Gate DCR issuer stamp on a discovered registration_endpoint

`registration_endpoint` is optional in RFC 8414 metadata, and DCR falls back
to the resource-server origin's `/register` when it is absent. Recording that
fallback registration as bound to the discovered issuer asserts a binding
that was never established, so only stamp the issuer in the DCR branch when
the discovered metadata actually carried a `registration_endpoint`. The CIMD
branch is unaffected since CIMD records are portable across authorization
servers.

Author: maxisbey

src/mcp/client/auth/oauth2.py

@@ -643,26 +643,22 @@ async def async_auth_flow(self, request: httpx.Request) -> AsyncGenerator[httpx.
 
                     # Step 4: Register client or use URL-based client ID (CIMD)
                     if not self.context.client_info:
-                        # SEP-2352: bind the credentials to the issuing AS — but only when ASM
-                        # discovery succeeded, so the registration request below actually targets
-                        # that issuer's registration_endpoint. With no metadata (discovery failed),
-                        # DCR falls back to the resource-server origin's /register; recording that
-                        # as bound to a PRM-advertised AS we never reached would persist a
-                        # mis-bound record that the binding check then accepts indefinitely.
-                        bound_issuer: str | None = None
+                        # SEP-2352: the issuer to bind these credentials to, when known.
+                        discovered_issuer: str | None = None
                         if self.context.oauth_metadata is not None:
-                            bound_issuer = self.context.auth_server_url or str(self.context.oauth_metadata.issuer)
+                            discovered_issuer = self.context.auth_server_url or str(self.context.oauth_metadata.issuer)
 
                         if should_use_client_metadata_url(
                             self.context.oauth_metadata, self.context.client_metadata_url
                         ):
-                            # Use URL-based client ID (CIMD)
+                            # Use URL-based client ID (CIMD). CIMD records are portable across
+                            # authorization servers, so the issuer stamp is informational.
                             logger.debug(f"Using URL-based client ID (CIMD): {self.context.client_metadata_url}")
                             client_information = create_client_info_from_metadata_url(
                                 self.context.client_metadata_url,  # type: ignore[arg-type]
                                 redirect_uris=self.context.client_metadata.redirect_uris,
                             )
-                            client_information.issuer = bound_issuer
+                            client_information.issuer = discovered_issuer
                             self.context.client_info = client_information
                             await self.context.storage.set_client_info(client_information)
                         else:
@@ -674,7 +670,16 @@ async def async_auth_flow(self, request: httpx.Request) -> AsyncGenerator[httpx.
                             )
                             registration_response = yield registration_request
                             client_information = await handle_registration_response(registration_response)
-                            client_information.issuer = bound_issuer
+                            # Only record the issuer when the registration above actually targeted
+                            # the discovered AS's registration_endpoint. With no metadata, or
+                            # metadata that omits registration_endpoint, DCR fell back to the
+                            # resource-server origin's /register — recording that as bound to a
+                            # PRM-advertised AS would persist a binding that was never established.
+                            if (
+                                self.context.oauth_metadata is not None
+                                and self.context.oauth_metadata.registration_endpoint is not None
+                            ):
+                                client_information.issuer = discovered_issuer
                             self.context.client_info = client_information
                             await self.context.storage.set_client_info(client_information)
 

tests/client/test_auth.py

@@ -2936,16 +2936,39 @@ async def test_issuer_binding_re_evaluated_after_asm_when_prm_discovery_failed(
 
 
 @pytest.mark.anyio
-async def test_issuer_is_not_stamped_when_registration_falls_back_after_asm_discovery_fails(
-    oauth_provider: OAuthClientProvider, mock_storage: MockTokenStorage
+@pytest.mark.parametrize(
+    "asm_responses",
+    [
+        pytest.param(
+            [httpx.Response(404), httpx.Response(404)],
+            id="asm-discovery-failed",
+        ),
+        pytest.param(
+            [
+                httpx.Response(
+                    200,
+                    content=(
+                        b'{"issuer": "https://new-as.example.com", '
+                        b'"authorization_endpoint": "https://new-as.example.com/authorize", '
+                        b'"token_endpoint": "https://new-as.example.com/token"}'
+                    ),
+                )
+            ],
+            id="asm-metadata-without-registration-endpoint",
+        ),
+    ],
+)
+async def test_issuer_is_not_stamped_when_registration_falls_back_to_the_resource_origin(
+    oauth_provider: OAuthClientProvider, mock_storage: MockTokenStorage, asm_responses: list[httpx.Response]
 ):
-    """SEP-2352: a fallback registration is not recorded as bound to an undiscovered AS.
+    """SEP-2352: a fallback registration is not recorded as bound to the PRM-advertised AS.
 
     PRM advertises a new authorization server, so the stored credentials (bound to the old
-    issuer) are discarded. ASM discovery for the new server then fails, so DCR falls back to
-    the resource-server origin's ``/register``. That registration was not derived from the new
-    AS's metadata, so persisting it as bound to the new AS would wedge the binding check on
-    later flows; instead the issuer is left unset.
+    issuer) are discarded. DCR then falls back to the resource-server origin's ``/register``
+    because the new AS's metadata either could not be discovered or omits
+    ``registration_endpoint``. That registration was not derived from the new AS's metadata,
+    so persisting it as bound to the new AS would wedge the binding check on later flows;
+    instead the issuer is left unset.
     """
     oauth_provider.context.current_tokens = None
     oauth_provider.context.token_expiry_time = None
@@ -2991,16 +3014,18 @@ async def echo_callback() -> AuthorizationCodeResult:
         request=prm_req,
     )
 
-    # ASM discovery for the new AS fails on every well-known URL.
-    asm_req = await auth_flow.asend(prm_response)
+    # ASM discovery for the new AS yields no usable registration_endpoint — either every
+    # well-known URL 404s, or metadata is returned without one.
+    next_req = await auth_flow.asend(prm_response)
     assert oauth_provider.context.client_info is None
     assert oauth_provider.context.oauth_metadata is None
-    assert str(asm_req.url) == "https://new-as.example.com/.well-known/oauth-authorization-server"
-    asm_req = await auth_flow.asend(httpx.Response(404, request=asm_req))
-    assert str(asm_req.url) == "https://new-as.example.com/.well-known/openid-configuration"
+    assert str(next_req.url) == "https://new-as.example.com/.well-known/oauth-authorization-server"
+    for asm_response in asm_responses:
+        asm_response.request = next_req
+        next_req = await auth_flow.asend(asm_response)
 
     # Step 4 falls back to the resource-server origin's /register.
-    dcr_req = await auth_flow.asend(httpx.Response(404, request=asm_req))
+    dcr_req = next_req
     assert dcr_req.method == "POST"
     assert str(dcr_req.url) == "https://api.example.com/register"
     dcr_response = httpx.Response(