Initial Checks
Description
Authentication providers such as Keycloak support an OAuth2 extension called JARM (JWT Secured Authorization Response Mode) which defines new values for the response_modes_supported member of the OAuthMetadata response. See https://openid.net/specs/oauth-v2-jarm.html#name-response-encoding for details.
The pydantic model for OAuthMetadata only allows certain values in the response, which causes the model construction and remainder of the auth flow to fail.
I would propose relaxing the validation such that response_modes_supported is simply a list[str].
Example Code
Python & MCP Python SDK
Initial Checks
Description
Authentication providers such as Keycloak support an OAuth2 extension called JARM (JWT Secured Authorization Response Mode) which defines new values for the
response_modes_supportedmember of the OAuthMetadata response. See https://openid.net/specs/oauth-v2-jarm.html#name-response-encoding for details.The pydantic model for OAuthMetadata only allows certain values in the response, which causes the model construction and remainder of the auth flow to fail.
I would propose relaxing the validation such that
response_modes_supportedis simply alist[str].Example Code
Python & MCP Python SDK