Skip to content

MCP OAuth dynamic client registration rejects due to invalid tos_uri/policy_uri #309

Description

@nulljosh

When authenticating the hosted Primitive MCP server (https://www.primitive.dev/mcp) from an MCP client, dynamic client registration fails validation before the OAuth flow can start.

Server-returned client registration response includes invalid values:

[
  {
    "code": "invalid_value",
    "values": [""],
    "path": ["tos_uri"],
    "message": "Invalid input: expected \"\""
  }
]

and

{
  "expected": "string",
  "code": "invalid_type",
  "path": ["policy_uri"],
  "message": "Invalid input: expected string, received null"
}

tos_uri comes back as [""] (array containing empty string) and policy_uri as null, where RFC 7591 dynamic client registration expects these to be optional strings (or omitted entirely). This breaks OAuth for any client with strict schema validation on the registration response.

This worked as of about a week ago and appears to be a regression on the hosted MCP OAuth server. Since this repo only contains the SDKs/CLI (generated from the OpenAPI spec) and not the hosted MCP server itself, filing here as the closest public channel — please route to whoever owns the MCP OAuth endpoint.

Expected: tos_uri/policy_uri should be omitted or returned as valid strings/null-omitted per spec, not [""] / null.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions