From 27d1566ffc02ef18229588df412b130b18ed3c08 Mon Sep 17 00:00:00 2001 From: Jin Peng Date: Tue, 21 Oct 2025 11:59:28 -0700 Subject: [PATCH] fix: accept HTTP 201 status code in token exchange Fixes #1502 Some OAuth servers (like Supabase) return 201 Created instead of 200 OK for successful token exchanges. The OAuth 2.0 spec doesn't mandate a specific success status code, so we should accept both 200 and 201. --- src/mcp/client/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mcp/client/auth.py b/src/mcp/client/auth.py index 91f8576d7..469c2f4ec 100644 --- a/src/mcp/client/auth.py +++ b/src/mcp/client/auth.py @@ -429,7 +429,7 @@ async def _exchange_token(self, auth_code: str, code_verifier: str) -> httpx.Req async def _handle_token_response(self, response: httpx.Response) -> None: """Handle token exchange response.""" - if response.status_code != 200: + if response.status_code not in {200, 201}: raise OAuthTokenError(f"Token exchange failed: {response.status_code}") try: