From b0f92551795e80af17aa978ff9bbde6d2b0a5cd2 Mon Sep 17 00:00:00 2001
From: siddhirajkatkar <siddhirajkatkar7707@gmail.com>
Date: Tue, 19 May 2026 08:51:24 +0530
Subject: [PATCH 1/2] fix: add 'invalid_target' to AuthorizationErrorCode (RFC
 8707)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RFC 8707 §2 defines 'invalid_target' as the error code for resource
indicator mismatches. Without it, AuthorizeError(error='invalid_target')
triggers a pydantic ValidationError instead of an OAuth-compliant response.

Fixes #2641
---
 src/mcp/server/auth/provider.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
index 957082a854..cba4dc21d1 100644
--- a/src/mcp/server/auth/provider.py
+++ b/src/mcp/server/auth/provider.py
@@ -64,6 +64,7 @@ class RegistrationError(Exception):
     "invalid_scope",
     "server_error",
     "temporarily_unavailable",
+    "invalid_target",  # RFC 8707 §2 — resource indicator mismatch
 ]
 
 

From 1a96e9216e9df039f20a1c08b122c0b5e46b340f Mon Sep 17 00:00:00 2001
From: Marcelo Trylesinski <marcelotryle@gmail.com>
Date: Tue, 2 Jun 2026 17:57:30 +0200
Subject: [PATCH 2/2] Apply suggestion from @Kludex

---
 src/mcp/server/auth/provider.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
index cba4dc21d1..e8b7f878c9 100644
--- a/src/mcp/server/auth/provider.py
+++ b/src/mcp/server/auth/provider.py
@@ -64,7 +64,7 @@ class RegistrationError(Exception):
     "invalid_scope",
     "server_error",
     "temporarily_unavailable",
-    "invalid_target",  # RFC 8707 §2 — resource indicator mismatch
+    "invalid_target",
 ]