​

fastmcp.server.auth.redirect_validation

​

Functions

​

matches_allowed_pattern

matches_allowed_pattern(uri: str, pattern: str) -> bool

• http://localhost:* matches any localhost port
• http://127.0.0.1:* matches any 127.0.0.1 port
• https://.example.com/ matches any subdomain of example.com
• https://app.example.com/auth/* matches any path under /auth/

• uri: The redirect URI to validate
• pattern: The allowed pattern (may contain wildcards)

• True if the URI matches the pattern

​

validate_redirect_uri

validate_redirect_uri(redirect_uri: str | AnyUrl | None, allowed_patterns: list[str] | None) -> bool

• redirect_uri: The redirect URI to validate
• allowed_patterns: List of allowed patterns. If None, all URIs are allowed (for DCR compatibility). If empty list, no URIs are allowed. To restrict to localhost only, explicitly pass DEFAULT_LOCALHOST_PATTERNS.

• True if the redirect URI is allowed