Merge branch 'main' into main

Author: Achintha444

package.json

@@ -36,8 +36,11 @@
   ],
   "scripts": {
     "build": "npm run build:esm && npm run build:cjs",
-    "build:esm": "tsc -p tsconfig.prod.json && echo '{\"type\": \"module\"}' > dist/esm/package.json",
-    "build:cjs": "tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > dist/cjs/package.json",
+    "build:esm": "mkdir -p dist/esm && echo '{\"type\": \"module\"}' > dist/esm/package.json && tsc -p tsconfig.prod.json",
+    "build:esm:w": "npm run build:esm -- -w",
+    "build:cjs": "mkdir -p dist/cjs && echo '{\"type\": \"commonjs\"}' > dist/cjs/package.json && tsc -p tsconfig.cjs.json",
+    "build:cjs:w": "npm run build:cjs -- -w",
+    "examples:simple-server:w": "tsx --watch src/examples/server/simpleStreamableHttp.ts --oauth",
     "prepack": "npm run build:esm && npm run build:cjs",
     "lint": "eslint src/",
     "test": "jest",

src/examples/server/demoInMemoryOAuthProvider.ts

@@ -35,17 +35,8 @@ export class DemoInMemoryAuthProvider implements OAuthServerProvider {
     params: AuthorizationParams,
     client: OAuthClientInformationFull}>();
   private tokens = new Map<string, AuthInfo>();
-  private validateResource?: (resource?: URL) => boolean;
-
-  constructor({mcpServerUrl}: {mcpServerUrl?: URL} = {}) {
-    if (mcpServerUrl) {
-      const expectedResource = resourceUrlFromServerUrl(mcpServerUrl);
-      this.validateResource = (resource?: URL) => {
-        if (!resource) return false;
-        return resource.toString() === expectedResource.toString();
-      };
-    }
-  }
+
+  constructor(private validateResource?: (resource?: URL) => boolean) {}
 
   async authorize(
     client: OAuthClientInformationFull,
@@ -153,13 +144,20 @@ export class DemoInMemoryAuthProvider implements OAuthServerProvider {
 }
 
 
-export const setupAuthServer = (authServerUrl: URL, mcpServerUrl: URL): OAuthMetadata => {
+export const setupAuthServer = ({authServerUrl, mcpServerUrl, strictResource}: {authServerUrl: URL, mcpServerUrl: URL, strictResource: boolean}): OAuthMetadata => {
   // Create separate auth server app
   // NOTE: This is a separate app on a separate port to illustrate
   // how to separate an OAuth Authorization Server from a Resource
   // server in the SDK. The SDK is not intended to be provide a standalone
   // authorization server.
-  const provider = new DemoInMemoryAuthProvider({mcpServerUrl});
+
+  const validateResource = strictResource ? (resource?: URL) => {
+    if (!resource) return false;
+    const expectedResource = resourceUrlFromServerUrl(mcpServerUrl);
+    return resource.toString() === expectedResource.toString();
+  } : undefined;
+
+  const provider = new DemoInMemoryAuthProvider(validateResource);
   const authApp = express();
   authApp.use(express.json());
   // For introspection requests

src/examples/server/simpleStreamableHttp.ts

@@ -432,7 +432,7 @@ if (useOAuth) {
   const mcpServerUrl = new URL(`http://localhost:${MCP_PORT}/mcp`);
   const authServerUrl = new URL(`http://localhost:${AUTH_PORT}`);
 
-  const oauthMetadata: OAuthMetadata = setupAuthServer(authServerUrl, mcpServerUrl);
+  const oauthMetadata: OAuthMetadata = setupAuthServer({authServerUrl, mcpServerUrl, strictResource: strictOAuth});
 
   const tokenVerifier = {
     verifyAccessToken: async (token: string) => {