1 Release published by 1 person

• 1.16.0

  published Jul 17, 2025

13 Pull requests merged by 9 people

• Add CODEOWNERS file for sdk

  #781 merged Jul 18, 2025

• 1.16.0

  #779 merged Jul 17, 2025

• fix client id issuance date should only be sent when generated

  #775 merged Jul 17, 2025

• fix: consistently use consumer-provided fetch function

  #767 merged Jul 17, 2025

• fix(731): StreamableHTTPClientTransport Fails to Reconnect on Non-Resumable Streams

  #732 merged Jul 15, 2025

• feat(protocol): Debounce notifications to improve network efficiancy

  #746 merged Jul 15, 2025

• fix: use authorization_server_url as issuer when fetching metadata

  #763 merged Jul 14, 2025

• Adding invalidateCredentials() to OAuthClientProvider

  #570 merged Jul 14, 2025

• make client side client_id generation configurable in the oauth router

  #734 merged Jul 14, 2025

• Non-critical: Readme syntax and typographical error fixes

  #765 merged Jul 14, 2025

• Add prompt=consent for OIDC offline_access scope

  #681 merged Jul 14, 2025

• Add OIDC ID token support

  #680 merged Jul 14, 2025

• Add type compatibility test between SDK and spec types

  #729 merged Jul 14, 2025

4 Pull requests opened by 3 people

• Add nonce support

  #769 opened Jul 14, 2025

• Add nonce validation

  #770 opened Jul 15, 2025

• feat: add multi-level initial access token support for OAuth 2.0 Dynamic Client Registration (RFC 7591)

  #773 opened Jul 16, 2025

• (fix): Update fallbackRequestHandler type to match _requestHandlers leaves type

  #784 opened Jul 18, 2025

4 Issues closed by 2 people

• Please fix the description to say `TypeScript` instead of `Typescript`

  #755 closed Jul 16, 2025

• OAuth metadata url building should use authorization_server as base_url rather than mcp server url

  #762 closed Jul 14, 2025

• Disable client id generation in ProxyOAuthProvider

  #724 closed Jul 14, 2025

• OAuth authentication flow should use scopes_supported of Protected Resource Metadata

  #580 closed Jul 14, 2025

11 Issues opened by 11 people

• Server-side StreamableHTTPServerTransport.close() does not fully clean up, causing nodemon hang on shutdown

  #783 opened Jul 18, 2025

• onerror and other listener not remove after client close (stdio)

  #780 opened Jul 18, 2025

• invoke asyn method in mcp tool through StreamableHttpTransport cause early return from tool call

  #778 opened Jul 17, 2025

• Where to search actually WORKING example of using Remote MCP server aka "Connector" for Claude?

  #777 opened Jul 16, 2025

• [BUG] Multi-Node Deployment with Persistent Storage Mode not working

  #776 opened Jul 16, 2025

• [Feature Request] Include McpError 'data' payload in JSON-RPC error response

  #774 opened Jul 16, 2025

• Add Initial Access Token Support for Dynamic Client Registration

  #772 opened Jul 16, 2025

• Memory leak in StreamableHTTP and SSE

  #771 opened Jul 16, 2025

• Add auth flow debug logging

  #768 opened Jul 14, 2025

• sendLoggingMessage with Streamable HTTP - logs are not received

  #766 opened Jul 14, 2025

• MCP Python SDK sessionId not maintained in browser with TypeScript SDK client

  #764 opened Jul 14, 2025

13 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• optimization: When using custom SSE request,`Authorization` header can still be automatically attached to the SSE request.

  #478 commented on Jul 16, 2025 • 4 new comments

• issue/744 - Uses authorization server url provided by .well-known/oauth-protected-resource metadata

  #748 commented on Jul 16, 2025 • 1 new comment

• "Type instantiation is excessively deep and possibly infinite" typescript error when importing ToolCallback type

  #494 commented on Jul 13, 2025 • 0 new comments

• [auth] Handle dynamically selecting scopes in client authorization url

  #672 commented on Jul 14, 2025 • 0 new comments

• Zod 4 supported

  #555 commented on Jul 14, 2025 • 0 new comments

• OAuth - .well-known files must allow OPTIONS and not GET only

  #715 commented on Jul 16, 2025 • 0 new comments

• ProxyOAuthServerProvider fails with Zod validation error when using Ory Hydra as OAuth provider

  #754 commented on Jul 16, 2025 • 0 new comments

• OAuth Metadata Discovery should respect provided Authorization Server URL before applying RFC 8414 path construction

  #744 commented on Jul 16, 2025 • 0 new comments

• Request time out issue repeatedly

  #737 commented on Jul 18, 2025 • 0 new comments

• Support object type tool result

  #156 commented on Jul 18, 2025 • 0 new comments

• feature(auth): Allow delegating OAuth authorization to existing app-level implementations

  #485 commented on Jul 18, 2025 • 0 new comments

• Fix OAuthProxyProviderClient validation

  #620 commented on Jul 16, 2025 • 0 new comments

• Add revokeToken() function for client

  #739 commented on Jul 15, 2025 • 0 new comments