feat(auth): add validate_registered_redirect_uri helper

CrypticCortex · CrypticCortex · commit 3ee84a96a8ed · 2026-05-18T12:02:20.000Z
diff --git a/src/mcp/server/auth/routes.py b/src/mcp/server/auth/routes.py
@@ -2,7 +2,7 @@
 from typing import Any
 from urllib.parse import urlparse
 
-from pydantic import AnyHttpUrl
+from pydantic import AnyHttpUrl, AnyUrl
 from starlette.middleware.cors import CORSMiddleware
 from starlette.requests import Request
 from starlette.responses import Response
@@ -18,7 +18,7 @@
 from mcp.server.auth.provider import OAuthAuthorizationServerProvider
 from mcp.server.auth.settings import ClientRegistrationOptions, RevocationOptions
 from mcp.server.streamable_http import MCP_PROTOCOL_VERSION_HEADER
-from mcp.shared.auth import OAuthMetadata, ProtectedResourceMetadata
+from mcp.shared.auth import InvalidRedirectUriError, OAuthMetadata, ProtectedResourceMetadata
 
 
 def validate_issuer_url(url: AnyHttpUrl):
@@ -42,6 +42,33 @@ def validate_issuer_url(url: AnyHttpUrl):
         raise ValueError("Issuer URL must not have a query string")
 
 
+def validate_registered_redirect_uri(url: AnyUrl) -> None:
+    """Validate that a registered redirect_uri meets OAuth 2.0 + RFC 7591 requirements.
+
+    Mirrors the policy that :func:`validate_issuer_url` applies to issuer URLs:
+    redirect URIs must use ``https``, except that ``http`` is permitted for
+    loopback hosts (``localhost``, ``127.0.0.1``, ``[::1]``) per RFC 8252 §7.3,
+    and they MUST NOT carry a fragment component per RFC 7591 §2.
+
+    Args:
+        url: A registered redirect_uri value from
+            :class:`mcp.shared.auth.OAuthClientMetadata`.
+
+    Raises:
+        InvalidRedirectUriError: If the URI uses a scheme other than ``https``
+            or loopback ``http``, or if it contains a fragment.
+    """
+    # RFC 9700 §4.1.1 (OAuth 2.0 Security BCP): https-only, with the RFC 8252
+    # native-app loopback exception.
+    if url.scheme not in ("https", "http"):
+        raise InvalidRedirectUriError(f"redirect_uri must use https (or http for loopback); got scheme {url.scheme!r}")
+    if url.scheme == "http" and url.host not in ("localhost", "127.0.0.1", "[::1]"):
+        raise InvalidRedirectUriError(f"redirect_uri must use https for non-loopback hosts; got {str(url)!r}")
+    # RFC 7591 §2: redirect_uri MUST NOT contain a fragment component.
+    if url.fragment:
+        raise InvalidRedirectUriError(f"redirect_uri must not have a fragment; got {str(url)!r}")
+
+
 AUTHORIZATION_PATH = "/authorize"
 TOKEN_PATH = "/token"
 REGISTRATION_PATH = "/register"
diff --git a/tests/server/auth/test_routes.py b/tests/server/auth/test_routes.py
@@ -1,7 +1,8 @@
 import pytest
-from pydantic import AnyHttpUrl
+from pydantic import AnyHttpUrl, AnyUrl
 
-from mcp.server.auth.routes import validate_issuer_url
+from mcp.server.auth.routes import validate_issuer_url, validate_registered_redirect_uri
+from mcp.shared.auth import InvalidRedirectUriError
 
 
 def test_validate_issuer_url_https_allowed():
@@ -45,3 +46,59 @@ def test_validate_issuer_url_fragment_rejected():
 def test_validate_issuer_url_query_rejected():
     with pytest.raises(ValueError, match="query"):
         validate_issuer_url(AnyHttpUrl("https://example.com/path?q=1"))
+
+
+def test_validate_registered_redirect_uri_https_allowed():
+    validate_registered_redirect_uri(AnyUrl("https://example.com/cb"))
+
+
+def test_validate_registered_redirect_uri_https_with_query_allowed():
+    validate_registered_redirect_uri(AnyUrl("https://example.com/cb?foo=bar"))
+
+
+def test_validate_registered_redirect_uri_http_localhost_allowed():
+    validate_registered_redirect_uri(AnyUrl("http://localhost:8080/cb"))
+
+
+def test_validate_registered_redirect_uri_http_127_0_0_1_allowed():
+    validate_registered_redirect_uri(AnyUrl("http://127.0.0.1:8080/cb"))
+
+
+def test_validate_registered_redirect_uri_http_ipv6_loopback_allowed():
+    validate_registered_redirect_uri(AnyUrl("http://[::1]:8080/cb"))
+
+
+def test_validate_registered_redirect_uri_javascript_scheme_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must use https"):
+        validate_registered_redirect_uri(AnyUrl("javascript:alert(1)"))
+
+
+def test_validate_registered_redirect_uri_data_scheme_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must use https"):
+        validate_registered_redirect_uri(AnyUrl("data:text/html,x"))
+
+
+def test_validate_registered_redirect_uri_file_scheme_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must use https"):
+        validate_registered_redirect_uri(AnyUrl("file:///etc/passwd"))
+
+
+def test_validate_registered_redirect_uri_ftp_scheme_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must use https"):
+        validate_registered_redirect_uri(AnyUrl("ftp://attacker.example/cb"))
+
+
+def test_validate_registered_redirect_uri_http_non_loopback_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must use https for non-loopback"):
+        validate_registered_redirect_uri(AnyUrl("http://attacker.example/cb"))
+
+
+def test_validate_registered_redirect_uri_http_127_prefix_domain_rejected():
+    """A domain like 127.0.0.1.evil.com is NOT loopback."""
+    with pytest.raises(InvalidRedirectUriError, match="must use https for non-loopback"):
+        validate_registered_redirect_uri(AnyUrl("http://127.0.0.1.evil.com/cb"))
+
+
+def test_validate_registered_redirect_uri_fragment_rejected():
+    with pytest.raises(InvalidRedirectUriError, match="must not have a fragment"):
+        validate_registered_redirect_uri(AnyUrl("https://example.com/cb#frag"))
