Tidying up types to avoid typing module, fixing type errors, updating some signatures to validation functions

Author: jerome3o-anthropic

src/mcp/server/auth/handlers/authorize.py

@@ -43,26 +43,29 @@ class AuthorizationRequest(BaseModel):
     class Config:
         extra = "ignore"
 
-def validate_scope(requested_scope: str | None, client: OAuthClientInformationFull) -> list[str] | None:
+def validate_scope(requested_scope: str | None, scope: str | None) -> list[str] | None:
     if requested_scope is None:
         return None
     requested_scopes = requested_scope.split(" ")
-    allowed_scopes = [] if client.scope is None else client.scope.split(" ")
+    allowed_scopes = [] if scope is None else scope.split(" ")
     for scope in requested_scopes:
         if scope not in allowed_scopes:
             raise InvalidRequestError(f"Client was not registered with scope {scope}")
     return requested_scopes
 
-def validate_redirect_uri(auth_request: AuthorizationRequest, client: OAuthClientInformationFull) -> AnyHttpUrl:
-    if auth_request.redirect_uri is not None:
+def validate_redirect_uri(redirect_uri: AnyHttpUrl | None, redirect_uris: list[AnyHttpUrl]) -> AnyHttpUrl:
+    if not redirect_uris:
+        raise InvalidClientError("Client has no registered redirect URIs")
+
+    if redirect_uri is not None:
         # Validate redirect_uri against client's registered redirect URIs
-        if auth_request.redirect_uri not in client.redirect_uris:
+        if redirect_uri not in redirect_uris:
             raise InvalidRequestError(
-                f"Redirect URI '{auth_request.redirect_uri}' not registered for client"
+                f"Redirect URI '{redirect_uri}' not registered for client"
             )
-        return auth_request.redirect_uri
-    elif len(client.redirect_uris) == 1:
-        return client.redirect_uris[0]
+        return redirect_uri
+    elif len(redirect_uris) == 1:
+        return redirect_uris[0]
     else:
         raise InvalidRequestError("redirect_uri must be specified when client has multiple registered URIs")
 
@@ -104,8 +107,8 @@ async def authorization_handler(request: Request) -> Response:
 
 
         # do validation which is dependent on the client configuration
-        redirect_uri = validate_redirect_uri(auth_request, client)
-        scopes = validate_scope(auth_request.scope, client)
+        redirect_uri = validate_redirect_uri(auth_request.redirect_uri, client.redirect_uris)
+        scopes = validate_scope(auth_request.scope, client.scope)
 
         auth_params = AuthorizationParams(
             state=auth_request.state,

src/mcp/server/auth/handlers/revoke.py

@@ -4,7 +4,7 @@
 Corresponds to TypeScript file: src/server/auth/handlers/revoke.ts
 """
 
-from typing import Any, Callable, Dict, Optional
+from typing import Any, Callable
 
 from starlette.requests import Request
 from starlette.responses import Response

src/mcp/server/auth/handlers/token.py

@@ -7,7 +7,7 @@
 import base64
 import hashlib
 import json
-from typing import Annotated, Any, Callable, Dict, List, Literal, Optional, Union
+from typing import Annotated, Any, Callable, Literal, Union
 
 from starlette.requests import Request
 from starlette.responses import JSONResponse
@@ -44,7 +44,7 @@ class RefreshTokenRequest(ClientAuthRequest):
     """
     grant_type: Literal["refresh_token"]
     refresh_token: str = Field(..., description="The refresh token")
-    scope: Optional[str] = Field(None, description="Optional scope parameter")
+    scope: str | None = Field(None, description="Optional scope parameter")
 
 
 class TokenRequest(RootModel):

src/mcp/server/auth/middleware/bearer_auth.py

@@ -5,7 +5,7 @@
 """
 
 import time
-from typing import List, Optional, Callable, Awaitable, cast, Dict, Any
+from typing import Any, Callable, cast
 
 from starlette.requests import HTTPConnection, Request
 from starlette.exceptions import HTTPException

src/mcp/server/auth/middleware/client_auth.py

@@ -5,7 +5,7 @@
 """
 
 import time
-from typing import Optional, Dict, Any, Callable
+from typing import Any, Callable
 
 from starlette.requests import Request
 from starlette.exceptions import HTTPException
@@ -28,7 +28,7 @@ class ClientAuthRequest(BaseModel):
     Corresponds to ClientAuthenticatedRequestSchema in src/server/auth/middleware/clientAuth.ts
     """
     client_id: str
-    client_secret: Optional[str] = None
+    client_secret: str | None = None
 
 
 class ClientAuthenticator:
@@ -94,7 +94,7 @@ def __init__(
         self.app = app
         self.client_auth = ClientAuthenticator(clients_store)
 
-    async def __call__(self, scope: Dict, receive: Callable, send: Callable) -> None:
+    async def __call__(self, scope: dict, receive: Callable, send: Callable) -> None:
         """
         Process the request and authenticate the client.
         
