Merge branch 'main' into rfc-7591-grant-type

Author: gazzadownunder

README.md

@@ -948,8 +948,9 @@ async def generate_poem(topic: str, ctx: Context[ServerSession, None]) -> str:
         max_tokens=100,
     )
 
-    if all(c.type == "text" for c in result.content_as_list):
-        return "\n".join(c.text for c in result.content_as_list if c.type == "text")
+    # Since we're not passing tools param, result.content is single content
+    if result.content.type == "text":
+        return result.content.text
     return str(result.content)
 ```
 

examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py

@@ -7,22 +7,58 @@
 fetching the authorization URL and extracting the auth code from the redirect.
 
 Usage:
-    python -m mcp_conformance_auth_client <server-url>
+    python -m mcp_conformance_auth_client <scenario> <server-url>
+
+Environment Variables:
+    MCP_CONFORMANCE_CONTEXT - JSON object containing test credentials:
+        {
+            "client_id": "...",
+            "client_secret": "...",       # For client_secret_basic flow
+            "private_key_pem": "...",     # For private_key_jwt flow
+            "signing_algorithm": "ES256"  # Optional, defaults to ES256
+        }
+
+Scenarios:
+    auth/*                      - Authorization code flow scenarios (default behavior)
+    auth/client-credentials-jwt   - Client credentials with JWT authentication (SEP-1046)
+    auth/client-credentials-basic - Client credentials with client_secret_basic
 """
 
 import asyncio
+import json
 import logging
+import os
 import sys
 from datetime import timedelta
 from urllib.parse import ParseResult, parse_qs, urlparse
 
 import httpx
 from mcp import ClientSession
 from mcp.client.auth import OAuthClientProvider, TokenStorage
+from mcp.client.auth.extensions.client_credentials import (
+    ClientCredentialsOAuthProvider,
+    PrivateKeyJWTOAuthProvider,
+    SignedJWTParameters,
+)
 from mcp.client.streamable_http import streamablehttp_client
 from mcp.shared.auth import OAuthClientInformationFull, OAuthClientMetadata, OAuthToken
 from pydantic import AnyUrl
 
+
+def get_conformance_context() -> dict:
+    """Load conformance test context from MCP_CONFORMANCE_CONTEXT environment variable."""
+    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")
+    if not context_json:
+        raise RuntimeError(
+            "MCP_CONFORMANCE_CONTEXT environment variable not set. "
+            "Expected JSON with client_id, client_secret, and/or private_key_pem."
+        )
+    try:
+        return json.loads(context_json)
+    except json.JSONDecodeError as e:
+        raise RuntimeError(f"Failed to parse MCP_CONFORMANCE_CONTEXT as JSON: {e}") from e
+
+
 # Set up logging to stderr (stdout is for conformance test output)
 logging.basicConfig(
     level=logging.DEBUG,
@@ -111,17 +147,17 @@ async def handle_callback(self) -> tuple[str, str | None]:
         return auth_code, state
 
 
-async def run_client(server_url: str) -> None:
+async def run_authorization_code_client(server_url: str) -> None:
     """
-    Run the conformance test client against the given server URL.
+    Run the conformance test client with authorization code flow.
 
     This function:
-    1. Connects to the MCP server with OAuth authentication
+    1. Connects to the MCP server with OAuth authorization code flow
     2. Initializes the session
     3. Lists available tools
     4. Calls a test tool
     """
-    logger.debug(f"Starting conformance auth client for {server_url}")
+    logger.debug(f"Starting conformance auth client (authorization_code) for {server_url}")
 
     # Create callback handler that will automatically fetch auth codes
     callback_handler = ConformanceOAuthCallbackHandler()
@@ -140,6 +176,89 @@ async def run_client(server_url: str) -> None:
         callback_handler=callback_handler.handle_callback,
     )
 
+    await _run_session(server_url, oauth_auth)
+
+
+async def run_client_credentials_jwt_client(server_url: str) -> None:
+    """
+    Run the conformance test client with client credentials flow using private_key_jwt (SEP-1046).
