Introduce MCP client oauth flow #478
Merged
+1,749
−225
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
MCP # 734 would allow us to avoid the ugly patch |
|
modelcontextprotocol/python-sdk#752 was just merged. It allows customisation to avoid the ugly path |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces OAuth support for fastmcp clients by implementing and integrating a new OAuth flow into both client and server components. Key changes include new test cases covering OAuth flows, updates to server and HTTP routes to support an OAuthProvider, and modifications to client transports and OAuth client implementations.
Reviewed Changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/client/test_oauth.py | Added comprehensive tests for OAuth flows including authorization and token exchange. |
| src/fastmcp/utilities/tests.py | Adjusted server startup retry logic by reducing max_attempts and adjusting sleep intervals. |
| src/fastmcp/settings.py | Removed the auth field from ServerSettings in favor of using an OAuthProvider directly. |
| src/fastmcp/server/server.py, src/fastmcp/server/http.py | Updated authentication-related parameters to use a unified OAuthProvider rather than two separate parameters. |
| src/fastmcp/client/transports.py | Modified transport constructors to support an "oauth" authentication option. |
| src/fastmcp/client/auth.py, src/fastmcp/client/oauth_callback.py | Added a new OAuth client implementation and callback server for handling OAuth redirects. |
| pyproject.toml | Updated dependency versions and added authlib for OAuth support. |
Comments suppressed due to low confidence (2)
src/fastmcp/utilities/tests.py:97
- Reducing max_attempts from 100 to 10 may lead to premature failure in environments with high load; please verify that 10 attempts provide sufficient stability during server startup.
max_attempts = 10
src/fastmcp/server/server.py:188
- The removal of the consistency check between settings.auth and auth_server_provider streamlines configuration; please ensure that the new approach fully covers potential misconfigurations that were previously caught.
self.auth = auth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a first cut at adding oauth support to fastmcp clients, with the goal of enabling e.g.
fastmcp run https://mcp.paypal.com/ssefrom the CLI (or Claude Desktop / Cursor / local client of choice) to interact with any remote + authenticated server.This needs careful review for spec compliance and log verbosity.
Includes support for both SSE and SHTTP client transports.
fastmcp runis not part of this PR.Quick demo script to log in to the Paypal MCP server and list available tools: