Fix type validation issues with AuthConfig

shahar4499 · shahar4499 · commit f64ccc2811bb · 2025-04-22T17:43:28.000+03:00
diff --git a/fastapi_mcp/types.py b/fastapi_mcp/types.py
@@ -41,13 +41,13 @@ class OAuthMetadata(BaseType):
     ]
 
     authorization_endpoint: Annotated[
-        StrHttpUrl,
+        Optional[StrHttpUrl],
         Doc(
             """
             URL of the authorization server's authorization endpoint.
             """
         ),
-    ]
+    ] = None
 
     token_endpoint: Annotated[
         StrHttpUrl,
@@ -353,18 +353,15 @@ async def authenticate_request(request: Request, token: str = Depends(oauth2_sch
 
     @model_validator(mode="after")
     def validate_required_fields(self):
-        if self.custom_oauth_metadata is None and self.issuer is None:
-            raise ValueError("'issuer' is required when 'custom_oauth_metadata' is not provided")
+        if self.custom_oauth_metadata is None and self.issuer is None and not self.dependencies:
+            raise ValueError("at least one of 'issuer', 'custom_oauth_metadata' or 'dependencies' is required")
 
         if self.setup_proxies:
             if self.client_id is None:
                 raise ValueError("'client_id' is required when 'setup_proxies' is True")
 
-        if self.setup_fake_dynamic_registration and not self.client_secret:
-            raise ValueError("'client_secret' is required when 'setup_fake_dynamic_registration' is True")
-
-        if self.setup_fake_dynamic_registration and not self.setup_proxies:
-            raise ValueError("'setup_fake_dynamic_registration' can only be True when 'setup_proxies' is True")
+            if self.setup_fake_dynamic_registration and not self.client_secret:
+                raise ValueError("'client_secret' is required when 'setup_fake_dynamic_registration' is True")
 
         return self
 
diff --git a/tests/test_types_validation.py b/tests/test_types_validation.py
@@ -0,0 +1,111 @@
+import pytest
+from pydantic import ValidationError
+from fastapi import Depends
+
+from fastapi_mcp.types import (
+    OAuthMetadata,
+    AuthConfig,
+)
+
+
+class TestOAuthMetadata:
+    def test_non_empty_lists_validation(self):
+        for field in [
+            "scopes_supported",
+            "response_types_supported",
+            "grant_types_supported",
+            "token_endpoint_auth_methods_supported",
+            "code_challenge_methods_supported",
+        ]:
+            with pytest.raises(ValidationError, match=f"{field} cannot be empty"):
+                OAuthMetadata(
+                    issuer="https://example.com",
+                    authorization_endpoint="https://example.com/auth",
+                    token_endpoint="https://example.com/token",
+                    **{field: []},
+                )
+
+    def test_authorization_endpoint_required_for_authorization_code(self):
+        with pytest.raises(ValidationError) as exc_info:
+            OAuthMetadata(
+                issuer="https://example.com",
+                token_endpoint="https://example.com/token",
+                grant_types_supported=["authorization_code", "client_credentials"],
+            )
+        assert "authorization_endpoint is required when authorization_code grant type is supported" in str(
+            exc_info.value
+        )
+
+        OAuthMetadata(
+            issuer="https://example.com",
+            token_endpoint="https://example.com/token",
+            authorization_endpoint="https://example.com/auth",
+            grant_types_supported=["client_credentials"],
+        )
+
+    def test_model_dump_excludes_none(self):
+        metadata = OAuthMetadata(
+            issuer="https://example.com",
+            authorization_endpoint="https://example.com/auth",
+            token_endpoint="https://example.com/token",
+        )
+
+        dumped = metadata.model_dump()
+
+        assert "registration_endpoint" not in dumped
+
+
+class TestAuthConfig:
+    def test_required_fields_validation(self):
+        with pytest.raises(
+            ValidationError, match="at least one of 'issuer', 'custom_oauth_metadata' or 'dependencies' is required"
+        ):
+            AuthConfig()
+
+        AuthConfig(issuer="https://example.com")
+
+        AuthConfig(
+            custom_oauth_metadata={
+                "issuer": "https://example.com",
+                "authorization_endpoint": "https://example.com/auth",
+                "token_endpoint": "https://example.com/token",
+            },
+        )
+
+        def dummy_dependency():
+            pass
+
+        AuthConfig(dependencies=[Depends(dummy_dependency)])
+
+    def test_client_id_required_for_setup_proxies(self):
+        with pytest.raises(ValidationError, match="'client_id' is required when 'setup_proxies' is True"):
+            AuthConfig(
+                issuer="https://example.com",
+                setup_proxies=True,
+            )
+
+        AuthConfig(
+            issuer="https://example.com",
+            setup_proxies=True,
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+        )
+
+    def test_client_secret_required_for_fake_registration(self):
+        with pytest.raises(
+            ValidationError, match="'client_secret' is required when 'setup_fake_dynamic_registration' is True"
+        ):
+            AuthConfig(
+                issuer="https://example.com",
+                setup_proxies=True,
+                client_id="test-client-id",
+                setup_fake_dynamic_registration=True,
+            )
+
+        AuthConfig(
+            issuer="https://example.com",
+            setup_proxies=True,
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+            setup_fake_dynamic_registration=True,
+        )
