Merge branch 'modelcontextprotocol:main' into sep-1699

Author: DaleSeo

README.md

@@ -12,8 +12,8 @@ An official Rust Model Context Protocol SDK implementation with tokio async runt
 
 This repository contains the following crates:
 
-- [rmcp](crates/rmcp): The core crate providing the RMCP protocol implementation (If you want to get more information, please visit [rmcp](crates/rmcp/README.md))
-- [rmcp-macros](crates/rmcp-macros): A procedural macro crate for generating RMCP tool implementations (If you want to get more information, please visit [rmcp-macros](crates/rmcp-macros/README.md))
+- [rmcp](crates/rmcp): The core crate providing the RMCP protocol implementation - see [rmcp](crates/rmcp/README.md)
+- [rmcp-macros](crates/rmcp-macros): A procedural macro crate for generating RMCP tool implementations - see [rmcp-macros](crates/rmcp-macros/README.md)
 
 ## Usage
 
@@ -25,14 +25,15 @@ rmcp = { version = "0.8.0", features = ["server"] }
 rmcp = { git = "https://github.com/modelcontextprotocol/rust-sdk", branch = "main" }
 ```
 ### Third Dependencies
-Basic dependencies:
-- [tokio required](https://github.com/tokio-rs/tokio)
-- [serde required](https://github.com/serde-rs/serde)
-Json Schema generation(Must follow the 2020-12 version):
-- [shemars required](https://github.com/GREsau/schemars)
 
+Basic dependencies:
+- [tokio](https://github.com/tokio-rs/tokio)
+- [serde](https://github.com/serde-rs/serde)
+Json Schema generation (version 2020-12):
+- [schemars](https://github.com/GREsau/schemars)
 
 ### Build a Client
+
 <details>
 <summary>Start a client</summary>
 
@@ -108,16 +109,16 @@ let quit_reason = server.cancel().await?;
 
 ## Examples
 
-See [examples](examples/README.md)
+See [examples](examples/README.md).
 
 ## OAuth Support
 
-See [oauth_support](docs/OAUTH_SUPPORT.md) for details.
+See [Oauth_support](docs/OAUTH_SUPPORT.md) for details.
 
 ## Related Resources
 
-- [MCP Specification](https://spec.modelcontextprotocol.io/specification/2024-11-05/)
-- [Schema](https://github.com/modelcontextprotocol/specification/blob/main/schema/2024-11-05/schema.ts)
+- [MCP Specification](https://modelcontextprotocol.io/specification/2025-11-25)
+- [Schema](https://github.com/modelcontextprotocol/specification/blob/main/schema/2025-11-25/schema.ts)
 
 ## Related Projects
 

crates/rmcp/src/transport/auth.rs

@@ -612,13 +612,16 @@ impl AuthorizationManager {
         let credentials = stored.and_then(|s| s.token_response);
 
         if let Some(creds) = credentials.as_ref() {
-            let expires_in = creds.expires_in().unwrap_or(Duration::from_secs(0));
-            if expires_in <= Duration::from_secs(0) {
-                tracing::info!("Access token expired, refreshing.");
-
-                let new_creds = self.refresh_token().await?;
-                tracing::info!("Refreshed access token.");
-                return Ok(new_creds.access_token().secret().to_string());
+            // check token expiry if we have a refresh token or an expiry time
+            if creds.refresh_token().is_some() || creds.expires_in().is_some() {
+                let expires_in = creds.expires_in().unwrap_or(Duration::from_secs(0));
+                if expires_in <= Duration::from_secs(0) {
+                    tracing::info!("Access token expired, refreshing.");
+
+                    let new_creds = self.refresh_token().await?;
+                    tracing::info!("Refreshed access token.");
+                    return Ok(new_creds.access_token().secret().to_string());
+                }
             }
 
             Ok(creds.access_token().secret().to_string())
@@ -684,16 +687,40 @@ impl AuthorizationManager {
         }
     }
 
+    /// Generate discovery endpoint URLs following the priority order in spec-2025-11-25 4.3 "Authorization Server Metadata Discovery".
+    fn generate_discovery_urls(base_url: &Url) -> Vec<Url> {
+        let mut candidates = Vec::new();
+        let path = base_url.path();
+        let trimmed = path.trim_start_matches('/').trim_end_matches('/');
+        let mut push_candidate = |discovery_path: String| {
+            let mut discovery_url = base_url.clone();
+            discovery_url.set_query(None);
+            discovery_url.set_fragment(None);
+            discovery_url.set_path(&discovery_path);
+            candidates.push(discovery_url);
+        };
+        if trimmed.is_empty() {
+            // No path components: try OAuth first, then OpenID Connect
+            push_candidate("/.well-known/oauth-authorization-server".to_string());
+            push_candidate("/.well-known/openid-configuration".to_string());
+        } else {
+            // Path components present: follow spec priority order
+            // 1. OAuth 2.0 with path insertion
+            push_candidate(format!("/.well-known/oauth-authorization-server/{trimmed}"));
+            // 2. OpenID Connect with path insertion
+            push_candidate(format!("/.well-known/openid-configuration/{trimmed}"));
+            // 3. OpenID Connect with path appending
+            push_candidate(format!("/{trimmed}/.well-known/openid-configuration"));
+        }
+
+        candidates
+    }
+
     async fn try_discover_oauth_server(
         &self,
         base_url: &Url,
     ) -> Result<Option<AuthorizationMetadata>, AuthError> {
-        for candidate_path in Self::well_known_paths(base_url.path(), "oauth-authorization-server")
