Rename OAuthServerProvider to OAuthAuthorizationServerProvider

Author: praboud-ant

src/mcp/server/auth/handlers/authorize.py

@@ -15,7 +15,7 @@
     AuthorizationErrorCode,
     AuthorizationParams,
     AuthorizeError,
-    OAuthServerProvider,
+    OAuthAuthorizationServerProvider,
     construct_redirect_uri,
 )
 from mcp.shared.auth import (
@@ -74,7 +74,7 @@ class AnyHttpUrlModel(RootModel[AnyHttpUrl]):
 
 @dataclass
 class AuthorizationHandler:
-    provider: OAuthServerProvider[Any, Any, Any]
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any]
 
     async def handle(self, request: Request) -> Response:
         # implements authorization requests for grant_type=code;

src/mcp/server/auth/handlers/register.py

@@ -11,7 +11,7 @@
 from mcp.server.auth.errors import stringify_pydantic_error
 from mcp.server.auth.json_response import PydanticJSONResponse
 from mcp.server.auth.provider import (
-    OAuthServerProvider,
+    OAuthAuthorizationServerProvider,
     RegistrationError,
     RegistrationErrorCode,
 )
@@ -32,7 +32,7 @@ class RegistrationErrorResponse(BaseModel):
 
 @dataclass
 class RegistrationHandler:
-    provider: OAuthServerProvider[Any, Any, Any]
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     options: ClientRegistrationOptions
 
     async def handle(self, request: Request) -> Response:

src/mcp/server/auth/handlers/revoke.py

@@ -14,7 +14,7 @@
     AuthenticationError,
     ClientAuthenticator,
 )
-from mcp.server.auth.provider import AccessToken, OAuthServerProvider, RefreshToken
+from mcp.server.auth.provider import AccessToken, OAuthAuthorizationServerProvider, RefreshToken
 
 
 class RevocationRequest(BaseModel):
@@ -35,7 +35,7 @@ class RevocationErrorResponse(BaseModel):
 
 @dataclass
 class RevocationHandler:
-    provider: OAuthServerProvider[Any, Any, Any]
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     client_authenticator: ClientAuthenticator
 
     async def handle(self, request: Request) -> Response:

src/mcp/server/auth/handlers/token.py

@@ -15,7 +15,7 @@
     AuthenticationError,
     ClientAuthenticator,
 )
-from mcp.server.auth.provider import OAuthServerProvider, TokenError, TokenErrorCode
+from mcp.server.auth.provider import OAuthAuthorizationServerProvider, TokenError, TokenErrorCode
 from mcp.shared.auth import OAuthToken
 
 
@@ -76,7 +76,7 @@ class TokenSuccessResponse(RootModel[OAuthToken]):
 
 @dataclass
 class TokenHandler:
-    provider: OAuthServerProvider[Any, Any, Any]
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     client_authenticator: ClientAuthenticator
 
     def response(self, obj: TokenSuccessResponse | TokenErrorResponse):

src/mcp/server/auth/middleware/bearer_auth.py

@@ -10,7 +10,7 @@
 from starlette.requests import HTTPConnection
 from starlette.types import Receive, Scope, Send
 
-from mcp.server.auth.provider import AccessToken, OAuthServerProvider
+from mcp.server.auth.provider import AccessToken, OAuthAuthorizationServerProvider
 
 
 class AuthenticatedUser(SimpleUser):
@@ -29,7 +29,7 @@ class BearerAuthBackend(AuthenticationBackend):
 
     def __init__(
         self,
-        provider: OAuthServerProvider[Any, Any, Any],
+        provider: OAuthAuthorizationServerProvider[Any, Any, Any],
     ):
         self.provider = provider
 

src/mcp/server/auth/middleware/client_auth.py

@@ -1,7 +1,7 @@
 import time
 from typing import Any
 
-from mcp.server.auth.provider import OAuthServerProvider
+from mcp.server.auth.provider import OAuthAuthorizationServerProvider
 from mcp.shared.auth import OAuthClientInformationFull
 
 
@@ -21,7 +21,7 @@ class ClientAuthenticator:
     logic is skipped.
     """
 
-    def __init__(self, provider: OAuthServerProvider[Any, Any, Any]):
+    def __init__(self, provider: OAuthAuthorizationServerProvider[Any, Any, Any]):
         """
         Initialize the dependency.
 

src/mcp/server/auth/provider.py

@@ -96,7 +96,7 @@ class TokenError(Exception):
 AccessTokenT = TypeVar("AccessTokenT", bound=AccessToken)
 
 
-class OAuthServerProvider(
+class OAuthAuthorizationServerProvider(
     Protocol, Generic[AuthorizationCodeT, RefreshTokenT, AccessTokenT]
 ):
     async def get_client(self, client_id: str) -> OAuthClientInformationFull | None:

src/mcp/server/auth/routes.py

@@ -14,7 +14,7 @@
 from mcp.server.auth.handlers.revoke import RevocationHandler
 from mcp.server.auth.handlers.token import TokenHandler
 from mcp.server.auth.middleware.client_auth import ClientAuthenticator
-from mcp.server.auth.provider import OAuthServerProvider
+from mcp.server.auth.provider import OAuthAuthorizationServerProvider
 from mcp.server.auth.settings import ClientRegistrationOptions, RevocationOptions
 from mcp.shared.auth import OAuthMetadata
 
@@ -65,7 +65,7 @@ def cors_middleware(
 
 
 def create_auth_routes(
-    provider: OAuthServerProvider[Any, Any, Any],
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any],
     issuer_url: AnyHttpUrl,
     service_documentation_url: AnyHttpUrl | None = None,
     client_registration_options: ClientRegistrationOptions | None = None,

src/mcp/server/fastmcp/server.py

@@ -31,7 +31,7 @@
     BearerAuthBackend,
     RequireAuthMiddleware,
 )
-from mcp.server.auth.provider import OAuthServerProvider
+from mcp.server.auth.provider import OAuthAuthorizationServerProvider
 from mcp.server.auth.settings import (
     AuthSettings,
 )
@@ -128,7 +128,7 @@ def __init__(
         self,
         name: str | None = None,
         instructions: str | None = None,
-        auth_provider: OAuthServerProvider[Any, Any, Any] | None = None,
+        auth_server_provider: OAuthAuthorizationServerProvider[Any, Any, Any] | None = None,
         **settings: Any,
     ):
         self.settings = Settings(**settings)
@@ -149,12 +149,17 @@ def __init__(
         self._prompt_manager = PromptManager(
             warn_on_duplicate_prompts=self.settings.warn_on_duplicate_prompts
         )
-        if (self.settings.auth is not None) != (auth_provider is not None):
+        if (self.settings.auth is not None) != (auth_server_provider is not None):
+            # TODO: after we support separate authorization servers (see
+            # https://github.com/modelcontextprotocol/modelcontextprotocol/pull/284)
+            # we should validate that if auth is enabled, we have either an
+            # auth_server_provider to host our own authorization server,
+            # OR the URL of a 3rd party authorization server.
             raise ValueError(
-                "settings.auth must be specified if and only if auth_provider "
+                "settings.auth must be specified if and only if auth_server_provider "
                 "is specified"
             )
-        self._auth_provider = auth_provider
+        self._auth_server_provider = auth_server_provider
         self._custom_starlette_routes: list[Route] = []
         self.dependencies = self.settings.dependencies
 
@@ -580,7 +585,7 @@ async def handle_sse(request: Request) -> EventSourceResponse:
         required_scopes = []
 
         # Add auth endpoints if auth provider is configured
-        if self._auth_provider:
+        if self._auth_server_provider:
             assert self.settings.auth
             from mcp.server.auth.routes import create_auth_routes
 
@@ -591,7 +596,7 @@ async def handle_sse(request: Request) -> EventSourceResponse:
                 Middleware(
                     AuthenticationMiddleware,
                     backend=BearerAuthBackend(
-                        provider=self._auth_provider,
+                        provider=self._auth_server_provider,
                     ),
                 ),
                 # Add the auth context middleware to store
@@ -600,7 +605,7 @@ async def handle_sse(request: Request) -> EventSourceResponse:
             ]
             routes.extend(
                 create_auth_routes(
-                    provider=self._auth_provider,
+                    provider=self._auth_server_provider,
                     issuer_url=self.settings.auth.issuer_url,
                     service_documentation_url=self.settings.auth.service_documentation_url,
                     client_registration_options=self.settings.auth.client_registration_options,

tests/server/auth/middleware/test_bearer_auth.py

@@ -18,7 +18,7 @@
 )
 from mcp.server.auth.provider import (
     AccessToken,
-    OAuthServerProvider,
+    OAuthAuthorizationServerProvider,
 )
 
 
@@ -42,7 +42,7 @@ async def load_access_token(self, token: str) -> AccessToken | None:
 
 
 def add_token_to_provider(
-    provider: OAuthServerProvider[Any, Any, Any], token: str, access_token: AccessToken
+    provider: OAuthAuthorizationServerProvider[Any, Any, Any], token: str, access_token: AccessToken
 ) -> None:
     """Helper function to add a token to a provider.
 
@@ -70,10 +70,10 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
 
 
 @pytest.fixture
-def mock_oauth_provider() -> OAuthServerProvider[Any, Any, Any]:
+def mock_oauth_provider() -> OAuthAuthorizationServerProvider[Any, Any, Any]:
     """Create a mock OAuth provider."""
     # Use type casting to satisfy the type checker
-    return cast(OAuthServerProvider[Any, Any, Any], MockOAuthProvider())
+    return cast(OAuthAuthorizationServerProvider[Any, Any, Any], MockOAuthProvider())
 
 
 @pytest.fixture
@@ -114,7 +114,7 @@ class TestBearerAuthBackend:
     """Tests for the BearerAuthBackend class."""
 
     async def test_no_auth_header(
-        self, mock_oauth_provider: OAuthServerProvider[Any, Any, Any]
+        self, mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     ):
         """Test authentication with no Authorization header."""
         backend = BearerAuthBackend(provider=mock_oauth_provider)
@@ -123,7 +123,7 @@ async def test_no_auth_header(
         assert result is None
 
     async def test_non_bearer_auth_header(
-        self, mock_oauth_provider: OAuthServerProvider[Any, Any, Any]
+        self, mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     ):
         """Test authentication with non-Bearer Authorization header."""
         backend = BearerAuthBackend(provider=mock_oauth_provider)
@@ -137,7 +137,7 @@ async def test_non_bearer_auth_header(
         assert result is None
 
     async def test_invalid_token(
-        self, mock_oauth_provider: OAuthServerProvider[Any, Any, Any]
+        self, mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any]
     ):
         """Test authentication with invalid token."""
         backend = BearerAuthBackend(provider=mock_oauth_provider)
@@ -152,7 +152,7 @@ async def test_invalid_token(
 
     async def test_expired_token(
         self,
-        mock_oauth_provider: OAuthServerProvider[Any, Any, Any],
+        mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any],
         expired_access_token: AccessToken,
     ):
         """Test authentication with expired token."""
@@ -171,7 +171,7 @@ async def test_expired_token(
 
     async def test_valid_token(
         self,
-        mock_oauth_provider: OAuthServerProvider[Any, Any, Any],
+        mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any],
         valid_access_token: AccessToken,
     ):
         """Test authentication with valid token."""
@@ -195,7 +195,7 @@ async def test_valid_token(
 
     async def test_token_without_expiry(
         self,
-        mock_oauth_provider: OAuthServerProvider[Any, Any, Any],
+        mock_oauth_provider: OAuthAuthorizationServerProvider[Any, Any, Any],
         no_expiry_access_token: AccessToken,
     ):
         """Test authentication with token that has no expiry."""

tests/server/fastmcp/auth/test_auth_integration.py

@@ -21,7 +21,7 @@
     AccessToken,
     AuthorizationCode,
     AuthorizationParams,
-    OAuthServerProvider,
+    OAuthAuthorizationServerProvider,
     RefreshToken,
     construct_redirect_uri,
 )
@@ -41,7 +41,7 @@
 
 
 # Mock OAuth provider for testing
-class MockOAuthProvider(OAuthServerProvider):
+class MockOAuthProvider(OAuthAuthorizationServerProvider):
     def __init__(self):
         self.clients = {}
         self.auth_codes = {}  # code -> {client_id, code_challenge, redirect_uri}
@@ -1003,7 +1003,7 @@ async def test_fastmcp_with_auth(
         """Test creating a FastMCP server with authentication."""
         # Create FastMCP server with auth provider
         mcp = FastMCP(
-            auth_provider=mock_oauth_provider,
+            auth_server_provider=mock_oauth_provider,
             require_auth=True,
             auth=AuthSettings(
                 issuer_url=AnyHttpUrl("https://auth.example.com"),