From 0082b7eecdeb1cab85dd4f009919c4cd4f69c711 Mon Sep 17 00:00:00 2001
From: Paul Carleton <paulc@anthropic.com>
Date: Thu, 29 Jan 2026 17:54:18 +0000
Subject: [PATCH] feat: move march back-compat auth tests to optional
 backcompat suite

Move auth/2025-03-26-oauth-metadata-backcompat and
auth/2025-03-26-oauth-endpoint-fallback out of the required
authScenariosList into a new backcompatScenariosList.

These test backward compatibility with the old 2025-03-26 auth spec
(no PRM, OAuth metadata at server root) which is not part of the
current spec requirements.

- Add new 'backcompat' client suite
- Back-compat scenarios remain in the 'all' suite
- Removed from 'core' and 'auth' suites
- Add separate test describe block for back-compat scenarios

Closes #126
---
 src/index.ts                            |  6 ++++--
 src/scenarios/client/auth/index.test.ts | 15 ++++++++++++++-
 src/scenarios/client/auth/index.ts      |  8 ++++++--
 src/scenarios/index.ts                  | 13 +++++++++++--
 4 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 039b042..7be7ed0 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -18,7 +18,8 @@ import {
   listAuthScenarios,
   listMetadataScenarios,
   listCoreScenarios,
-  listExtensionScenarios
+  listExtensionScenarios,
+  listBackcompatScenarios
 } from './scenarios';
 import { ConformanceCheck } from './types';
 import { ClientOptionsSchema, ServerOptionsSchema } from './schemas';
@@ -69,6 +70,7 @@ program
           all: listScenarios,
           core: listCoreScenarios,
           extensions: listExtensionScenarios,
+          backcompat: listBackcompatScenarios,
           auth: listAuthScenarios,
           metadata: listMetadataScenarios,
           'sep-835': () =>
@@ -182,7 +184,7 @@ program
         console.error('\nAvailable client scenarios:');
         listScenarios().forEach((s) => console.error(`  - ${s}`));
         console.error(
-          '\nAvailable suites: all, core, extensions, auth, metadata, sep-835'
+          '\nAvailable suites: all, core, extensions, backcompat, auth, metadata, sep-835'
         );
         process.exit(1);
       }
diff --git a/src/scenarios/client/auth/index.test.ts b/src/scenarios/client/auth/index.test.ts
index daef5ea..e43f0d3 100644
--- a/src/scenarios/client/auth/index.test.ts
+++ b/src/scenarios/client/auth/index.test.ts
@@ -1,4 +1,4 @@
-import { authScenariosList } from './index';
+import { authScenariosList, backcompatScenariosList } from './index';
 import {
   runClientAgainstScenario,
   InlineClientRunner
@@ -48,6 +48,19 @@ describe('Client Auth Scenarios', () => {
   }
 });
 
+describe('Client Back-compat Scenarios', () => {
+  for (const scenario of backcompatScenariosList) {
+    test(`${scenario.name} passes`, async () => {
+      const clientFn = getHandler(scenario.name);
+      if (!clientFn) {
+        throw new Error(`No handler registered for scenario: ${scenario.name}`);
+      }
+      const runner = new InlineClientRunner(clientFn);
+      await runClientAgainstScenario(runner, scenario.name);
+    });
+  }
+});
+
 describe('Negative tests', () => {
   test('bad client requests root PRM location', async () => {
     const runner = new InlineClientRunner(badPrmClient);
diff --git a/src/scenarios/client/auth/index.ts b/src/scenarios/client/auth/index.ts
index 115ded5..7f75113 100644
--- a/src/scenarios/client/auth/index.ts
+++ b/src/scenarios/client/auth/index.ts
@@ -28,8 +28,6 @@ import { PreRegistrationScenario } from './pre-registration';
 export const authScenariosList: Scenario[] = [
   ...metadataScenarios,
   new AuthBasicCIMDScenario(),
-  new Auth20250326OAuthMetadataBackcompatScenario(),
-  new Auth20250326OEndpointFallbackScenario(),
   new ScopeFromWwwAuthenticateScenario(),
   new ScopeFromScopesSupportedScenario(),
   new ScopeOmittedWhenUndefinedScenario(),
@@ -42,6 +40,12 @@ export const authScenariosList: Scenario[] = [
   new PreRegistrationScenario()
 ];
 
+// Back-compat scenarios (optional - backward compatibility with older spec versions)
+export const backcompatScenariosList: Scenario[] = [
+  new Auth20250326OAuthMetadataBackcompatScenario(),
+  new Auth20250326OEndpointFallbackScenario()
+];
+
 // Extension scenarios (optional for tier 1 - protocol extensions)
 export const extensionScenariosList: Scenario[] = [
   new ClientCredentialsJwtScenario(),
diff --git a/src/scenarios/index.ts b/src/scenarios/index.ts
index 0c3e4aa..6e17101 100644
--- a/src/scenarios/index.ts
+++ b/src/scenarios/index.ts
@@ -53,7 +53,11 @@ import {
 
 import { DNSRebindingProtectionScenario } from './server/dns-rebinding';
 
-import { authScenariosList, extensionScenariosList } from './client/auth/index';
+import {
+  authScenariosList,
+  backcompatScenariosList,
+  extensionScenariosList
+} from './client/auth/index';
 import { listMetadataScenarios } from './client/auth/discovery-metadata';
 
 // Pending client scenarios (not yet fully tested/implemented)
@@ -137,13 +141,14 @@ export const clientScenarios = new Map<string, ClientScenario>(
   allClientScenariosList.map((scenario) => [scenario.name, scenario])
 );
 
-// All client test scenarios (core + extensions)
+// All client test scenarios (core + backcompat + extensions)
 const scenariosList: Scenario[] = [
   new InitializeScenario(),
   new ToolsCallScenario(),
   new ElicitationClientDefaultsScenario(),
   new SSERetryScenario(),
   ...authScenariosList,
+  ...backcompatScenariosList,
   ...extensionScenariosList
 ];
 
@@ -201,4 +206,8 @@ export function listExtensionScenarios(): string[] {
   return extensionScenariosList.map((scenario) => scenario.name);
 }
 
+export function listBackcompatScenarios(): string[] {
+  return backcompatScenariosList.map((scenario) => scenario.name);
+}
+
 export { listMetadataScenarios };