-        {
-            let mut discovery_url = base_url.clone();
-            discovery_url.set_query(None);
-            discovery_url.set_fragment(None);
-            discovery_url.set_path(&candidate_path);
+        for discovery_url in Self::generate_discovery_urls(base_url) {
             if let Some(metadata) = self.fetch_authorization_metadata(&discovery_url).await? {
                 return Ok(Some(metadata));
             }
@@ -1457,4 +1484,71 @@ mod tests {
             ]
         );
     }
+
+    #[test]
+    fn generate_discovery_urls() {
+        // Test root URL (no path components): OAuth first, then OpenID Connect
+        let base_url = Url::parse("https://auth.example.com").unwrap();
+        let urls = AuthorizationManager::generate_discovery_urls(&base_url);
+        assert_eq!(urls.len(), 2);
+        assert_eq!(
+            urls[0].as_str(),
+            "https://auth.example.com/.well-known/oauth-authorization-server"
+        );
+        assert_eq!(
+            urls[1].as_str(),
+            "https://auth.example.com/.well-known/openid-configuration"
+        );
+
+        // Test URL with single path segment: follow spec priority order
+        let base_url = Url::parse("https://auth.example.com/tenant1").unwrap();
+        let urls = AuthorizationManager::generate_discovery_urls(&base_url);
+        assert_eq!(urls.len(), 3);
+        assert_eq!(
+            urls[0].as_str(),
+            "https://auth.example.com/.well-known/oauth-authorization-server/tenant1"
+        );
+        assert_eq!(
+            urls[1].as_str(),
+            "https://auth.example.com/.well-known/openid-configuration/tenant1"
+        );
+        assert_eq!(
+            urls[2].as_str(),
+            "https://auth.example.com/tenant1/.well-known/openid-configuration"
+        );
+
+        // Test URL with path and trailing slash
+        let base_url = Url::parse("https://auth.example.com/v1/mcp/").unwrap();
+        let urls = AuthorizationManager::generate_discovery_urls(&base_url);
+        assert_eq!(urls.len(), 3);
+        assert_eq!(
+            urls[0].as_str(),
+            "https://auth.example.com/.well-known/oauth-authorization-server/v1/mcp"
+        );
+        assert_eq!(
+            urls[1].as_str(),
+            "https://auth.example.com/.well-known/openid-configuration/v1/mcp"
+        );
+        assert_eq!(
+            urls[2].as_str(),
+            "https://auth.example.com/v1/mcp/.well-known/openid-configuration"
+        );
+
+        // Test URL with multiple path segments
+        let base_url = Url::parse("https://auth.example.com/tenant1/subtenant").unwrap();
+        let urls = AuthorizationManager::generate_discovery_urls(&base_url);
+        assert_eq!(urls.len(), 3);
+        assert_eq!(
+            urls[0].as_str(),
+            "https://auth.example.com/.well-known/oauth-authorization-server/tenant1/subtenant"
+        );
+        assert_eq!(
+            urls[1].as_str(),
+            "https://auth.example.com/.well-known/openid-configuration/tenant1/subtenant"
+        );
+        assert_eq!(
+            urls[2].as_str(),
+            "https://auth.example.com/tenant1/subtenant/.well-known/openid-configuration"
+        );
+    }
 }

docs/OAUTH_SUPPORT.md

@@ -1,6 +1,6 @@
 # Model Context Protocol OAuth Authorization
 
-This document describes the OAuth 2.1 authorization implementation for Model Context Protocol (MCP), following the [MCP 2025-03-26 Authorization Specification](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/).
+This document describes the OAuth 2.1 authorization implementation for Model Context Protocol (MCP), following the [MCP 2025-03-26 Authorization Specification](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization/).
 
 ## Features
 
@@ -117,7 +117,7 @@ If you encounter authorization issues, check the following:
 
 ## References
 
-- [MCP Authorization Specification](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/)
+- [MCP Authorization Specification](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization/)
 - [OAuth 2.1 Specification Draft](https://oauth.net/2.1/)
 - [RFC 8414: OAuth 2.0 Authorization Server Metadata](https://datatracker.ietf.org/doc/html/rfc8414)
 - [RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol](https://datatracker.ietf.org/doc/html/rfc7591)

docs/readme/README.zh-cn.md

@@ -106,8 +106,8 @@ let quit_reason = server.cancel().await?;
 
 ## 相关资源
 
-- [MCP Specification](https://spec.modelcontextprotocol.io/specification/2024-11-05/)
-- [Schema](https://github.com/modelcontextprotocol/specification/blob/main/schema/2024-11-05/schema.ts)
+- [MCP Specification](https://modelcontextprotocol.io/specification/2025-11-25)
+- [Schema](https://github.com/modelcontextprotocol/specification/blob/main/schema/2025-11-25/schema.ts)
 
 ## 相关项目
 - [containerd-mcp-server](https://github.com/jokemanfire/mcp-containerd) - 基于 containerd 实现的 MCP 服务

examples/servers/Cargo.toml

@@ -39,7 +39,7 @@ reqwest = { version = "0.12", features = ["json"] }
 chrono = "0.4"
 uuid = { version = "1.6", features = ["v4", "serde"] }
 serde_urlencoded = "0.7"
-askama = { version = "0.14" }
+askama = { version = "0.15" }
 tower-http = { version = "0.6", features = ["cors"] }
 hyper = { version = "1" }
 hyper-util = { version = "0", features = ["server"] }