relax validation

dr3s · dr3s · commit 482cb3ec61a8 · 2025-06-03T12:20:22.000-04:00
diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
@@ -1,6 +1,6 @@
 from typing import Any, Literal
 
-from pydantic import AnyHttpUrl, BaseModel, Field
+from pydantic import AnyHttpUrl, BaseModel, Field, field_validator
 
 
 class OAuthToken(BaseModel):
@@ -9,11 +9,20 @@ class OAuthToken(BaseModel):
     """
 
     access_token: str
-    token_type: Literal["bearer"] = "bearer"
+    token_type: Literal["Bearer"] = "Bearer"
     expires_in: int | None = None
     scope: str | None = None
     refresh_token: str | None = None
 
+    @field_validator('token_type', mode='before')
+    @classmethod
+    def normalize_token_type(cls, v: str | None) -> str | None:
+        if isinstance(v, str):
+            # Bearer is title-cased in the spec, so we normalize it
+            # https://datatracker.ietf.org/doc/html/rfc6750#section-4
+            return v.title()
+        return v
+
 
 class InvalidScopeError(Exception):
     def __init__(self, message: str):
@@ -111,13 +120,13 @@ class OAuthMetadata(BaseModel):
     token_endpoint: AnyHttpUrl
     registration_endpoint: AnyHttpUrl | None = None
     scopes_supported: list[str] | None = None
-    response_types_supported: list[Literal["code"]] = ["code"]
+    response_types_supported: list[Literal["code"] | str] = ["code"]
     response_modes_supported: list[Literal["query", "fragment"]] | None = None
     grant_types_supported: (
-        list[Literal["authorization_code", "refresh_token"]] | None
+        list[Literal["authorization_code", "refresh_token"] | str] | None
     ) = None
     token_endpoint_auth_methods_supported: (
-        list[Literal["none", "client_secret_post"]] | None
+        list[Literal["none", "client_secret_post"] | str] | None
     ) = None
     token_endpoint_auth_signing_alg_values_supported: None = None
     service_documentation: AnyHttpUrl | None = None
@@ -126,12 +135,12 @@ class OAuthMetadata(BaseModel):
     op_tos_uri: AnyHttpUrl | None = None
     revocation_endpoint: AnyHttpUrl | None = None
     revocation_endpoint_auth_methods_supported: (
-        list[Literal["client_secret_post"]] | None
+        list[Literal["client_secret_post"] | str] | None
     ) = None
     revocation_endpoint_auth_signing_alg_values_supported: None = None
     introspection_endpoint: AnyHttpUrl | None = None
     introspection_endpoint_auth_methods_supported: (
-        list[Literal["client_secret_post"]] | None
+        list[Literal["client_secret_post"] | str] | None
     ) = None
     introspection_endpoint_auth_signing_alg_values_supported: None = None
-    code_challenge_methods_supported: list[Literal["S256"]] | None = None
+    code_challenge_methods_supported: list[Literal["S256"] | str] | None = None
diff --git a/tests/client/test_auth.py b/tests/client/test_auth.py
@@ -760,7 +760,6 @@ async def test_async_auth_flow_no_token(self, oauth_provider):
             # No Authorization header should be added if no token
             assert "Authorization" not in updated_request.headers
 
-
     @pytest.mark.anyio
     async def test_scope_priority_client_metadata_first(
         self, oauth_provider, oauth_client_info
