Revert JWTParameters to match main for cleaner diff

Author: pcarleton

src/mcp/client/auth/extensions/client_credentials.py

@@ -324,15 +324,12 @@ async def _exchange_token_client_credentials(self) -> httpx.Request:
 
 
 class JWTParameters(BaseModel):
-    """JWT parameters for RFC7523OAuthClientProvider.
-
-    This class supports both pre-built JWTs and SDK-signed JWTs.
-    """
+    """JWT parameters."""
 
     assertion: str | None = Field(
         default=None,
-        description="Pre-built JWT assertion. If provided, will be used directly "
-        "instead of generating a new assertion.",
+        description="JWT assertion for JWT authentication. "
+        "Will be used instead of generating a new assertion if provided.",
     )
 
     issuer: str | None = Field(default=None, description="Issuer for JWT assertions.")
@@ -345,36 +342,37 @@ class JWTParameters(BaseModel):
 
     def to_assertion(self, with_audience_fallback: str | None = None) -> str:
         if self.assertion is not None:
-            # Pre-built JWT (e.g. acquired out-of-band)
-            return self.assertion
-
-        if not self.jwt_signing_key:
-            raise OAuthFlowError("Missing signing key for JWT bearer grant")  # pragma: no cover
-        if not self.issuer:
-            raise OAuthFlowError("Missing issuer for JWT bearer grant")  # pragma: no cover
-        if not self.subject:
-            raise OAuthFlowError("Missing subject for JWT bearer grant")  # pragma: no cover
-
-        audience = self.audience if self.audience else with_audience_fallback
-        if not audience:
-            raise OAuthFlowError("Missing audience for JWT bearer grant")  # pragma: no cover
-
-        now = int(time.time())
-        claims: dict[str, Any] = {
-            "iss": self.issuer,
-            "sub": self.subject,
-            "aud": audience,
-            "exp": now + self.jwt_lifetime_seconds,
-            "iat": now,
-            "jti": str(uuid4()),
-        }
-        claims.update(self.claims or {})
+            # Prebuilt JWT (e.g. acquired out-of-band)
+            assertion = self.assertion
+        else:
+            if not self.jwt_signing_key:
+                raise OAuthFlowError("Missing signing key for JWT bearer grant")  # pragma: no cover
+            if not self.issuer:
+                raise OAuthFlowError("Missing issuer for JWT bearer grant")  # pragma: no cover
+            if not self.subject:
+                raise OAuthFlowError("Missing subject for JWT bearer grant")  # pragma: no cover
 
-        return jwt.encode(
-            claims,
-            self.jwt_signing_key,
-            algorithm=self.jwt_signing_algorithm or "RS256",
-        )
+            audience = self.audience if self.audience else with_audience_fallback
+            if not audience:
+                raise OAuthFlowError("Missing audience for JWT bearer grant")  # pragma: no cover
+
+            now = int(time.time())
+            claims: dict[str, Any] = {
+                "iss": self.issuer,
+                "sub": self.subject,
+                "aud": audience,
+                "exp": now + self.jwt_lifetime_seconds,
+                "iat": now,
+                "jti": str(uuid4()),
+            }
+            claims.update(self.claims or {})
+
+            assertion = jwt.encode(
+                claims,
+                self.jwt_signing_key,
+                algorithm=self.jwt_signing_algorithm or "RS256",
+            )
+        return assertion
 
 
 class RFC7523OAuthClientProvider(OAuthClientProvider):