auth: bind GitHub OIDC token exchange to a per-deployment audience#1229
Merged
Conversation
Server reads the accepted audience from MCP_REGISTRY_GITHUB_OIDC_AUDIENCE (no default; empty fails closed). Publisher CLI derives the requested audience from the --registry URL's scheme and host instead of a fixed constant. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
prod uses https://registry.modelcontextprotocol.io; other environments use https://<env>.registry.modelcontextprotocol.io. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
rdimitrov
added a commit
that referenced
this pull request
Apr 30, 2026
…sers (#1230) ## Summary Follow-up to #1229. Three small doc additions so the new audience requirement is discoverable without reading the source: - `.env.example` lists `MCP_REGISTRY_GITHUB_OIDC_AUDIENCE` alongside the other registry env vars, with a note that the value must match the scheme+host that publishers pass via `--registry`. - The publisher CLI reference (`docs/reference/cli/commands.md`) explains that the CLI derives the audience from `--registry` and that self-hosters must set the matching env var on the registry side. - The GitHub Actions troubleshooting table (`docs/modelcontextprotocol-io/github-actions.mdx`) maps the new `invalid audience` error to the user-facing fix (upgrade `mcp-publisher`). No code changes — docs only. ## Test plan - [ ] CI green (markdown lint / link checks if any) - [ ] Eyeball-render the troubleshooting table on the modelcontextprotocol.io preview to confirm the new row formats correctly 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
mathieumaf
added a commit
to Digilac/simap-mcp
that referenced
this pull request
Apr 30, 2026
Required for the new GitHub OIDC audience binding (registry PR modelcontextprotocol/registry#1229) — older binaries get rejected with `invalid audience` once the production registry rolls the matching server-side validation. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SoapyRED
added a commit
to SoapyRED/freightutils-mcp
that referenced
this pull request
May 1, 2026
The 1.7.6 release shipped 'auth: bind GitHub OIDC token exchange to a per-deployment audience' (modelcontextprotocol/registry#1229). The registry now requires audience=https://registry.modelcontextprotocol.io where 1.6.0 was sending audience=mcp-registry, so 1.6.0 fails OIDC token exchange with HTTP 401. 1.7.6 sends the correct per-deployment audience. Failing run: https://github.com/SoapyRED/freightutils-mcp/actions/runs/25197575815
cmeans-claude-dev Bot
added a commit
to cmeans/mcp-synology
that referenced
this pull request
May 1, 2026
…udience (#79) ## Summary The v0.5.1 release run hit `publish-registry` failure at "Authenticate to MCP registry (GitHub OIDC)" with HTTP 401: \`\`\` Token exchange failed: failed to validate OIDC token: invalid audience: expected https://registry.modelcontextprotocol.io, got [mcp-registry] \`\`\` PyPI publish ✅, GitHub release ✅, registry publish ❌. v0.5.1 is on PyPI; only directory metadata is missing. ## Root cause The MCP registry deployed [`modelcontextprotocol/registry#1229`](modelcontextprotocol/registry#1229) — "auth: bind GitHub OIDC token exchange to a per-deployment audience" — in `v1.7.6` on **2026-04-30**, one day before our 2026-05-01 release. Our `.github/actions/install-mcp-publisher/action.yml` pinned `mcp-publisher` to **v1.5.0**, which sends audience `mcp-registry`. The new registry server requires `https://registry.modelcontextprotocol.io`, mints a 401 on mismatch. ## Fix One-line bump of the pin's default from `v1.5.0` → `v1.7.6`. Added a stanza-level comment with the rationale so future maintainers understand why this can't drift back. ## What this PR does NOT do - Does **not** re-publish v0.5.1 to the MCP registry. Re-running the failed `publish-registry` job on the existing `v0.5.1` tag won't pick up this fix because `actions/checkout@v6` resolves to the tag's commit (which doesn't have the fix). The next release tag-push will exercise the fix end-to-end. Until then, v0.5.1 lives on PyPI but not in the registry directory — purely a metadata gap, not a user-install issue. ## QA ### Manual tests 1. - [ ] Spot-check `.github/actions/install-mcp-publisher/action.yml` shows `default: v1.7.6` and the new explanatory comment. 