Use new simplified OAuth providers in conformance client

pcarleton · pcarleton · commit 495ea7f5b836 · 2025-11-25T15:51:16.000Z
Update conformance auth client to use the new providers:
- ClientCredentialsOAuthProvider for client_secret_basic flow
- PrivateKeyJWTOAuthProvider with SignedJWTParameters for private_key_jwt flow

This removes usage of the deprecated RFC7523OAuthClientProvider.
diff --git a/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py b/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py
@@ -35,7 +35,11 @@
 import httpx
 from mcp import ClientSession
 from mcp.client.auth import OAuthClientProvider, TokenStorage
-from mcp.client.auth.extensions.client_credentials import JWTParameters, RFC7523OAuthClientProvider
+from mcp.client.auth.extensions.client_credentials import (
+    ClientCredentialsOAuthProvider,
+    PrivateKeyJWTOAuthProvider,
+    SignedJWTParameters,
+)
 from mcp.client.streamable_http import streamablehttp_client
 from mcp.shared.auth import OAuthClientInformationFull, OAuthClientMetadata, OAuthToken
 from pydantic import AnyUrl
@@ -198,32 +202,21 @@ async def run_client_credentials_jwt_client(server_url: str) -> None:
     if not private_key_pem:
         raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'private_key_pem'")
 
-    # Create JWT parameters for private_key_jwt authentication
-    jwt_params = JWTParameters(
+    # Create JWT parameters for SDK-signed assertions
+    jwt_params = SignedJWTParameters(
         issuer=client_id,
         subject=client_id,
-        jwt_signing_algorithm=signing_algorithm,
-        jwt_signing_key=private_key_pem,
+        signing_algorithm=signing_algorithm,
+        signing_key=private_key_pem,
     )
 
-    # Create OAuth authentication handler for client_credentials flow
-    # Note: redirect_uris is required by the model but not used in client_credentials flow
-    import warnings
-
-    with warnings.catch_warnings():
-        warnings.simplefilter("ignore", DeprecationWarning)
-        oauth_auth = RFC7523OAuthClientProvider(
-            server_url=server_url,
-            client_metadata=OAuthClientMetadata(
-                client_name=client_id,
-                redirect_uris=[AnyUrl("http://localhost:0/unused")],  # Required but unused
-                grant_types=["client_credentials"],
-                response_types=[],
-                token_endpoint_auth_method="private_key_jwt",
-            ),
-            storage=InMemoryTokenStorage(),
-            jwt_parameters=jwt_params,
-        )
+    # Create OAuth provider for client_credentials with private_key_jwt
+    oauth_auth = PrivateKeyJWTOAuthProvider(
+        server_url=server_url,
+        storage=InMemoryTokenStorage(),
+        client_id=client_id,
+        assertion_provider=jwt_params.create_assertion_provider(),
+    )
 
     await _run_session(server_url, oauth_auth)
 
@@ -251,34 +244,15 @@ async def run_client_credentials_basic_client(server_url: str) -> None:
     if not client_secret:
         raise RuntimeError("MCP_CONFORMANCE_CONTEXT missing 'client_secret'")
 
-    # Create storage pre-populated with client credentials
-    storage = InMemoryTokenStorage()
-    await storage.set_client_info(
-        OAuthClientInformationFull(
-            client_id=client_id,
-            client_secret=client_secret,
-            redirect_uris=[AnyUrl("http://localhost:0/unused")],
-            token_endpoint_auth_method="client_secret_basic",
-        )
+    # Create OAuth provider for client_credentials with client_secret_basic
+    oauth_auth = ClientCredentialsOAuthProvider(
+        server_url=server_url,
+        storage=InMemoryTokenStorage(),
+        client_id=client_id,
+        client_secret=client_secret,
+        token_endpoint_auth_method="client_secret_basic",
     )
 
-    # Create OAuth authentication handler for client_credentials flow with basic auth
-    import warnings
-
-    with warnings.catch_warnings():
-        warnings.simplefilter("ignore", DeprecationWarning)
-        oauth_auth = RFC7523OAuthClientProvider(
-            server_url=server_url,
-            client_metadata=OAuthClientMetadata(
-                client_name=client_id,
-                redirect_uris=[AnyUrl("http://localhost:0/unused")],  # Required but unused
-                grant_types=["client_credentials"],
-                response_types=[],
-                token_endpoint_auth_method="client_secret_basic",
-            ),
-            storage=storage,
-        )
-
     await _run_session(server_url, oauth_auth)
 
 
