Skip to content

Add test for ProtectedResourceMetadataParsing #1236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Sep 23, 2025
Merged

Add test for ProtectedResourceMetadataParsing #1236

merged 21 commits into from
Sep 23, 2025

Conversation

@yannj-fr
Copy link
Contributor

@yannj-fr yannj-fr commented Aug 4, 2025

Motivation and Context

Add tests cases for insurring ProtectedResourceMetadata validation is correctly done

How Has This Been Tested?

with pytest

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

@yannj-fr yannj-fr requested review from a team and pcarleton August 4, 2025 20:15
@yannj-fr yannj-fr marked this pull request as draft August 4, 2025 20:35
@yannj-fr yannj-fr marked this pull request as ready for review August 4, 2025 20:36
pcarleton
pcarleton previously requested changes Aug 5, 2025
View reviewed changes
Kludex
Kludex reviewed Aug 5, 2025
View reviewed changes
Copy link
Member

@Kludex Kludex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is not testing the fact that the new fields are supported. It's testing that the class is properly validated, which it seems we are testing Pydantic here. The same can be said about the tests above.

I think an ideal test would be to use the new added literal fields in an auth flow. But that's an issue that comes from before, because we actually don't have tests for it...

Anyway, I'm okay with either merging or closing this.

yannj-fr and others added 2 commits August 5, 2025 12:10
@yannj-fr @pcarleton
Update tests/shared/test_auth.py
e8bfe35 
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
@yannj-fr @pcarleton
Update tests/shared/test_auth.py
79e1b16 
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Kludex
Kludex previously approved these changes Aug 5, 2025
View reviewed changes
@Kludex Kludex dismissed their stale review August 5, 2025 13:15

Actually, I don't think this is the way to go.

@yannj-fr
Copy link
Contributor Author

yannj-fr commented Aug 6, 2025

@Kludex tests updated

Kludex
Kludex reviewed Aug 6, 2025
View reviewed changes
@yannj-fr
Copy link
Contributor Author

yannj-fr commented Aug 6, 2025

@Kludex done with the requested changes

Kludex
Kludex previously approved these changes Aug 6, 2025
View reviewed changes
@Kludex
Copy link
Member

Kludex commented Aug 6, 2025

Maybe we could benefit more if we move the test you added to a new file, so we can actually don't mix bad practices with good ones.

@yannj-fr
Copy link
Contributor Author

yannj-fr commented Aug 6, 2025

I will create a separated file, actually could be directly in the test/server/auth/test_proctected_resource.py

Kludex
Kludex reviewed Aug 6, 2025
View reviewed changes
yannj-fr and others added 2 commits August 6, 2025 12:44
@yannj-fr @Kludex
Update tests/server/auth/test_protected_resource.py
82852be 
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
@yannj-fr @Kludex
Update tests/server/auth/test_protected_resource.py
0826232 
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Kludex
Kludex previously approved these changes Aug 6, 2025
View reviewed changes
@yannj-fr
Copy link
Contributor Author

yannj-fr commented Aug 6, 2025

As per your advice, I removed the test that is just on the model, and fixed naming.
Just one question, it is not good practice to have test case in a class?

@Kludex
Copy link
Member

Kludex commented Aug 6, 2025
edited
Loading

Just one question, it is not good practice to have test case in a class?

I don't think you get anything from it, it's more often seen in old test suites and when using unittest (https://docs.python.org/3/library/unittest.html#basic-example).

I prefer to stick with what modern packages do: not have wrapper classes.

This is my opinion tho.

@yannj-fr yannj-fr requested review from Kludex and pcarleton August 7, 2025 09:54
@felixweinberger felixweinberger dismissed pcarleton’s stale review September 23, 2025 11:05

Outdated review, changes have been addressed.

felixweinberger
felixweinberger approved these changes Sep 23, 2025
View reviewed changes
Copy link
Contributor

@felixweinberger felixweinberger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking through the discussion here all comments have been addressed as far as I can tell.

Thank you for this contribution @yannj-fr!

@felixweinberger felixweinberger added the needs more eyes Needs alignment among maintainers whether this is something we want to add label Sep 23, 2025
@felixweinberger
Copy link
Contributor

Looks like we also need approval from an auth CODEOWNER to land this, @pcarleton mind taking another look?

