feat: add multi-level initial access token support for OAuth 2.0 Dynamic Client Registration (RFC 7591) #1154
Closed
andormarkus wants to merge 3 commits intomodelcontextprotocol:mainfrom
Conversation
…egistration (RFC 7591) - Add initial_access_token parameter to OAuthClientProvider constructor - Implement multi-level fallback for token resolution: 1. Explicit parameter (highest priority) 2. Provider method (initial_access_token()) 3. Environment variable (OAUTH_INITIAL_ACCESS_TOKEN) 4. No token (existing behavior) - Add Authorization Bearer header to registration requests when token available - Add comprehensive test coverage for all fallback scenarios - Update documentation with usage examples and configuration details - Maintain full backward compatibility with existing OAuth flows This enables clients to register with protected OAuth endpoints that require initial access tokens per RFC 7591 Dynamic Client Registration specification.
andormarkus
changed the title
…egistration (RFC 7591) - Add initial_access_token parameter to OAuthClientProvider constructor - Implement multi-level fallback for token resolution: 1. Explicit parameter (highest priority) 2. Provider method (initial_access_token()) 3. Environment variable (OAUTH_INITIAL_ACCESS_TOKEN) 4. No token (existing behavior) - Add Authorization Bearer header to registration requests when token available - Add comprehensive test coverage for all fallback scenarios - Update documentation with usage examples and configuration details - Maintain full backward compatibility with existing OAuth flows This enables clients to register with protected OAuth endpoints that require initial access tokens per RFC 7591 Dynamic Client Registration specification.
…egistration (RFC 7591) - Add initial_access_token parameter to OAuthClientProvider constructor - Implement multi-level fallback for token resolution: 1. Explicit parameter (highest priority) 2. Provider method (initial_access_token()) 3. Environment variable (OAUTH_INITIAL_ACCESS_TOKEN) 4. No token (existing behavior) - Add Authorization Bearer header to registration requests when token available - Add comprehensive test coverage for all fallback scenarios - Update documentation with usage examples and configuration details - Maintain full backward compatibility with existing OAuth flows This enables clients to register with protected OAuth endpoints that require initial access tokens per RFC 7591 Dynamic Client Registration specification.
pcarleton
requested changes
Sep 19, 2025
Member
pcarleton
left a comment
pcarleton
left a comment
There was a problem hiding this comment.
hi @andormarkus thanks for this. similar feedback on this one as the typescript version . Overall looks good, but I don't want to add the environment variable. Adding an example that grabs it from the environment variable in the provider method seems like a good alternative.
pcarleton
added
the
needs more work
Contributor
|
Closing for inactivity - feel free to reopen if you plan to come back to this @andormarkus! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Initial Access Token Support for OAuth 2.0 Dynamic Client Registration (RFC 7591)
Summary
Implements initial access token support for OAuth 2.0 Dynamic Client Registration as specified in RFC 7591. This enables clients to register with protected OAuth endpoints that require initial access tokens.
Changes
Core Implementation
initial_access_tokenparameter toOAuthClientProviderconstructorinitial_access_token()method for custom token retrieval logicOAUTH_INITIAL_ACCESS_TOKENenvironment variable supportFallback Priority Order
initial_access_tokenparameter (highest priority)initial_access_token()methodOAUTH_INITIAL_ACCESS_TOKENenvironment variableTesting & Documentation
Usage
Testing
Breaking Changes
None. Fully backward compatible.
Other
MCP TypeScript SDK PR - modelcontextprotocol/typescript-sdk#773