } from './client-credentials';
 import { ResourceMismatchScenario } from './resource-mismatch';
 import { PreRegistrationScenario } from './pre-registration';
-import { EnterpriseManagedAuthScenario } from './enterprise-managed-auth';
+import { EnterpriseManagedAuthorizationScenario } from './enterprise-managed-authorization';
 import {
   OfflineAccessScopeScenario,
   OfflineAccessNotSupportedScenario
@@ -54,7 +54,7 @@ export const backcompatScenariosList: Scenario[] = [
 export const extensionScenariosList: Scenario[] = [
   new ClientCredentialsJwtScenario(),
   new ClientCredentialsBasicScenario(),
-  new EnterpriseManagedAuthScenario()
+  new EnterpriseManagedAuthorizationScenario()
 ];
 
 // Draft scenarios (informational - not scored for tier assessment)

src/schemas/context.ts

@@ -24,7 +24,7 @@ export const ClientConformanceContextSchema = z.discriminatedUnion('name', [
     client_secret: z.string()
   }),
   z.object({
-    name: z.literal('auth/enterprise-managed-auth'),
+    name: z.literal('auth/enterprise-managed-authorization'),
     client_id: z.string(),
     client_secret: z.string(),
     idp_client_id: z.string(),

src/types.ts

@@ -58,10 +58,14 @@ export type SpecVersion = DatedSpecVersion | typeof DRAFT_PROTOCOL_VERSION;
 // (selectable via --suite extensions, never via --spec-version). See #256.
 export type ScenarioSpecTag = SpecVersion | 'extension';
 
-/** Known protocol extensions that this suite has scenarios for. */
+/**
+ * Known protocol extensions that this suite has scenarios for.
+ * Values are SEP-2133 extension identifiers (the keys used in
+ * `capabilities.extensions`).
+ */
 export const EXTENSION_IDS = [
-  'client-credentials',
-  'enterprise-managed-auth'
+  'io.modelcontextprotocol/oauth-client-credentials',
+  'io.modelcontextprotocol/enterprise-managed-authorization'
 ] as const;
 export type ExtensionId = (typeof EXTENSION_IDS)[number];