Protected Resource Metadata resource erroneous when setting up authentication on server

[carlosemart]

Initial Checks

• I confirm that I'm using the latest version of MCP Python SDK
• I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue

Description

I am getting the following error when I try to enable MCP server authentication and configure it in VSCODE copilot:

Error Error sending message to http://localhost:8000/mcp: Error: Protected Resource Metadata resource "http://localhost:8000/" does not match MCP server resolved resource "http://localhost:8000/mcp". The MCP server must follow OAuth spec https://datatracker.ietf.org/doc/html/rfc9728#PRConfigurationValidation

From what I have seen, the error is caused because the metada that is returned in the endpoint "/.well-known/oauth-protected-resource" in the resource field does not match the url of the MCP server to be configured to use copilot and what is specified in the definition if they should match. You can see here https://datatracker.ietf.org/doc/html/rfc9728#PRConfigurationValidation

I have made a small snippet of code available here https://github.com/carlosemart/python-mcp-oauth-example in which you can see that the well-know answer is:

{
    "resource": "http://localhost:8000/",
    "authorization_servers": [
        "https://auth.example.com/"
    ],
    "scopes_supported": [
        "user"
    ],
    "bearer_methods_supported": [
        "header"
    ]
}

and in the resource field you should see "http://localhost:8000/mcp" which is the url that is configured in VSCODE.

Example Code

from mcp.server.auth.provider import AccessToken, TokenVerifier
from mcp.server.auth.settings import AuthSettings
from mcp.server.fastmcp import FastMCP
from pydantic import AnyHttpUrl


class SimpleTokenVerifier(TokenVerifier):
    """Simple token verifier for demonstration."""

    async def verify_token(self, token: str) -> AccessToken | None:
        return AccessToken(
            token=token,
            scopes=["user"],
        )


# Create an MCP server
mcp = FastMCP(
    "Demo",
    stateless_http=True,
    # Token verifier for authentication
    token_verifier=SimpleTokenVerifier(),
    # Auth settings for RFC 9728 Protected Resource Metadata
    auth=AuthSettings(
        issuer_url=AnyHttpUrl("https://auth.example.com"),  # Authorization Server URL
        resource_server_url=AnyHttpUrl("http://localhost:8000"),  # This server's URL
        required_scopes=["user"],
    ),
)


# Add an addition tool
@mcp.tool()
def add(a: int, b: int) -> int:
    """Add two numbers"""
    return a + b


# Add a dynamic greeting resource
@mcp.resource("greeting://{name}")
def get_greeting(name: str) -> str:
    """Get a personalized greeting"""
    return f"Hello, {name}!"


# Add a prompt
@mcp.prompt()
def greet_user(name: str, style: str = "friendly") -> str:
    """Generate a greeting prompt"""
    styles = {
        "friendly": "Please write a warm, friendly greeting",
        "formal": "Please write a formal, professional greeting",
        "casual": "Please write a casual, relaxed greeting",
    }

    return f"{styles.get(style, styles['friendly'])} for someone named {name}."


def main():
    """Entry point for the direct execution server."""
    mcp.run(transport="streamable-http")


if __name__ == "__main__":
    main()

Python & MCP Python SDK

Tested with python version 3.11.9 and 3.12.5, and MCP Python SDK 1.12.4 version

[seanhoughton]

I ran into the same problem. The workaround I'm using is to define my own well known endpoint and replace the generated one. Not ideal, but I think this is the simplest and least intrusive workaround until the problem is fixed.

async def custom_well_known_endpoint(request):
    """
    Custom .well-known/oauth-protected-resource endpoint that correctly advertises the SSE endpoint
    as the protected resource while serving the .well-known endpoint at the root.
    """
    return JSONResponse({
        "resource": f"{config.EXTERNAL_ADDRESS}/sse",
        "authorization_servers": [
            f"https://login.microsoftonline.com/{config.TENANT_ID}/v2.0"
        ],
        "scopes_supported": [
            "my_scope"
        ],
        "bearer_methods_supported": ["header"]
    })

And then add it to the routes

# Override the built-in .well-known endpoint by inserting our route at the beginning
app.router.routes.insert(0, Route("/.well-known/oauth-protected-resource", custom_well_known_endpoint, methods=["GET"]))

[JoseIbanez]

Hi @carlosemart same issue here

I think the issue is in this code:

python-sdk/src/mcp/server/fastmcp/server.py

Lines 934 to 938 in 47d35f0

	protected_resource_metadata = ProtectedResourceMetadata(
	resource=self.settings.auth.resource_server_url,
	authorization_servers=[self.settings.auth.issuer_url],
	scopes_supported=self.settings.auth.required_scopes,
	)

We could fix with:

        protected_resource_metadata = ProtectedResourceMetadata(
            resource=AnyHttpUrl(str(self.settings.auth.resource_server_url)+"mcp"),
            authorization_servers=[self.settings.auth.issuer_url],
            scopes_supported=self.settings.auth.required_scopes,
        )

My workarround is define a child class of FastMCP:

• I remove ".well-known" Route generated by the lib,
• and then I add a new one with the fixed resource value

class FixFastMCP(FastMCP):

    async def run_streamable_http_async(self) -> None:
        """Run the server using StreamableHTTP transport."""
        import uvicorn

        starlette_app = self.streamable_http_app()

        config = uvicorn.Config(
            starlette_app,
            host=self.settings.host,
            port=self.settings.port,
            log_level=self.settings.log_level.lower(),
        )

        # Remove existing Protected Resource Metadata endpoint (resource="http://localhost:8000/")
        starlette_app.router.routes = list(filter(lambda r: r.path != "/.well-known/oauth-protected-resource", starlette_app.router.routes))

        # Add OAuth 2.0 Protected Resource Metadata endpoint as per RFC 9728 (resource="http://localhost:8000/mcp")
        from mcp.server.auth.handlers.metadata import ProtectedResourceMetadataHandler
        from mcp.server.auth.routes import cors_middleware
        from mcp.shared.auth import ProtectedResourceMetadata
        from starlette.routing import Route

        protected_resource_metadata = ProtectedResourceMetadata(
            resource=AnyHttpUrl(str(self.settings.auth.resource_server_url)+"mcp"), # Real fix
            authorization_servers=[self.settings.auth.issuer_url],
            scopes_supported=self.settings.auth.required_scopes,
        )
        starlette_app.router.routes.append(
            Route(
                "/.well-known/oauth-protected-resource",
                endpoint=cors_middleware(
                    ProtectedResourceMetadataHandler(protected_resource_metadata).handle,
                    ["GET", "OPTIONS"],
                ),
                methods=["GET", "OPTIONS"],
            )
        )

        # Now run server
        server = uvicorn.Server(config)
        await server.serve()

I got VSCODE to work

[francisco-perez-sorrosal]

I had the same problem; I applied the same FastMCP-wrapper, implementing the routing workaround as @JoseIbanez / @seanhoughton and also got my authentication code working.