From 1d28440997ccd39d6e4f564e53583cbe70248af0 Mon Sep 17 00:00:00 2001
From: Roee Hershko <roee.hershko@riskified.com>
Date: Mon, 29 Sep 2025 16:02:03 +0300
Subject: [PATCH] add azp claim

---
 src/fastmcp/server/auth/providers/jwt.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/fastmcp/server/auth/providers/jwt.py b/src/fastmcp/server/auth/providers/jwt.py
index 5eccb82b3..717ee61f2 100644
--- a/src/fastmcp/server/auth/providers/jwt.py
+++ b/src/fastmcp/server/auth/providers/jwt.py
@@ -381,7 +381,12 @@ async def load_access_token(self, token: str) -> AccessToken | None:
             claims = self.jwt.decode(token, verification_key)
 
             # Extract client ID early for logging
-            client_id = claims.get("client_id") or claims.get("sub") or "unknown"
+            client_id = (
+                claims.get("client_id")
+                or claims.get("azp")
+                or claims.get("sub")
+                or "unknown"
+            )
 
             # Validate expiration
             exp = claims.get("exp")