+
+    This function:
+    1. Connects to the MCP server with OAuth client_credentials grant
+    2. Uses private_key_jwt authentication with credentials from MCP_CONFORMANCE_CONTEXT
+    3. Initializes the session
+    4. Lists available tools
+    5. Calls a test tool
+    """
+    logger.debug(f"Starting conformance auth client (client_credentials_jwt) for {server_url}")
+
+    # Load credentials from environment
+    context = get_conformance_context()
+    client_id = context.get("client_id")
+    private_key_pem = context.get("private_key_pem")
+    signing_algorithm = context.get("signing_algorithm", "ES256")
+
+    if not client_id:
+        raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'client_id'")
+    if not private_key_pem:
+        raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'private_key_pem'")
+
+    # Create JWT parameters for SDK-signed assertions
+    jwt_params = SignedJWTParameters(
+        issuer=client_id,
+        subject=client_id,
+        signing_algorithm=signing_algorithm,
+        signing_key=private_key_pem,
+    )
+
+    # Create OAuth provider for client_credentials with private_key_jwt
+    oauth_auth = PrivateKeyJWTOAuthProvider(
+        server_url=server_url,
+        storage=InMemoryTokenStorage(),
+        client_id=client_id,
+        assertion_provider=jwt_params.create_assertion_provider(),
+    )
+
+    await _run_session(server_url, oauth_auth)
+
+
+async def run_client_credentials_basic_client(server_url: str) -> None:
+    """
+    Run the conformance test client with client credentials flow using client_secret_basic.
+
+    This function:
+    1. Connects to the MCP server with OAuth client_credentials grant
+    2. Uses client_secret_basic authentication with credentials from MCP_CONFORMANCE_CONTEXT
+    3. Initializes the session
+    4. Lists available tools
+    5. Calls a test tool
+    """
+    logger.debug(f"Starting conformance auth client (client_credentials_basic) for {server_url}")
+
+    # Load credentials from environment
+    context = get_conformance_context()
+    client_id = context.get("client_id")
+    client_secret = context.get("client_secret")
+
+    if not client_id:
+        raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'client_id'")
+    if not client_secret:
+        raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'client_secret'")
+
+    # Create OAuth provider for client_credentials with client_secret_basic
+    oauth_auth = ClientCredentialsOAuthProvider(
+        server_url=server_url,
+        storage=InMemoryTokenStorage(),
+        client_id=client_id,
+        client_secret=client_secret,
+        token_endpoint_auth_method="client_secret_basic",
+    )
+
+    await _run_session(server_url, oauth_auth)
+
+
+async def _run_session(server_url: str, oauth_auth: OAuthClientProvider) -> None:
+    """Common session logic for all OAuth flows."""
     # Connect using streamable HTTP transport with OAuth
     async with streamablehttp_client(
         url=server_url,
@@ -168,14 +287,26 @@ async def run_client(server_url: str) -> None:
 
 def main() -> None:
     """Main entry point for the conformance auth client."""
-    if len(sys.argv) != 2:
-        print(f"Usage: {sys.argv[0]} <server-url>", file=sys.stderr)
+    if len(sys.argv) != 3:
+        print(f"Usage: {sys.argv[0]} <scenario> <server-url>", file=sys.stderr)
+        print("", file=sys.stderr)
+        print("Scenarios:", file=sys.stderr)
+        print("  auth/*                        - Authorization code flow (default)", file=sys.stderr)
+        print("  auth/client-credentials-jwt   - Client credentials with JWT auth (SEP-1046)", file=sys.stderr)
+        print("  auth/client-credentials-basic - Client credentials with client_secret_basic", file=sys.stderr)
         sys.exit(1)
 
-    server_url = sys.argv[1]
+    scenario = sys.argv[1]
+    server_url = sys.argv[2]
 
     try:
-        asyncio.run(run_client(server_url))
+        if scenario == "auth/client-credentials-jwt":
+            asyncio.run(run_client_credentials_jwt_client(server_url))
+        elif scenario == "auth/client-credentials-basic":
+            asyncio.run(run_client_credentials_basic_client(server_url))
+        else:
+            # Default to authorization code flow for all other auth/* scenarios
+            asyncio.run(run_authorization_code_client(server_url))
     except Exception:
         logger.exception("Client failed")
         sys.exit(1)

examples/clients/sse-polling-client/README.md

@@ -0,0 +1,30 @@
+# MCP SSE Polling Demo Client
+
+Demonstrates client-side auto-reconnect for the SSE polling pattern (SEP-1699).
+
+## Features
+
+- Connects to SSE polling demo server
+- Automatically reconnects when server closes SSE stream
+- Resumes from Last-Event-ID to avoid missing messages
+- Respects server-provided retry interval
+
+## Usage
+
+```bash
+# First start the server:
+uv run mcp-sse-polling-demo --port 3000
+
+# Then run this client:
+uv run mcp-sse-polling-client --url http://localhost:3000/mcp
+
+# Custom options:
+uv run mcp-sse-polling-client --url http://localhost:3000/mcp --items 20 --checkpoint-every 5
+```
+
+## Options
+
+- `--url`: Server URL (default: <http://localhost:3000/mcp>)
+- `--items`: Number of items to process (default: 10)
+- `--checkpoint-every`: Checkpoint interval (default: 3)
+- `--log-level`: Logging level (default: DEBUG)

examples/clients/sse-polling-client/mcp_sse_polling_client/__init__.py

@@ -0,0 +1 @@
+"""SSE Polling Demo Client - demonstrates auto-reconnect for long-running tasks."""

