fix: normalize OAuth redirect URI URL subtypes

Author: 冯基魁

src/mcp/shared/auth.py

@@ -84,6 +84,13 @@ class OAuthClientMetadata(BaseModel):
     software_id: str | None = None
     software_version: str | None = None
 
+    @field_validator("redirect_uris", mode="before")
+    @classmethod
+    def _coerce_redirect_uris_to_any_url(cls, v: object) -> object:
+        if isinstance(v, list):
+            return [str(item) if isinstance(item, AnyUrl) else item for item in v]
+        return v
+
     @field_validator(
         "client_uri",
         "logo_uri",

tests/shared/test_auth.py

@@ -1,9 +1,9 @@
 """Tests for OAuth 2.0 shared code."""
 
 import pytest
-from pydantic import ValidationError
+from pydantic import AnyHttpUrl, AnyUrl, ValidationError
 
-from mcp.shared.auth import OAuthClientInformationFull, OAuthClientMetadata, OAuthMetadata
+from mcp.shared.auth import InvalidRedirectUriError, OAuthClientInformationFull, OAuthClientMetadata, OAuthMetadata
 
 
 def test_oauth():
@@ -109,6 +109,21 @@ def test_valid_url_passes_through_unchanged():
     assert str(metadata.client_uri) == "https://udemy.com/"
 
 
+def test_redirect_uri_url_subtypes_are_normalized_for_validation():
+    client = OAuthClientInformationFull(
+        client_id="abc123",
+        redirect_uris=[AnyHttpUrl("https://example.com/callback")],
+    )
+
+    redirect_uri = AnyUrl("https://example.com/callback")
+    assert redirect_uri in (client.redirect_uris or [])
+    assert client.validate_redirect_uri(redirect_uri) == redirect_uri
+    assert client.model_dump(mode="json")["redirect_uris"] == ["https://example.com/callback"]
+
+    with pytest.raises(InvalidRedirectUriError):
+        client.validate_redirect_uri(AnyUrl("https://example.com/other"))
+
+
 def test_information_full_inherits_coercion():
     """OAuthClientInformationFull subclasses OAuthClientMetadata, so the
     same coercion applies to DCR responses parsed via the full model."""