Description
Initial Checks
- I confirm that I'm using the latest version of MCP Python SDK
- I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue
Description
The behavior of the streamable-http transport differs between local testing and deployment on a public server: while it works as expected locally, it fails after authorization when deployed on Azure.
I have developed an MCP server that requires authorization in order to interact with GraphAPI. I've tested it locally through MCP Inspector v0.14.3 with streamable-http transport without issues. When deploying the server to Azure, I consistently encounter an issue that only occurs when using the streamable-http transport.
The authorization section passes with no issues
but when Connect is clicked it gives error:
While it is true that the redirect_uris do not match (it's supposed to be http://localhost:6274/oauth/callback/debug, not http://localhost:6274/oauth/callback) I do not believe that the redirect_uri value is the source of the problem, since in the token request phase the comparison is successful. The problem is actually caused by a POST request that returns an unauthorized response:
locally this POST request is authorized without any issues. Since the POST request is unauthorized it goes back to that GET request with the wrong redirect_uri. Even if the redirect_uri matched, the flow would still enter a continuous loop: the user is prompted to authorize, but the subsequent POST fails again.
When SSE is used as transport the server works.
I would appreciate any insights from others who may have encountered and resolved similar issues with streamable-http when deployed publicly, particularly on Azure.
Example Code
Python & MCP Python SDK
Python 3.12
MCP Python SDK 1.10.1