@pcarleton pcarleton merged commit 20596e5 into modelcontextprotocol:main Sep 23, 2025
18 checks passed
rbehal pushed a commit to gumloop/gumloop-mcp that referenced this pull request Sep 25, 2025
@dvlpjrs @felixweinberger
@yurikunash @pamelafox @ihrpr @Kludex @davenpi @functicons @dingo4dev @LucaButBoring @only-weng @clareliguori @lukacf @chughtapan @yannj-fr @pcarleton @sreenaths @jbkkd @joesavage-silabs @glinf @dsp-ant @mous222 @maxisbey @claude @jerome3o-anthropic @dragonier23 @keurcien @timesler @sandangel @justin-yi-wang @monkeywithacupcake @pja-ant @reidg44 @eleftherias @cclauss @pchoudhury22 @owengo @olivierhub @stevebillings @mssalvatore
[GMLP-5458] Sync upstream (#5)
0206b4d 
* Add regression test for stateless request memory cleanup (modelcontextprotocol#1140)

* Implement RFC9728 - Support WWW-Authenticate header by MCP client (modelcontextprotocol#1071)

* Add streamable HTTP starlette example to Python SDK docs (modelcontextprotocol#1111)

* fix markdown error in README in main (modelcontextprotocol#1147)

* README - replace code snippets with examples - add lowlevel to snippets (modelcontextprotocol#1150)

* README - replace code snippets with examples - streamable http (modelcontextprotocol#1155)

* chore: don't allow users to create issues outside the templates (modelcontextprotocol#1163)

* Tests(cli): Add coverage for helper functions (modelcontextprotocol#635)

* Docs: Update CallToolResult parsing in README (modelcontextprotocol#812)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* docs: add pre-commit install guide on CONTRIBUTING.md (modelcontextprotocol#995)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* fix flaky fix-test_streamablehttp_client_resumption test (modelcontextprotocol#1166)

* README - replace code snippets with examples -- auth examples (modelcontextprotocol#1164)

* Support falling back to OIDC metadata for auth (modelcontextprotocol#1061)

* Add CODEOWNERS file for sdk (modelcontextprotocol#1169)

* fix flaky test test_88_random_error (modelcontextprotocol#1171)

* Make sure `RequestId` is not coerced as `int` (modelcontextprotocol#1178)

* Fix: Replace threading.Lock with anyio.Lock for Ray deployment compatibility (modelcontextprotocol#1151)

* fix: fix OAuth flow request object handling (modelcontextprotocol#1174)

* update codeowners group (modelcontextprotocol#1191)

* fix: perform auth server metadata discovery fallbacks on any 4xx (modelcontextprotocol#1193)

* server: skip duplicate response on CancelledError (modelcontextprotocol#1153)

Co-authored-by: ihrpr <inna@anthropic.com>

* Unpack settings in FastMCP (modelcontextprotocol#1198)

* chore: Remove unused prompt_manager.py file (modelcontextprotocol#1229)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>

* Improved supported for ProtectedResourceMetadata (modelcontextprotocol#1235)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>

* chore: Remove unused variable notification_options (modelcontextprotocol#1238)

* Improve README around the Context object (modelcontextprotocol#1203)

* fix: allow to pass `list[str]` to `token_endpoint_auth_signing_alg_values_supported` (modelcontextprotocol#1226)

* Remove strict validation on `response_modes_supported` member of `OAuthMetadata` (modelcontextprotocol#1243)

* Add pyright strict mode on the whole project (modelcontextprotocol#1254)

* Consistent casing for default headers Accept and Content-Type (modelcontextprotocol#1263)

* Update dependencies and fix type issues (modelcontextprotocol#1268)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>

* fix: prevent async generator cleanup errors in StreamableHTTP transport (modelcontextprotocol#1271)

Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>

* chore: uncomment .idea/ in .gitignore (modelcontextprotocol#1287)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: clarify streamable_http_path configuration when mounting servers (modelcontextprotocol#1172)

* feat: Add CORS configuration for browser-based MCP clients (modelcontextprotocol#1059)

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Added Audio to FastMCP (modelcontextprotocol#1130)

* fix: avoid uncessary retries in OAuth authenticated requests (modelcontextprotocol#1206)

Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>

* Add PATHEXT to default STDIO env vars in windows (modelcontextprotocol#1256)

* fix: error too many values to unpack (expected 2) (modelcontextprotocol#1279)

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* SDK Parity: Avoid Parsing Server Response for non-JsonRPCMessage Requests (modelcontextprotocol#1290)

* types: Setting default value for method: Literal (modelcontextprotocol#1292)

* changes structured temperature to not deadly (modelcontextprotocol#1328)

