8000 Compare redirect URIs as strings by sp94 · Pull Request #989 · modelcontextprotocol/python-sdk · GitHub
[go: up one dir, main page]
Skip to content

Compare redirect URIs as strings 8000 #989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Compare redirect URIs as strings #989

wants to merge 1 commit into from
+1 −1

Conversation

sp94
Copy link
@sp94 sp94 commented Jun 19, 2025

Motivation and Context

When testing the simple auth example server, I encountered 400 status codes from POST /token because TokenHandler.handle was evaluating token_request.redirect_uri != authorize_request_redirect_uri as True.

This occurred because token_request.redirect_uri was of type AnyUrl, while authorize_request_redirect_uri was AnyHttpUrl, and comparing these two different Pydantic types always returns False - even if the underlying URLs are the same.

(Example: AnyUrl("http://google.com") == AnyHttpUrl("http://google.com") is False.)

I believe the example auth server worked before #895 changed some AnyHttpUrls to AnyUrls in the validation code, but the example server was not updated.

How Has This Been Tested?

Tested using Claude Code as the MCP client to connect to the example server:

claude mcp add --transport sse github http://localhost:8000/sse

The auth flow succeeded only after applying this patch.

Breaking Changes

None.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

We could also update the example server to declare the redirect uri as AnyHttpUrl, but I think comparing the URIs as strings would make the validation less brittle.

@sp94
Copy link
Author
sp94 commented Jun 19, 2025

I just saw a draft PR that also addresses this: https://github.com/modelcontextprotocol/python-sdk/pull/982/files#diff-0bfdf5a468abdd078a0287db095a4ad5ebfcb04ea3e437026cdc8038c137ecab

I'll leave it to a maintainer if they want to close this or merge it in as a bug fix in the meantime

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sp94
0