MCPcopy Index your code
hub / github.com/modelcontextprotocol/python-sdk / auth_settings

Function auth_settings

tests/interaction/auth/_harness.py:180–202  ·  view source on GitHub ↗

Build `AuthSettings` for the co-hosted authorization + resource server. The issuer and resource URLs use the suite's loopback origin, which `validate_issuer_url` accepts in lieu of HTTPS. Dynamic client registration is enabled. `valid_scopes` defaults to `required_scopes` so a client re

(
    *, required_scopes: Sequence[str] = ("mcp",), valid_scopes: Sequence[str] | None = None
)

Source from the content-addressed store, hash-verified

178
179
180def auth_settings(
181 *, required_scopes: Sequence[str] = ("mcp",), valid_scopes: Sequence[str] | None = None
182) -> AuthSettings:
183 """Build `AuthSettings` for the co-hosted authorization + resource server.
184
185 The issuer and resource URLs use the suite's loopback origin, which `validate_issuer_url`
186 accepts in lieu of HTTPS. Dynamic client registration is enabled. `valid_scopes` defaults
187 to `required_scopes` so a client requesting exactly those passes registration scope
188 validation; tests pass a wider set when they need the protected-resource metadata's
189 `scopes_supported` (which mirrors `required_scopes`) to differ from what the client may
190 register or when AS metadata should advertise additional scopes such as `offline_access`.
191 """
192 required = list(required_scopes)
193 valid = list(valid_scopes) if valid_scopes is not None else required
194 return AuthSettings(
195 issuer_url=AnyHttpUrl(BASE_URL),
196 resource_server_url=AnyHttpUrl(f"{BASE_URL}/mcp"),
197 required_scopes=required,
198 client_registration_options=ClientRegistrationOptions(
199 enabled=True, valid_scopes=valid, default_scopes=required
200 ),
201 revocation_options=RevocationOptions(enabled=False),
202 )
203
204
205def oauth_client_metadata() -> OAuthClientMetadata:

Calls 3

AuthSettingsClass · 0.90
RevocationOptionsClass · 0.90