From b0f92551795e80af17aa978ff9bbde6d2b0a5cd2 Mon Sep 17 00:00:00 2001
From: siddhirajkatkar <siddhirajkatkar7707@gmail.com>
Date: Tue, 19 May 2026 08:51:24 +0530
Subject: [PATCH] fix: add 'invalid_target' to AuthorizationErrorCode (RFC
 8707)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RFC 8707 §2 defines 'invalid_target' as the error code for resource
indicator mismatches. Without it, AuthorizeError(error='invalid_target')
triggers a pydantic ValidationError instead of an OAuth-compliant response.

Fixes #2641
---
 src/mcp/server/auth/provider.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
index 957082a854..cba4dc21d1 100644
--- a/src/mcp/server/auth/provider.py
+++ b/src/mcp/server/auth/provider.py
@@ -64,6 +64,7 @@ class RegistrationError(Exception):
     "invalid_scope",
     "server_error",
     "temporarily_unavailable",
+    "invalid_target",  # RFC 8707 §2 — resource indicator mismatch
 ]