fix: add 'invalid_target' to AuthorizationErrorCode (RFC 8707)

siddhirajkatkar · siddhirajkatkar · commit b0f92551795e · 2026-05-19T08:51:24.000+05:30
RFC 8707 §2 defines 'invalid_target' as the error code for resource indicator mismatches. Without it, AuthorizeError(error='invalid_target') triggers a pydantic ValidationError instead of an OAuth-compliant response. Fixes #2641
diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
@@ -64,6 +64,7 @@ class RegistrationError(Exception):
     "invalid_scope",
     "server_error",
     "temporarily_unavailable",
+    "invalid_target",  # RFC 8707 §2 — resource indicator mismatch
 ]
 
 

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ class RegistrationError(Exception):`
`64`	`64`	`"invalid_scope",`
`65`	`65`	`"server_error",`
`66`	`66`	`"temporarily_unavailable",`
	`67`	`+ "invalid_target", # RFC 8707 §2 — resource indicator mismatch`
`67`	`68`	`]`
`68`	`69`
`69`	`70`