Lint

modelcontextprotocol · ihrpr · May 1, 2025 · Mar 6, 2025 · Mar 6, 2025 · Mar 7, 2025
commit 765efb6a096ef187c103f5a95f5d3423885514b5
diff --git a/src/mcp/server/auth/handlers/token.py b/src/mcp/server/auth/handlers/token.py
@@ -55,7 +55,10 @@ async def token_handler(request: Request):
         client_info = await client_authenticator(token_request)
 
         if token_request.grant_type not in client_info.grant_types:
-            raise InvalidRequestError(f"Unsupported grant type (supported grant types are {client_info.grant_types})")
+            raise InvalidRequestError(
+                f"Unsupported grant type (supported grant types are "
+                f"{client_info.grant_types})"
+            )
 
         tokens: OAuthTokens
 

diff --git a/src/mcp/server/auth/middleware/client_auth.py b/src/mcp/server/auth/middleware/client_auth.py
@@ -22,7 +22,8 @@ class ClientAuthRequest(BaseModel):
     """
     Model for client authentication request body.
 
-    Corresponds to ClientAuthenticatedRequestSchema in src/server/auth/middleware/clientAuth.ts
+    Corresponds to ClientAuthenticatedRequestSchema in 
+    src/server/auth/middleware/clientAuth.ts
     """
 
     client_id: str
@@ -31,12 +32,14 @@ class ClientAuthRequest(BaseModel):
 
 class ClientAuthenticator:
     """
-    ClientAuthenticator is a callable which validates requests from a client application,
+    ClientAuthenticator is a callable which validates requests from a client 
+    application,
     used to verify /token and /revoke calls.
-    If, during registration, the client requested to be issued a secret, the authenticator
-    asserts that /token and /register calls must be authenticated with that same token.
-    NOTE: clients can opt for no authentication during registration, in which case this logic
-    is skipped.
+    If, during registration, the client requested to be issued a secret, the 
+    authenticator asserts that /token and /register calls must be authenticated with 
+    that same token.
+    NOTE: clients can opt for no authentication during registration, in which case this 
+    logic is skipped.
     """
     def __init__(self, clients_store: OAuthRegisteredClientsStore):
         """
@@ -53,7 +56,8 @@ async def __call__(self, request: ClientAuthRequest) -> OAuthClientInformationFu
         if not client:
             raise InvalidClientError("Invalid client_id")
 
-        # If client from the store expects a secret, validate that the request provides that secret
+        # If client from the store expects a secret, validate that the request provides
+        # that secret
         if client.client_secret:
             if not request.client_secret:
                 raise InvalidClientError("Client secret is required")

diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
@@ -81,9 +81,11 @@ async def create_authorization_code(
         self, client: OAuthClientInformationFull, params: AuthorizationParams
     ) -> str:
         """
-        Generates and stores an authorization code as part of completing the /authorize OAuth step.
+        Generates and stores an authorization code as part of completing the /authorize 
+        OAuth step.
 
-        Implementations SHOULD generate an authorization code with at least 160 bits of entropy,
+        Implementations SHOULD generate an authorization code with at least 160 bits of 
+        entropy,
         and MUST generate an authorization code with at least 128 bits of entropy.
         See https://datatracker.ietf.org/doc/html/rfc6749#section-10.10.
         """

diff --git a/src/mcp/server/fastmcp/server.py b/src/mcp/server/fastmcp/server.py
@@ -494,7 +494,6 @@ def starlette_app(self) -> Starlette:
 
         async def handle_sse(request) -> EventSourceResponse:
             # Add client ID from auth context into request context if available
-            request_meta = {}
 
             async with sse.connect_sse(
                 request.scope, request.receive, request._send

diff --git a/src/mcp/server/sse.py b/src/mcp/server/sse.py
@@ -132,7 +132,8 @@ async def sse_writer():
             logger.debug("Yielding read and write streams")
             # TODO: hold on; shouldn't we be returning the EventSourceResponse?
             # I think this is why the tests hang
-            # TODO: we probably shouldn't return response here, since it's a breaking change
+            # TODO: we probably shouldn't return response here, since it's a breaking 
+            # change
             # this is just to test
             yield (read_stream, write_stream, response)
 

diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
@@ -43,16 +43,20 @@ class OAuthClientMetadata(BaseModel):
     """
 
     redirect_uris: List[AnyHttpUrl] = Field(..., min_length=1)
-    # token_endpoint_auth_method: this implementation only supports none & client_secret_basic;
+    # token_endpoint_auth_method: this implementation only supports none & 
+    # client_secret_basic;
     # ie: we do not support client_secret_post
-    token_endpoint_auth_method: Literal["none", "client_secret_basic"] = "client_secret_basic"
+    token_endpoint_auth_method: Literal["none", "client_secret_basic"] = \
+        "client_secret_basic"
     # grant_types: this implementation only supports authorization_code & refresh_token
-    grant_types: List[Literal["authorization_code", "refresh_token"]] = ["authorization_code"]
+    grant_types: List[Literal["authorization_code", "refresh_token"]] = \
+        ["authorization_code"]
     # this implementation only supports code; ie: it does not support implicit grants
     response_types: List[Literal["code"]] = ["code"]
     scope: Optional[str] = None
 
-    # these fields are currently unused, but we support & store them for potential future use
+    # these fields are currently unused, but we support & store them for potential 
+    # future use
     client_name: Optional[str] = None
     client_uri: Optional[AnyHttpUrl] = None
     logo_uri: Optional[AnyHttpUrl] = None

diff --git a/tests/server/fastmcp/auth/streaming_asgi_transport.py b/tests/server/fastmcp/auth/streaming_asgi_transport.py
@@ -161,8 +161,8 @@ async def process_messages() -> None:
                 response_complete.set()
 
         # Create tasks for running the app and processing messages
-        app_task = asyncio.create_task(run_app())
-        process_task = asyncio.create_task(process_messages())
+        asyncio.create_task(run_app())
+        asyncio.create_task(process_messages())
 
         # Wait for the initial response or timeout
         await initial_response_ready.wait()

diff --git a/tests/server/fastmcp/auth/test_auth_integration.py b/tests/server/fastmcp/auth/test_auth_integration.py
@@ -324,7 +324,9 @@ async def test_client_registration(
         assert client_info["redirect_uris"] == ["https://client.example.com/callback"]
 
         # Verify that the client was registered
-        # assert await mock_oauth_provider.clients_store.get_client(client_info["client_id"]) is not None
+        # assert await mock_oauth_provider.clients_store.get_client(
+        #     client_info["client_id"]
+        # ) is not None
 
     @pytest.mark.anyio
     async def test_authorization_flow(
@@ -553,7 +555,8 @@ def test_tool(x: int) -> str:
             assert sse.data.startswith("/messages/?session_id=")
             messages_uri = sse.data
 
-            # verify that we can now post to the /messages endpoint, and get a response on the /sse endpoint
+            # verify that we can now post to the /messages endpoint, and get a response
+            # on the /sse endpoint
             response = await test_client.post(
                 messages_uri,
                 headers={"Authorization": authorization},