Merge branch 'main' into elicitation/expect-server-flag

nbarbettini · web-flow · commit b55f2aeeb79b · 2025-11-20T09:16:45.000-08:00
diff --git a/docs/clients.mdx b/docs/clients.mdx
@@ -11,6 +11,7 @@ This page provides an overview of applications that support the Model Context Pr
 
 {/* prettier-ignore-start */}
 
+
 | Client                                           | [Resources] | [Prompts] | [Tools] | [Discovery] | [Sampling] | [Roots] | [Elicitation] | [Instructions] |
 | ------------------------------------------------ | ----------- | --------- | ------- | ---------------------- | ---------- | ----- | ------------ | -------------- |
 | [5ire][5ire]                                     | ❌          | ❌        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
@@ -48,7 +49,7 @@ This page provides an overview of applications that support the Model Context Pr
 | [Genkit][Genkit]                                 | ⚠️          | ✅        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
 | [Glama][Glama]                                   | ✅          | ✅        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
 | [Gemini CLI][Gemini CLI]                         | ❌          | ✅        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
-| [GenAIScript][GenAIScript]                       | ❌          | ❌        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
+| [GenAIScript][GenAIScript]                       | ✅          | ❌        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
 | [GitHub Copilot coding agent][GitHubCopilotCodingAgent]                       | ❌          | ❌        | ✅      | ❌                     | ❌         | ❌    | ❌            | ❓             |
 | [goose][goose]                                   | ✅          | ✅        | ✅      | ❌                     | ✅         | ❌    | ❌            | ✅             |
 | [gptme][gptme]                                   | ❌          | ❌        | ✅      | ❓                     | ❌         | ❌    | ❓            | ❓             |
diff --git a/docs/specification/draft/basic/authorization.mdx b/docs/specification/draft/basic/authorization.mdx
@@ -203,6 +203,13 @@ MCP supports three client registration mechanisms. Choose based on your scenario
 - **Pre-registration**: When client and server have an existing relationship
 - **Dynamic Client Registration**: For backwards compatibility or specific requirements
 
+Clients supporting all options **SHOULD** follow the following priority order:
+
+1. Use pre-registered client information for the server if the client has it available
+2. Use Client ID Metadata Documents if the Authorization Server indicates if the server supports it (via `client_id_metadata_document_supported` in OAuth Authorization Server Metadata)
+3. Use Dynamic Client Registration as a fallback if the Authorization Server supports it (via `registration_endpoint` in OAuth Authorization Server Metadata)
+4. Prompt the user if no other option is available
+
 ### Client ID Metadata Documents
 
 MCP clients and authorization servers **SHOULD** support OAuth Client ID Metadata Documents as specified in
@@ -630,21 +637,8 @@ The authorization server takes a URL as input from an unknown client and fetches
 A malicious client could use this to trigger the authorization server to make requests to arbitrary URLs,
 such as requests to private administration endpoints the authorization server has access to.
 
-Authorization servers fetching metadata documents **MUST** protect against
-[Server-Side Request Forgery (SSRF)](https://developer.mozilla.org/docs/Web/Security/Attacks/SSRF) attacks,
-as well as against being used as Denial of Service (DoS) amplifiers:
-
-- Validate URLs and resolved IP addresses before fetching
-- Limit response size (recommended 5 kilobytes)
-- Implement request timeouts
-- Implement aggressive caching of metadata documents (respecting HTTP cache headers)
-- Never cache error responses or invalid documents
-- Rate limit metadata fetch requests per client
-- Monitor and alert on unusual metadata fetch patterns
-- Only fetch client metadata after authenticating the user
-
-While there is no amplification in the fetch request bandwidth, aggressive caching minimizes
-the risk of authorization servers being used in distributed denial of service attacks.
+Authorization servers fetching metadata documents **SHOULD** consider
+[Server-Side Request Forgery (SSRF)](https://developer.mozilla.org/docs/Web/Security/Attacks/SSRF) risks, as described in [OAuth Client ID Metadata Document: Server Side Request Forgery (SSRF) Attacks](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-client-id-metadata-document-00#name-server-side-request-forgery).
 
 #### Localhost Redirect URI Risks
 
