Skip to content

fix: continue auth discovery after invalid JSON#2217

Open
he-yufeng wants to merge 2 commits into
modelcontextprotocol:mainfrom
he-yufeng:fix/oauth-discovery-invalid-json-fallback
Open

fix: continue auth discovery after invalid JSON#2217
he-yufeng wants to merge 2 commits into
modelcontextprotocol:mainfrom
he-yufeng:fix/oauth-discovery-invalid-json-fallback

Conversation

@he-yufeng
Copy link
Copy Markdown

@he-yufeng he-yufeng commented May 30, 2026

Summary

When the OAuth authorization-server metadata endpoint responds with 200 OK but the body is not JSON, discovery currently stops on the JSON parse error. That prevents the client from trying the next well-known URL, including the OIDC metadata fallback.

This treats an unreadable discovery body the same way as an unavailable discovery endpoint and continues to the next candidate URL. Schema validation errors still surface once a JSON document is actually parsed.

Fixes #2126.

Tested

  • pnpm --filter @modelcontextprotocol/client test -- test/client/auth.test.ts
  • pnpm --filter @modelcontextprotocol/client typecheck
  • pnpm --filter @modelcontextprotocol/client lint
  • pnpm --filter @modelcontextprotocol/client build
  • git diff --check

The repository pre-push hook also ran pnpm -r build, pnpm -r typecheck, and pnpm lint:all successfully.

@he-yufeng he-yufeng requested a review from a team as a code owner May 30, 2026 22:01
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 30, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 9f7b870

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@modelcontextprotocol/client Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented May 30, 2026
edited
Loading

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@2217

@modelcontextprotocol/codemod

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/codemod@2217

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@2217

@modelcontextprotocol/server-legacy

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server-legacy@2217

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@2217

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/fastify@2217

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@2217

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@2217

commit: 9f7b870

This was referenced Jun 3, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OAuth AS metadata discovery crashes on 200 OK + non-JSON response instead of falling back to OIDC

1 participant

@he-yufeng