diff --git a/auth/oauth_common_handlers.py b/auth/oauth_common_handlers.py
index 0e3d594..e8eab91 100644
--- a/auth/oauth_common_handlers.py
+++ b/auth/oauth_common_handlers.py
@@ -241,7 +241,8 @@ async def handle_oauth_protected_resource(request: Request):
 
     # For streamable-http transport, the MCP server runs at /mcp
     # This is the actual resource being protected
-    resource_url = f"{base_url}/mcp/"
+    # As of August, /mcp is now the proper base - prior was /mcp/
+    resource_url = f"{base_url}/mcp"
 
     # Build metadata response per RFC 9449
     metadata = {
@@ -416,4 +417,4 @@ async def handle_oauth_register(request: Request):
             "error": str(e)
         }, request)
         error = OAuthConfigurationError("Internal server error")
-        return create_oauth_error_response(error, origin)
\ No newline at end of file
+        return create_oauth_error_response(error, origin)