* Update simple-resource example to use non-deprecated read_resource return type (modelcontextprotocol#1331)

Co-authored-by: Claude <noreply@anthropic.com>

* docs: Update README to include link to API docs for modelcontextprotocol#1329 (modelcontextprotocol#1330)

* Allow ping requests before initialization (modelcontextprotocol#1312)

* Python lint: Ruff rules for pylint and code complexity (modelcontextprotocol#525)

* Fix context injection for resources and prompts (modelcontextprotocol#1336)

* fix(fastmcp): propagate mimeType in resource template list (modelcontextprotocol#1186)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* fix: allow elicitations accepted without content (modelcontextprotocol#1285)

Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>

* Use --frozen in pre-commit config (modelcontextprotocol#1375)

* Return HTTP 403 for invalid Origin headers (modelcontextprotocol#1353)

* Add test for ProtectedResourceMetadataParsing (modelcontextprotocol#1236)

Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Fastmcp logging progress example (modelcontextprotocol#1270)

Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* feat: add paginated list decorators for prompts, resources, and tools (modelcontextprotocol#1286)

Co-authored-by: Claude <noreply@anthropic.com>

* Remove "unconditionally" from conditional description (modelcontextprotocol#1289)

* Use streamable-http consistently in examples (modelcontextprotocol#1389)

* feat: Add SDK support for SEP-1034 default values in elicitation schemas (modelcontextprotocol#1337)

Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>

* Implementation of SEP 973 - Additional metadata + icons support (modelcontextprotocol#1357)

* Merge upstream/main with custom filtering

---------

Signed-off-by: San Nguyen <vinhsannguyen91@gmail.com>
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
Co-authored-by: yurikunash <143175350+yurikunash@users.noreply.github.com>
Co-authored-by: Pamela Fox <pamela.fox@gmail.com>
Co-authored-by: Inna Harper <inna.hrpr@gmail.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Co-authored-by: Ian Davenport <49379192+davenpi@users.noreply.github.com>
Co-authored-by: Dagang Wei <functicons@gmail.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Stanley Law <stanleylkal@gmail.com>
Co-authored-by: Luca Chang <131398524+LucaButBoring@users.noreply.github.com>
Co-authored-by: leweng <leweng@nvidia.com>
Co-authored-by: Clare Liguori <liguori@amazon.com>
Co-authored-by: lukacf <luka@peltarion.com>
Co-authored-by: ihrpr <inna@anthropic.com>
Co-authored-by: Tapan Chugh <chugh.tapan@gmail.com>
Co-authored-by: Tapan Chugh <tapanc@cs.washington.edu>
Co-authored-by: Yann Jouanin <4557670+yannj-fr@users.noreply.github.com>
Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Sreenath Somarajapuram <somarajapuram@gmail.com>
Co-authored-by: Omer Korner <omerkorner@gmail.com>
Co-authored-by: joesavage-silabs <159480754+joesavage-silabs@users.noreply.github.com>
Co-authored-by: Gregory L <gregory.linford@mistral.ai>
Co-authored-by: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Co-authored-by: Moustapha Ebnou <155577789+mous222@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jerome <jerome@anthropic.com>
Co-authored-by: xavier <84836280+dragonier23@users.noreply.github.com>
Co-authored-by: keurcien <keurcien.luu@gmail.com>
Co-authored-by: Tim Esler <tim.esler@gmail.com>
Co-authored-by: San Nguyen <22189661+sandangel@users.noreply.github.com>
Co-authored-by: Justin Wang <89049861+justin-yi-wang@users.noreply.github.com>
Co-authored-by: jess <jessachandler@gmail.com>
Co-authored-by: Peter Alexander <pja@anthropic.com>
Co-authored-by: Reid Geyer <12072650+reidg44@users.noreply.github.com>
Co-authored-by: Eleftheria Stein-Kousathana <eleftheria.kousathana@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: pchoudhury22 <pchoudhury22@apple.com>
Co-authored-by: owengo <owengo@users.noreply.github.com>
Co-authored-by: Olivier Schiavo <olivier.schiavo@wengo.com>
Co-authored-by: Steve Billings <billings.steve@gmail.com>
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton approved these changes

@felixweinberger felixweinberger felixweinberger approved these changes

@Kludex Kludex Awaiting requested review from Kludex

Assignees

No one assigned

Labels

needs more eyes Needs alignment among maintainers whether this is something we want to add

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yannj-fr @Kludex @felixweinberger @pcarleton