Skip to content

Make refresh_token grant type optional in DCR handler#1651

Merged
pcarleton merged 10 commits intomodelcontextprotocol:mainfrom
gazzadownunder:rfc-7591-grant-type
Jan 5, 2026
Merged

Make refresh_token grant type optional in DCR handler#1651
pcarleton merged 10 commits intomodelcontextprotocol:mainfrom
gazzadownunder:rfc-7591-grant-type

Conversation

@gazzadownunder
Copy link
Contributor

@gazzadownunder gazzadownunder commented Nov 22, 2025

Updated the Dynamic Client Registration (DCR) handler to comply with RFC 7591 by making the refresh_token grant type optional. Previously, the handler incorrectly required both authorization_code and refresh_token grant types, which was unnecessarily restrictive and non-compliant with the RFC.

Changes:

  • Modified grant_types validation to only require authorization_code
  • Updated error message to reflect the new requirement
  • Renamed test to test_client_registration_with_authorization_code_only
  • Added test for missing authorization_code (now the true error case)
  • Updated test assertions to match new validation behavior

This change improves RFC 7591 compliance and provides clients with greater flexibility in their registration options.

Github-Issue: #1650

@gazzadownunder @claude
Make refresh_token grant type optional in DCR handler
6ced33b 
Updated the Dynamic Client Registration (DCR) handler to comply with RFC 7591
by making the refresh_token grant type optional. Previously, the handler
incorrectly required both authorization_code and refresh_token grant types,
which was unnecessarily restrictive and non-compliant with the RFC.

Changes:
- Modified grant_types validation to only require authorization_code
- Updated error message to reflect the new requirement
- Renamed test to test_client_registration_with_authorization_code_only
- Added test for missing authorization_code (now the true error case)
- Updated test assertions to match new validation behavior

This change improves RFC 7591 compliance and provides clients with greater
flexibility in their registration options.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Github-Issue: modelcontextprotocol#1650
@gazzadownunder gazzadownunder mentioned this pull request Nov 22, 2025
Open
@felixweinberger felixweinberger added auth Issues and PRs related to Authentication / OAuth bug Something isn't working improves spec compliance When a change improves ability of SDK users to comply with spec definition labels Dec 9, 2025
@maxisbey maxisbey added the P2 Moderate issues affecting some users, edge cases, potentially valuable feature label Dec 31, 2025
@gazzadownunder gazzadownunder mentioned this pull request Jan 4, 2026
Closed
2 tasks
@maxisbey maxisbey requested a review from pcarleton January 5, 2026 13:39
pcarleton
pcarleton approved these changes Jan 5, 2026
View reviewed changes
Copy link
Member

@pcarleton pcarleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! agree refresh token is not required

@pcarleton pcarleton merged commit d52937b into modelcontextprotocol:main Jan 5, 2026
18 checks passed
@gazzadownunder gazzadownunder deleted the rfc-7591-grant-type branch January 5, 2026 23:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton pcarleton approved these changes

Assignees

No one assigned

Labels

auth Issues and PRs related to Authentication / OAuth bug Something isn't working improves spec compliance When a change improves ability of SDK users to comply with spec definition P2 Moderate issues affecting some users, edge cases, potentially valuable feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gazzadownunder @pcarleton @felixweinberger @maxisbey