fix AS example and add readme

ihrpr · ihrpr · commit 96acbc131dc3 · 2025-06-20T22:12:17.000+01:00
diff --git a/examples/servers/simple-auth/mcp_simple_auth/auth_server.py b/examples/servers/simple-auth/mcp_simple_auth/auth_server.py
@@ -113,16 +113,20 @@ async def introspect_handler(request: Request) -> Response:
             return JSONResponse({"active": False})
 
         # Return token info for Resource Server
-        return JSONResponse(
-            {
-                "active": True,
-                "client_id": access_token.client_id,
-                "scope": " ".join(access_token.scopes),
-                "exp": access_token.expires_at,
-                "iat": int(time.time()),
-                "token_type": "Bearer",
-            }
-        )
+        response_data = {
+            "active": True,
+            "client_id": access_token.client_id,
+            "scope": " ".join(access_token.scopes),
+            "exp": access_token.expires_at,
+            "iat": int(time.time()),
+            "token_type": "Bearer",
+        }
+        
+        # Include audience claim for RFC 8707 resource validation
+        if access_token.resource:
+            response_data["aud"] = access_token.resource
+            
+        return JSONResponse(response_data)
 
     routes.append(
         Route(
