Skip to content

fix: add 'invalid_target' to AuthorizationErrorCode (RFC 8707)#2642

Open
siddhirajkatkar wants to merge 1 commit into
modelcontextprotocol:mainfrom
siddhirajkatkar:fix/add-invalid-target-auth-error-code
Open

fix: add 'invalid_target' to AuthorizationErrorCode (RFC 8707)#2642
siddhirajkatkar wants to merge 1 commit into
modelcontextprotocol:mainfrom
siddhirajkatkar:fix/add-invalid-target-auth-error-code

Conversation

@siddhirajkatkar
Copy link
Copy Markdown

@siddhirajkatkar siddhirajkatkar commented May 19, 2026

Fixes #2641

RFC 8707 §2 defines invalid_target as the error code for resource
indicator mismatches. Without it, AuthorizeError(error="invalid_target")
triggers a pydantic ValidationError instead of an OAuth-compliant
error response, masking the real cause with a generic server_error.

Change

Added "invalid_target" to AuthorizationErrorCode in
src/mcp/server/auth/provider.py:

AuthorizationErrorCode = Literal[
    ...
    "temporarily_unavailable",
    "invalid_target",  # RFC 8707 §2 — resource indicator mismatch
]

No other changes required — AuthorizationErrorResponse and
AuthorizeError already accept the Literal type by reference.

This also removes the # type: ignore annotations in FastMCP's
OAuthProxy that worked around this gap.

@siddhirajkatkar
fix: add 'invalid_target' to AuthorizationErrorCode (RFC 8707)
b0f9255 
RFC 8707 §2 defines 'invalid_target' as the error code for resource
indicator mismatches. Without it, AuthorizeError(error='invalid_target')
triggers a pydantic ValidationError instead of an OAuth-compliant response.

Fixes modelcontextprotocol#2641
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add invalid_target to AuthorizationErrorCode (RFC 8707)

1 participant

@siddhirajkatkar