fix: add invalid_target to AuthorizationErrorCode per RFC 8707 §2

ZongrongLi · ZongrongLi · commit 2a66e6d4d54d · 2026-06-02T00:02:56.000+02:00
RFC 8707 defines invalid_target as the OAuth 2.0 error code for resource-indicator mismatches. The Python SDK AuthorizationErrorCode Literal was missing this value, causing pydantic ValidationError. Closes #2641
diff --git a/src/mcp/server/auth/provider.py b/src/mcp/server/auth/provider.py
@@ -68,6 +68,7 @@ class RegistrationError(Exception):
     "invalid_scope",
     "server_error",
     "temporarily_unavailable",
+    "invalid_target",  # RFC 8707 §2
 ]
 
 

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ class RegistrationError(Exception):`
`68`	`68`	`"invalid_scope",`
`69`	`69`	`"server_error",`
`70`	`70`	`"temporarily_unavailable",`
	`71`	`+ "invalid_target", # RFC 8707 §2`
`71`	`72`	`]`
`72`	`73`
`73`	`74`