2. - [ ] CHANGELOG entry lives under `## Unreleased` → `### Fixed` (the next release will roll this up). 3. - [ ] Confirm the v0.5.1 publish.yml [run](https://github.com/cmeans/mcp-synology/actions/runs/25218030961) shows `publish-pypi: SUCCESS`, `github-release: SUCCESS`, `publish-registry: FAILURE` with the cited audience-mismatch error. 4. - [ ] Cross-check the registry release notes for [v1.7.6](https://github.com/modelcontextprotocol/registry/releases/tag/v1.7.6) — first bullet names PR #1229. 5. - [ ] After merge, the next release tag-push (whether 0.5.2 or beyond) should produce a green `publish-registry` job. ### Verification I already ran | Check | Result | |---|---| | `mcp-publisher` v1.7.6 release notes | ✅ confirms PR #1229 is the audience-binding change | | v0.5.1 publish.yml run 25218030961 | publish-pypi green, publish-registry red with the cited error | | `git diff --stat HEAD~1` | 2 files: `.github/actions/install-mcp-publisher/action.yml` + `CHANGELOG.md` | 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: cmeans-claude-dev[bot] <272174644+cmeans-claude-dev[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pvliesdonk
added a commit
to pvliesdonk/fastmcp-server-template
that referenced
this pull request
May 3, 2026
The MCP Registry tightened OIDC token-exchange audience validation in modelcontextprotocol/registry#1229 (merged 2026-04-30): production now expects audience `https://registry.modelcontextprotocol.io`. Publisher v1.5.0 still requests `mcp-registry` and fails with HTTP 401. v1.7.x is the first publisher release that requests the per-deployment audience the registry requires. Bumping pin + SHA-256. Closes #101
3 tasks
Daghis
added a commit
to Daghis/teamcity-mcp
that referenced
this pull request
May 3, 2026
The MCP Registry shipped a breaking OIDC-audience change in v1.7.6 (modelcontextprotocol/registry#1229), causing Login to MCP Registry to fail with "invalid audience: expected https://registry.modelcontextprotocol.io, got [mcp-registry]" on v2.11.0 and v2.12.0 publish runs. v1.7.6 of the publisher CLI sends the new audience. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jordanburke
added a commit
to jordanburke/reddit-mcp-server
that referenced
this pull request
May 22, 2026
The MCP Registry deploy of v1.7.5 (PR modelcontextprotocol/registry#1229) moved OIDC audience binding from a hardcoded 'mcp-registry' constant to per-deployment URLs derived from --registry. Our pinned v1.4.1 binary still requests the legacy audience and is rejected: invalid audience: expected https://registry.modelcontextprotocol.io, got [mcp-registry] v1.4.6 npm publish succeeded but MCP Registry publish failed for this reason. v1.7.9 derives the correct audience by default.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
The publisher CLI now derives the OIDC audience to request from the
--registryURL instead of using a fixed constant, and the server validates the token'saudclaim against a new per-deployment env var (MCP_REGISTRY_GITHUB_OIDC_AUDIENCE).Production sets this env var to
https://registry.modelcontextprotocol.io(and per-environment URL elsewhere), so the deployment only accepts tokens that were requested for it.Compatibility
This is a breaking change for older
mcp-publisherbinaries that still request the legacy hardcoded audience. After this rolls to a deployment, users on oldmcp-publisherwill see a clearinvalid audience: expected …, got […]error and need to upgrade. Users following the documentedreleases/latestinstall pattern get the new binary automatically.Test plan
mcp-publisheragainst the same staging deploy returns the expectedinvalid audienceerror🤖 Generated with Claude Code