Skip to content

Add OIDC ID token support#680

Merged
pcarleton merged 1 commit intomodelcontextprotocol:mainfrom
civicteam:feat/oidc-support
Jul 14, 2025
Merged

Add OIDC ID token support#680
pcarleton merged 1 commit intomodelcontextprotocol:mainfrom
civicteam:feat/oidc-support

Conversation

@dankelleher
Copy link
Copy Markdown
Contributor

@dankelleher dankelleher commented Jun 22, 2025

<!-- Provide a brief summary of your changes -->
Add support for OpenID Connect ID tokens in OAuth responses. When an auth server returns an ID token (typically when the scope includes "openid"), it will now be preserved and passed through to the client.

Motivation and Context

<!-- Why is this change needed? What problem does it solve? -->
This change enables MCP SDK to work with OpenID Connect providers that return ID tokens. Previously, the SDK would discard ID tokens even when they were provided by the auth server. This is needed for full OIDC compliance and to support auth providers that require ID token validation.

How Has This Been Tested?

<!-- Have you tested this in a real application? Which scenarios were tested? -->

  • Added unit test to verify ID token is preserved when returned by auth server
  • Tested that existing OAuth flows without ID tokens continue to work unchanged
  • All existing tests pass

Breaking Changes

<!-- Will users need to update their code or configurations? -->
No breaking changes. The ID token field is optional and existing code will continue to work without modification.

Types of changes

<!-- What types of changes does your code introduce? Put an x in all the boxes that apply: -->

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

<!-- Go over all the following points, and put an x in all the boxes that apply. -->

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

<!-- Add any other context, implementation notes, or design decisions -->
This change is minimal and non-invasive - it simply adds an optional id_token field to the OAuthTokensSchema. The field is marked as optional to maintain backward compatibility. No additional validation or processing of the ID token is performed at this time.

@dankelleher
Add oidc support - if the scope includes "openid", an id token will b…
6b55c9b 
…e returned from the auth server. This change does not enforce this, but simply does not throw away the id token if it is present.
@ihrpr ihrpr added this to the auth milestone Jun 25, 2025
@pcarleton pcarleton self-assigned this Jul 14, 2025
pcarleton
pcarleton approved these changes Jul 14, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! appreciate the very targeted and well tested PR.

@pcarleton pcarleton enabled auto-merge (squash) July 14, 2025 12:21
@pcarleton pcarleton merged commit 5b99c24 into modelcontextprotocol:main Jul 14, 2025
2 checks passed
chenxi-null pushed a commit to chenxi-null/typescript-sdk that referenced this pull request Jul 28, 2025
@dankelleher @chenxi-null
Add OIDC ID token support (modelcontextprotocol#680)
8e67b12
@felixweinberger felixweinberger mentioned this pull request Mar 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton approved these changes

Assignees

@pcarleton pcarleton

Labels

None yet

Projects

None yet

Milestone

auth

Development

Successfully merging this pull request may close these issues.

3 participants

@dankelleher @pcarleton @ihrpr