@@ -112,7 +112,7 @@ async def __call__(self, scope: Dict, receive: Callable, send: Callable) -> None
 
         # Add client authentication to the request
         try:
-            client = await self.client_auth(request)
+            client = await self.client_auth(ClientAuthRequest.model_validate(request))
             # Store the client in the request state
             request.state.client = client
         except HTTPException:

src/mcp/server/auth/provider.py

@@ -4,7 +4,7 @@
 Corresponds to TypeScript file: src/server/auth/provider.ts
 """
 
-from typing import Any, Dict, List, Optional, Protocol
+from typing import Any, Protocol
 from pydantic import AnyHttpUrl, BaseModel
 from starlette.responses import Response
 
@@ -18,8 +18,8 @@ class AuthorizationParams(BaseModel):
     
     Corresponds to AuthorizationParams in src/server/auth/provider.ts
     """
-    state: Optional[str] = None
-    scopes: Optional[List[str]] = None
+    state: str | None = None
+    scopes: list[str] | None = None
     code_challenge: str
     redirect_uri: AnyHttpUrl
 
@@ -31,7 +31,7 @@ class OAuthRegisteredClientsStore(Protocol):
     Corresponds to OAuthRegisteredClientsStore in src/server/auth/clients.ts
     """
 
-    async def get_client(self, client_id: str) -> Optional[OAuthClientInformationFull]:
+    async def get_client(self, client_id: str) -> OAuthClientInformationFull | None:
         """
         Retrieves client information by client ID.
         
@@ -45,7 +45,7 @@ async def get_client(self, client_id: str) -> Optional[OAuthClientInformationFul
 
     async def register_client(self, 
                              client_info: OAuthClientInformationFull
-                             ) -> Optional[OAuthClientInformationFull]:
+                             ) -> OAuthClientInformationFull | None:
         """
         Registers a new client and returns client information.
         
@@ -121,7 +121,7 @@ async def exchange_authorization_code(self,
     async def exchange_refresh_token(self, 
                                    client: OAuthClientInformationFull, 
                                    refresh_token: str, 
-                                   scopes: Optional[List[str]] = None) -> OAuthTokens:
+                                   scopes: list[str] | None = None) -> OAuthTokens:
         """
         Exchanges a refresh token for an access token.
         

src/mcp/server/auth/router.py

@@ -6,7 +6,7 @@
 
 from dataclasses import dataclass
 import re
-from typing import Dict, List, Optional, Any, Union, Callable
+from typing import Any, Callable
 from urllib.parse import urlparse
 
 from starlette.routing import Route, Router
@@ -26,7 +26,7 @@
 @dataclass
 class ClientRegistrationOptions:
     enabled: bool = False
-    client_secret_expiry_seconds: Optional[int] = None
+    client_secret_expiry_seconds: int | None = None
 
 @dataclass
 class RevocationOptions:
@@ -145,10 +145,10 @@ def create_auth_router(
 
 def build_metadata(
         issuer_url: AnyUrl,
-        service_documentation_url: Optional[AnyUrl],
+        service_documentation_url: AnyUrl | None,
         client_registration_options: ClientRegistrationOptions,
         revocation_options: RevocationOptions,
-    ) -> Dict[str, Any]:
+    ) -> dict[str, Any]:
     issuer_url_str = str(issuer_url).rstrip("/")
     # Create metadata
     metadata = {

src/mcp/server/auth/types.py

@@ -4,7 +4,6 @@
 Corresponds to TypeScript file: src/server/auth/types.ts
 """
 
-from typing import List, Optional
 from pydantic import BaseModel
 
 
@@ -16,9 +15,9 @@ class AuthInfo(BaseModel):
     """
     token: str
     client_id: str
-    scopes: List[str]
-    expires_at: Optional[int] = None
-    user_id: Optional[str] = None
+    scopes: list[str]
+    expires_at: int | None = None
+    user_id: str | None = None
 
     class Config:
         extra = "ignore"