Clarification

localden · localden · commit 2f595ad6a8ee · 2025-09-23T10:56:00.000-07:00
diff --git a/docs/docs/tutorials/security/authorization.mdx b/docs/docs/tutorials/security/authorization.mdx
@@ -104,7 +104,7 @@ In case a MCP client connects to a MCP server that doesn't use an authorization
 </Step>
 
 <Step title="User Authorization">
-The client will now need to open a browser to the `/authorize` endpoint, where the user can log in and grant the required permissions. The authorization server will redirect back to the client with an authorization code that the client exchanges for tokens:
+The client will now need to open a browser to the `/authorize` endpoint, where the user can log in and grant the required permissions. The authorization server will then redirect back to the client with an authorization code that the client exchanges for tokens:
 
 ```json
 {
@@ -115,7 +115,7 @@ The client will now need to open a browser to the `/authorize` endpoint, where t
 }
 ```
 
-The access token is what the client will use to authenticate requests to the MCP server.
+The access token is what the client will use to authenticate requests to the MCP server. This step follows standard [OAuth 2.1 authorization code with PKCE](https://oauth.net/2/grant-types/authorization-code/) conventions.
 
 </Step>
 

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ In case a MCP client connects to a MCP server that doesn't use an authorization`
`104`	`104`	`</Step>`
`105`	`105`
`106`	`106`	`<Step title="User Authorization">`
`107`		-The client will now need to open a browser to the `/authorize` endpoint, where the user can log in and grant the required permissions. The authorization server will redirect back to the client with an authorization code that the client exchanges for tokens:
	`107`	+The client will now need to open a browser to the `/authorize` endpoint, where the user can log in and grant the required permissions. The authorization server will then redirect back to the client with an authorization code that the client exchanges for tokens:
`108`	`108`
`109`	`109`	```json
`110`	`110`	`{`
@@ -115,7 +115,7 @@ The client will now need to open a browser to the `/authorize` endpoint, where t
`115`	`115`	`}`
`116`	`116`	```
`117`	`117`
`118`		`-The access token is what the client will use to authenticate requests to the MCP server.`
	`118`	`+The access token is what the client will use to authenticate requests to the MCP server. This step follows standard [OAuth 2.1 authorization code with PKCE](https://oauth.net/2/grant-types/authorization-code/) conventions.`
`119`	`119`
`120`	`120`	`</Step>`
`121`	`121`