From 57ea68076fb32f6ec3a7fb62611b02445120968a Mon Sep 17 00:00:00 2001
From: Yann Jouanin <yann.jouanin@valueandco.com>
Date: Fri, 1 Aug 2025 09:49:53 +0200
Subject: [PATCH 1/3] Fix : token_endpoint_auth_signing_alg_values_supported is
 a json array

---
 src/mcp/shared/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
index 33878ee15..d03d7edc2 100644
--- a/src/mcp/shared/auth.py
+++ b/src/mcp/shared/auth.py
@@ -117,7 +117,7 @@ class OAuthMetadata(BaseModel):
     response_modes_supported: list[Literal["query", "fragment", "form_post"]] | None = None
     grant_types_supported: list[str] | None = None
     token_endpoint_auth_methods_supported: list[str] | None = None
-    token_endpoint_auth_signing_alg_values_supported: None = None
+    token_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     service_documentation: AnyHttpUrl | None = None
     ui_locales_supported: list[str] | None = None
     op_policy_uri: AnyHttpUrl | None = None

From fee41429dfec775c76aff8cb435c3224eded5a77 Mon Sep 17 00:00:00 2001
From: Yann Jouanin <yann.jouanin@valueandco.com>
Date: Fri, 1 Aug 2025 15:51:43 +0200
Subject: [PATCH 2/3] fix : update all OAuthMetadata alg_values fields

---
 src/mcp/shared/auth.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
index d03d7edc2..f56a9da54 100644
--- a/src/mcp/shared/auth.py
+++ b/src/mcp/shared/auth.py
@@ -117,17 +117,17 @@ class OAuthMetadata(BaseModel):
     response_modes_supported: list[Literal["query", "fragment", "form_post"]] | None = None
     grant_types_supported: list[str] | None = None
     token_endpoint_auth_methods_supported: list[str] | None = None
-    token_endpoint_auth_signing_alg_values_supported: list[str] | None = None
+    token_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
     service_documentation: AnyHttpUrl | None = None
     ui_locales_supported: list[str] | None = None
     op_policy_uri: AnyHttpUrl | None = None
     op_tos_uri: AnyHttpUrl | None = None
     revocation_endpoint: AnyHttpUrl | None = None
     revocation_endpoint_auth_methods_supported: list[str] | None = None
-    revocation_endpoint_auth_signing_alg_values_supported: None = None
+    revocation_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
     introspection_endpoint: AnyHttpUrl | None = None
     introspection_endpoint_auth_methods_supported: list[str] | None = None
-    introspection_endpoint_auth_signing_alg_values_supported: None = None
+    introspection_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
     code_challenge_methods_supported: list[str] | None = None
 
 

From 8b076a0292a400bbd933d98357409b008e498e83 Mon Sep 17 00:00:00 2001
From: yannj-fr <4557670+yannj-fr@users.noreply.github.com>
Date: Tue, 5 Aug 2025 19:28:14 +0200
Subject: [PATCH 3/3] switch Literal to str in alg verification

---
 src/mcp/shared/auth.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/mcp/shared/auth.py b/src/mcp/shared/auth.py
index 8ba20a7b4..9dcd1f027 100644
--- a/src/mcp/shared/auth.py
+++ b/src/mcp/shared/auth.py
@@ -117,17 +117,17 @@ class OAuthMetadata(BaseModel):
     response_modes_supported: list[Literal["query", "fragment", "form_post"]] | None = None
     grant_types_supported: list[str] | None = None
     token_endpoint_auth_methods_supported: list[str] | None = None
-    token_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
+    token_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     service_documentation: AnyHttpUrl | None = None
     ui_locales_supported: list[str] | None = None
     op_policy_uri: AnyHttpUrl | None = None
     op_tos_uri: AnyHttpUrl | None = None
     revocation_endpoint: AnyHttpUrl | None = None
     revocation_endpoint_auth_methods_supported: list[str] | None = None
-    revocation_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
+    revocation_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     introspection_endpoint: AnyHttpUrl | None = None
     introspection_endpoint_auth_methods_supported: list[str] | None = None
-    introspection_endpoint_auth_signing_alg_values_supported: list[Literal["RS256", "ES256"]] | None = None
+    introspection_endpoint_auth_signing_alg_values_supported: list[str] | None = None
     code_challenge_methods_supported: list[str] | None = None