You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/client/elicitation.mdx
+15-9Lines changed: 15 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -322,18 +322,14 @@ Note that complex nested structures, arrays of objects (beyond enums), and other
322
322
323
323
### URL Mode Elicitation Requests
324
324
325
-
URL mode elicitation enables servers to direct users to external URLs for out-of-band interactions that must not pass through the MCP client. This is essential for auth flows, payment processing, and other sensitive or secure operations.
326
-
327
325
<Note>
328
-
**Important**: URL mode elicitation is *not* for authorizing the MCP client's
329
-
access to the MCP server (that's handled by [MCP
330
-
authorization](../basic/authorization)). Instead, it's used when the MCP
331
-
server needs to obtain sensitive information or third-party authorization on
332
-
behalf of the user. The MCP client's bearer token remains unchanged. The
333
-
client's only responsibility is to provide the user with context about the
334
-
elicitation URL the server wants them to open.
326
+
327
+
New feature: URL mode elicitation is newly-introduced in this version of the MCP specification, and its design may evolve in future protocol versions.
328
+
335
329
</Note>
336
330
331
+
URL mode elicitation enables servers to direct users to external URLs for out-of-band interactions that must not pass through the MCP client. This is essential for auth flows, payment processing, and other sensitive or secure operations.
332
+
337
333
URL mode elicitation requests **MUST** specify `mode: "url"`, a `message`, and include these additional parameters:
338
334
339
335
| Name | Type | Description |
@@ -343,6 +339,16 @@ URL mode elicitation requests **MUST** specify `mode: "url"`, a `message`, and i
343
339
344
340
The `url` parameter **MUST** contain a valid URL.
345
341
342
+
<Note>
343
+
**Important**: URL mode elicitation is *not* for authorizing the MCP client's
344
+
access to the MCP server (that's handled by [MCP
345
+
authorization](../basic/authorization)). Instead, it's used when the MCP
346
+
server needs to obtain sensitive information or third-party authorization on
347
+
behalf of the user. The MCP client's bearer token remains unchanged. The
348
+
client's only responsibility is to provide the user with context about the
349
+
elicitation URL the server wants them to open.
350
+
</Note>
351
+
346
352
#### Example: Request Sensitive Data
347
353
348
354
This example shows a URL mode elicitation request directing the user to a secure URL where they can provide sensitive information (an API key, for example).
0 commit comments