FastMCP 2.12.1 strengthens the OAuth proxy implementation based on extensive community testing and feedback. This release fixes DCR client generation, improves client token storage reliability, adds PKCE forwarding for enhanced security, introduces configurable token endpoint authentication methods, and expands scope handling; all addressing real-world integration challenges discovered since 2.12.0. The enhanced test suite with mock providers ensures these improvements are robust and maintainable.
Note: this release includes a minor breaking change for users of built-in IDP integrations, with resource_server_url renamed to base_url for clarity and consistency. This is in line with FastMCP's breaking change policy for the auth module.
What's Changed
Enhancements 🔧
- Make openai depedency optional by @jlowin in #1701
- Remove orphaned OAuth proxy code by @jlowin in #1722
- Expose valid scopes from OAuthProxy metadata by @dmikusa in #1717
- OAuth proxy PKCE forwarding by @jlowin in #1733
- Add token_endpoint_auth_method parameter to OAuthProxy by @jlowin in #1736
- Clean up and enhance OAuth proxy tests with mock provider by @jlowin in #1738
Fixes 🐞
- refactor: replace auth provider registry with ImportString by @jlowin in #1710
- Fix OAuth resource URL handling and WWW-Authenticate header by @jlowin in #1706
- Fix OAuth proxy client storage and add retry logic by @jlowin in #1732
Docs 📚
- Fix documentation: use StreamableHttpTransport for headers in testing by @jlowin in #1702
- docs: add performance warnings for mounted servers and proxies by @strawgate in #1669
- Update documentation around scopes for google by @jlowin in #1703
- Add deployment information to quickstart by @seanpwlms in #1433
- Update quickstart by @jlowin in #1728
- Add development docs for FastMCP by @jlowin in #1719
Other Changes 🦾
- Set generics without bounds to default=Any by @strawgate in #1648
New Contributors
- @AaronPowell96 made their first contribution in #1714
- @seanpwlms made their first contribution in #1433
- @dmikusa made their first contribution in #1717
Full Changelog: v2.12.0...v2.12.1