Fix oauth well-known paths to retain path and query#733
Closed
calclavia wants to merge 4 commits intomodelcontextprotocol:mainfrom
Closed
Fix oauth well-known paths to retain path and query#733calclavia wants to merge 4 commits intomodelcontextprotocol:mainfrom
calclavia wants to merge 4 commits intomodelcontextprotocol:mainfrom
Conversation
Member
Author
calclavia
changed the title
|
@ihrpr @calclavia when shall we expect to release this? Various client implementation fails because of this. |
Member
Author
I haven't had a chance to write tests. If anyone could contribute, it can move this PR along faster! |
Contributor
|
okay, I went back and forth on backwards compatibility for this. As the current implementation is not spec compliant I'm willing to accept it and just release as minor release making as behaviour changes and it should be spec compliant. Tried to add tests to this branch, but don't have permissions. Added them here: #756 |
Member
Author
|
@ihrpr Ok great - should we close this PR then since it's a dupe? |
Contributor
|
Closing as duplicate, let's continue in #756 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation and Context
This change is the same as #687 but applied to the protected resource well known path as well.
This should be spec compliant, as per RFC 9728:
Different applications utilizing OAuth protected resources in application-specific ways MAY define and register different well- known URI path suffixes for publishing protected resource metadata used by those applications. For instance, if the Example application uses an OAuth protected resource in an Example-specific way and there are Example-specific metadata values that it needs to publish, then it might register and use the example-protected-resource URI path suffix and publish the metadata document at the URL formed by inserting /.well-known/example-protected-resource between the host and path and/or query components of the protected resource's resource identifier.
How Has This Been Tested?
Currently I've to hack around this by manually passing resourceMetadataUrl in
authBreaking Changes
Types of changes
Checklist
Additional context