Validate DCR redirect_uris with HTTPS-or-loopback policy

KirtiRamchandani · KirtiRamchandani · commit f896b400c230 · 2026-06-13T19:10:33.000Z
Reject dangerous redirect URI schemes and fragments during dynamic client registration, matching the existing issuer URL validation rules. Fixes #2629
diff --git a/src/mcp/server/auth/handlers/register.py b/src/mcp/server/auth/handlers/register.py
@@ -11,6 +11,7 @@
 from mcp.server.auth.errors import stringify_pydantic_error
 from mcp.server.auth.json_response import PydanticJSONResponse
 from mcp.server.auth.provider import OAuthAuthorizationServerProvider, RegistrationError, RegistrationErrorCode
+from mcp.server.auth.validation import validate_registered_redirect_uri
 from mcp.server.auth.settings import ClientRegistrationOptions
 from mcp.shared.auth import OAuthClientInformationFull, OAuthClientMetadata
 
@@ -90,6 +91,19 @@ async def handle(self, request: Request) -> Response:
                 status_code=400,
             )
 
+        if client_metadata.redirect_uris is not None:
+            for redirect_uri in client_metadata.redirect_uris:
+                try:
+                    validate_registered_redirect_uri(redirect_uri)
+                except ValueError as error:
+                    return PydanticJSONResponse(
+                        content=RegistrationErrorResponse(
+                            error="invalid_client_metadata",
+                            error_description=str(error),
+                        ),
+                        status_code=400,
+                    )
+
         client_id_issued_at = int(time.time())
         client_secret_expires_at = (
             client_id_issued_at + self.options.client_secret_expiry_seconds
diff --git a/src/mcp/server/auth/routes.py b/src/mcp/server/auth/routes.py
@@ -21,26 +21,7 @@
 from mcp.shared.auth import OAuthMetadata, ProtectedResourceMetadata
 
 
-def validate_issuer_url(url: AnyHttpUrl):
-    """Validate that the issuer URL meets OAuth 2.0 requirements.
-
-    Args:
-        url: The issuer URL to validate.
-
-    Raises:
-        ValueError: If the issuer URL is invalid.
-    """
-
-    # RFC 8414 requires HTTPS, but we allow loopback/localhost HTTP for testing
-    if url.scheme != "https" and url.host not in ("localhost", "127.0.0.1", "[::1]"):
-        raise ValueError("Issuer URL must be HTTPS")
-
-    # No fragments or query parameters allowed
-    if url.fragment:
-        raise ValueError("Issuer URL must not have a fragment")
-    if url.query:
-        raise ValueError("Issuer URL must not have a query string")
-
+from mcp.server.auth.validation import validate_issuer_url
 
 AUTHORIZATION_PATH = "/authorize"
 TOKEN_PATH = "/token"
diff --git a/src/mcp/server/auth/validation.py b/src/mcp/server/auth/validation.py
@@ -0,0 +1,38 @@
+from pydantic import AnyHttpUrl, AnyUrl
+
+
+def validate_issuer_url(url: AnyHttpUrl):
+    """Validate that the issuer URL meets OAuth 2.0 requirements.
+
+    Args:
+        url: The issuer URL to validate.
+
+    Raises:
+        ValueError: If the issuer URL is invalid.
+    """
+
+    # RFC 8414 requires HTTPS, but we allow loopback/localhost HTTP for testing
+    if url.scheme != "https" and url.host not in ("localhost", "127.0.0.1", "[::1]"):
+        raise ValueError("Issuer URL must be HTTPS")
+
+    # No fragments or query parameters allowed
+    if url.fragment:
+        raise ValueError("Issuer URL must not have a fragment")
+    if url.query:
+        raise ValueError("Issuer URL must not have a query string")
+
+
+def validate_registered_redirect_uri(url: AnyUrl):
+    """Validate that a dynamically registered redirect URI is safe to use.
+
+    Mirrors the HTTPS-or-loopback policy used for issuer URLs and rejects
+    dangerous schemes such as javascript:, data:, and file:.
+    """
+    if url.scheme not in ("https", "http"):
+        raise ValueError("Redirect URI must use HTTPS or HTTP")
+
+    if url.scheme != "https" and url.host not in ("localhost", "127.0.0.1", "[::1]"):
+        raise ValueError("Redirect URI must be HTTPS unless loopback")
+
+    if url.fragment:
+        raise ValueError("Redirect URI must not have a fragment")
diff --git a/tests/server/auth/test_routes.py b/tests/server/auth/test_routes.py
@@ -1,7 +1,7 @@
 import pytest
-from pydantic import AnyHttpUrl
+from pydantic import AnyHttpUrl, AnyUrl
 
-from mcp.server.auth.routes import validate_issuer_url
+from mcp.server.auth.validation import validate_issuer_url, validate_registered_redirect_uri
 
 
 def test_validate_issuer_url_https_allowed():
@@ -45,3 +45,33 @@ def test_validate_issuer_url_fragment_rejected():
 def test_validate_issuer_url_query_rejected():
     with pytest.raises(ValueError, match="query"):
         validate_issuer_url(AnyHttpUrl("https://example.com/path?q=1"))
+
+
+@pytest.mark.parametrize(
+    "redirect_uri",
+    [
+        "https://example.com/callback",
+        "http://localhost:8080/callback",
+        "http://127.0.0.1:8080/callback",
+        "http://[::1]:8080/callback",
+    ],
+)
+def test_validate_registered_redirect_uri_allowed(redirect_uri: str):
+    validate_registered_redirect_uri(AnyUrl(redirect_uri))
+
+
+@pytest.mark.parametrize(
+    "redirect_uri,message",
+    [
+        ("javascript:alert(1)", "HTTPS or HTTP"),
+        ("data:text/html,<script>alert(1)</script>", "HTTPS or HTTP"),
+        ("file:///etc/passwd", "HTTPS or HTTP"),
+        ("vbscript:msgbox(1)", "HTTPS or HTTP"),
+        ("ftp://attacker.example/cb", "HTTPS or HTTP"),
+        ("http://attacker.example/cb", "unless loopback"),
+        ("https://example.com/cb#frag", "fragment"),
+    ],
+)
+def test_validate_registered_redirect_uri_rejected(redirect_uri: str, message: str):
+    with pytest.raises(ValueError, match=message):
+        validate_registered_redirect_uri(AnyUrl(redirect_uri))
