Commit 4528444
SEP-1036: URL Mode Elicitation for secure out-of-band interactions (modelcontextprotocol#887)
* Out of band elicitation
* Revisions
* Fixing errata
* Fix format
* Clean up document structure
* Implementation Considerations section
* Cleanup
* Additional clarification on how OOBE is distinct from MCP auth
* Fix schema nits
* Clean up nits
* More nit cleanup
* Update changelog
* phishing applies outside of oauth
* update schema request params
* Update docs/specification/draft/client/elicitation.mdx
Co-authored-by: Geoff Goodman <[email protected]>
* More concise schema expr
* Update docs/specification/draft/client/elicitation.mdx
Co-authored-by: Josh Cunningham <[email protected]>
* Change oob to url
* Clarify URL elicitation note language
* Change requirements to recommendations for ssrf
* Change bad elicitation/track from ignore to error
* Clarify user identification for stdio vs remote
* make links relative for easier versioning switches
* Fixes from review
* add browser guidance
* update schema with new references
* add elicitation/track request to schema
* fix broken links
* typos
* Consistent terminology
* Update docs/specification/draft/client/elicitation.mdx
Co-authored-by: Den Delimarsky 🌺 <[email protected]>
* Updates from review
* make third-party auth example less specific
* clarify user identification language
* update error code to non-reserved
* minor wording clarifications
* Add security consideration feedback for phishing flow around OAuth
* Clarify elicitation request binding
* clarify client URL security responsibilities and remove SSRF section
* disambiguate: downstream->external
* Update docs/specification/draft/client/elicitation.mdx
Co-authored-by: Paul Carleton <[email protected]>
* Remove note about elicitation changing
* Clarify and link to progress utility page
* Fixup changelog
* More cleanup
* Use notifications instead of progress
* Tweak client wording
* Tweak safe URL handling, HTTPS guidance
* Wording of secure browser handling
* Note that cancel includes browser failed
* Allow back compat on elicitation capability object
* Use error code -32042, rename error to UrlElicitationRequiredError
* Clarify that UrlElicitationRequiredError only applies to URL elicitations
* Clarify at least once delivery
* Clarify pre-authenticated links are bad
* Rename notification
* format check
* nit: Update notification name
* fix formatting with prettier
* Fix schema categories
* Auto-gen schema
* Clean up ElicitRequestParams schema
---------
Co-authored-by: Wils Dawson <[email protected]>
Co-authored-by: Geoff Goodman <[email protected]>
Co-authored-by: Josh Cunningham <[email protected]>
Co-authored-by: Den Delimarsky 🌺 <[email protected]>
Co-authored-by: Paul Carleton <[email protected]>1 parent 9ecf98e commit 4528444
File tree
8 files changed
+828
-185
lines changed- docs
- legacy/concepts
- specification/draft
- basic
- client
- schema/draft
8 files changed
+828
-185
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
201 | 201 | | |
202 | 202 | | |
203 | 203 | | |
| 204 | + | |
| 205 | + | |
| 206 | + | |
204 | 207 | | |
205 | 208 | | |
206 | 209 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
64 | 64 | | |
65 | 65 | | |
66 | 66 | | |
67 | | - | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
68 | 71 | | |
69 | 72 | | |
70 | 73 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| 17 | + | |
17 | 18 | | |
18 | 19 | | |
19 | 20 | | |
| |||
0 commit comments