Skip to content

Commit 7a31879

Browse files
committed
refactor: replace MicrosoftOidcMetadataPolicy with built-in LenientOidcDiscoveryMetadataPolicy
- Microsoft example now uses LenientOidcDiscoveryMetadataPolicy directly - Remove MicrosoftOidcMetadataPolicy and its test (functionally identical)
1 parent 5301147 commit 7a31879

4 files changed

Lines changed: 5 additions & 108 deletions

File tree

examples/server/oauth-microsoft/MicrosoftOidcMetadataPolicy.php

Lines changed: 0 additions & 38 deletions
This file was deleted.

examples/server/oauth-microsoft/README.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ curl -X POST http://localhost:8000/mcp \
150150
- `env.example` - Environment variables template
151151
- `server.php` - MCP server with OAuth middleware
152152
- `MicrosoftJwtTokenValidator.php` - Example-specific validator for Graph/non-Graph tokens
153-
- `MicrosoftOidcMetadataPolicy.php` - Lenient metadata validation policy
153+
- Uses built-in `LenientOidcDiscoveryMetadataPolicy` for metadata validation
154154
- `McpElements.php` - MCP tools including Graph API integration
155155

156156
## Environment Variables
@@ -200,9 +200,8 @@ Microsoft's JWKS endpoint is public. Ensure your container can reach:
200200

201201
The default `StrictOidcDiscoveryMetadataPolicy` requires `code_challenge_methods_supported`.
202202
Microsoft Entra ID omits this field despite supporting PKCE with S256.
203-
Use the built-in `LenientOidcDiscoveryMetadataPolicy` which accepts missing `code_challenge_methods_supported`
204-
(defaults to S256 downstream). The `MicrosoftOidcMetadataPolicy` in this example demonstrates
205-
how to implement a custom policy via `OidcDiscoveryMetadataPolicyInterface`.
203+
This example uses the built-in `LenientOidcDiscoveryMetadataPolicy` which accepts missing
204+
`code_challenge_methods_supported` (defaults to S256 downstream).
206205

207206
### Graph API errors
208207

examples/server/oauth-microsoft/server.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@
1616
use Http\Discovery\Psr17Factory;
1717
use Laminas\HttpHandlerRunner\Emitter\SapiEmitter;
1818
use Mcp\Example\Server\OAuthMicrosoft\MicrosoftJwtTokenValidator;
19-
use Mcp\Example\Server\OAuthMicrosoft\MicrosoftOidcMetadataPolicy;
2019
use Mcp\Server;
2120
use Mcp\Server\Session\FileSessionStore;
2221
use Mcp\Server\Transport\Http\Middleware\AuthorizationMiddleware;
@@ -25,6 +24,7 @@
2524
use Mcp\Server\Transport\Http\Middleware\ProtectedResourceMetadataMiddleware;
2625
use Mcp\Server\Transport\Http\OAuth\JwksProvider;
2726
use Mcp\Server\Transport\Http\OAuth\JwtTokenValidator;
27+
use Mcp\Server\Transport\Http\OAuth\LenientOidcDiscoveryMetadataPolicy;
2828
use Mcp\Server\Transport\Http\OAuth\OidcDiscovery;
2929
use Mcp\Server\Transport\Http\OAuth\ProtectedResourceMetadata;
3030
use Mcp\Server\Transport\StreamableHttpTransport;
@@ -37,7 +37,7 @@
3737
$localBaseUrl = 'http://localhost:8000';
3838

3939
$discovery = new OidcDiscovery(
40-
metadataPolicy: new MicrosoftOidcMetadataPolicy(),
40+
metadataPolicy: new LenientOidcDiscoveryMetadataPolicy(),
4141
);
4242

4343
$jwtTokenValidator = new JwtTokenValidator(

examples/server/oauth-microsoft/tests/Unit/MicrosoftOidcMetadataPolicyTest.php

Lines changed: 0 additions & 64 deletions
This file was deleted.

0 commit comments

Comments
 (0)