examples/clients/sse-polling-client/mcp_sse_polling_client/main.py

@@ -0,0 +1,105 @@
+"""
+SSE Polling Demo Client
+
+Demonstrates the client-side auto-reconnect for SSE polling pattern.
+
+This client connects to the SSE Polling Demo server and calls process_batch,
+which triggers periodic server-side stream closes. The client automatically
+reconnects using Last-Event-ID and resumes receiving messages.
+
+Run with:
+    # First start the server:
+    uv run mcp-sse-polling-demo --port 3000
+
+    # Then run this client:
+    uv run mcp-sse-polling-client --url http://localhost:3000/mcp
+"""
+
+import asyncio
+import logging
+
+import click
+from mcp import ClientSession
+from mcp.client.streamable_http import streamablehttp_client
+
+logger = logging.getLogger(__name__)
+
+
+async def run_demo(url: str, items: int, checkpoint_every: int) -> None:
+    """Run the SSE polling demo."""
+    print(f"\n{'=' * 60}")
+    print("SSE Polling Demo Client")
+    print(f"{'=' * 60}")
+    print(f"Server URL: {url}")
+    print(f"Processing {items} items with checkpoints every {checkpoint_every}")
+    print(f"{'=' * 60}\n")
+
+    async with streamablehttp_client(url) as (read_stream, write_stream, _):
+        async with ClientSession(read_stream, write_stream) as session:
+            # Initialize the connection
+            print("Initializing connection...")
+            await session.initialize()
+            print("Connected!\n")
+
+            # List available tools
+            tools = await session.list_tools()
+            print(f"Available tools: {[t.name for t in tools.tools]}\n")
+
+            # Call the process_batch tool
+            print(f"Calling process_batch(items={items}, checkpoint_every={checkpoint_every})...\n")
+            print("-" * 40)
+
+            result = await session.call_tool(
+                "process_batch",
+                {
+                    "items": items,
+                    "checkpoint_every": checkpoint_every,
+                },
+            )
+
+            print("-" * 40)
+            if result.content:
+                content = result.content[0]
+                text = getattr(content, "text", str(content))
+                print(f"\nResult: {text}")
+            else:
+                print("\nResult: No content")
+            print(f"{'=' * 60}\n")
+
+
+@click.command()
+@click.option(
+    "--url",
+    default="http://localhost:3000/mcp",
+    help="Server URL",
+)
+@click.option(
+    "--items",
+    default=10,
+    help="Number of items to process",
+)
+@click.option(
+    "--checkpoint-every",
+    default=3,
+    help="Checkpoint interval",
+)
+@click.option(
+    "--log-level",
+    default="INFO",
+    help="Logging level",
+)
+def main(url: str, items: int, checkpoint_every: int, log_level: str) -> None:
+    """Run the SSE Polling Demo client."""
+    logging.basicConfig(
+        level=getattr(logging, log_level.upper()),
+        format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+    )
+    # Suppress noisy HTTP client logging
+    logging.getLogger("httpx").setLevel(logging.WARNING)
+    logging.getLogger("httpcore").setLevel(logging.WARNING)
+
+    asyncio.run(run_demo(url, items, checkpoint_every))
+
+
+if __name__ == "__main__":
+    main()

examples/clients/sse-polling-client/pyproject.toml

@@ -0,0 +1,36 @@
+[project]
+name = "mcp-sse-polling-client"
+version = "0.1.0"
+description = "Demo client for SSE polling with auto-reconnect"
+readme = "README.md"
+requires-python = ">=3.10"
+authors = [{ name = "Anthropic, PBC." }]
+keywords = ["mcp", "sse", "polling", "client"]
+license = { text = "MIT" }
+dependencies = ["click>=8.2.0", "mcp"]
+
+[project.scripts]
+mcp-sse-polling-client = "mcp_sse_polling_client.main:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["mcp_sse_polling_client"]
+
+[tool.pyright]
+include = ["mcp_sse_polling_client"]
+venvPath = "."
+venv = ".venv"
+
+[tool.ruff.lint]
+select = ["E", "F", "I"]
+ignore = []
+
+[tool.ruff]
+line-length = 120
+target-version = "py310"
+
+[dependency-groups]
+dev = ["pyright>=1.1.378", "pytest>=8.3.3", "ruff>=0.6.9"]