You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+11Lines changed: 11 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -703,3 +703,14 @@ MCP clients **MUST** implement and use the `resource` parameter as defined in [R
703
703
to explicitly specify the target resource for which the token is being requested. This requirement aligns with the recommendation in
704
704
[RFC 9728 Section 7.4](https://datatracker.ietf.org/doc/html/rfc9728#section-7.4). This ensures that access tokens are bound to their intended resources and
705
705
cannot be misused across different services.
706
+
707
+
## MCP Authorization Extensions
708
+
709
+
There are several authorization extensions to the core protocol that define additional authorization mechanisms. These extensions are:
710
+
711
+
-**Optional** - Implementations can choose to adopt these extensions
712
+
-**Additive** - Extensions do not modify or break core protocol functionality; they add new capabilities while preserving core protocol behavior
713
+
-**Composable** - Extensions are modular and designed to work together without conflicts, allowing implementations to adopt multiple extensions simultaneously
714
+
-**Versioned independently** - Extensions follow the core MCP versioning cycle but may adopt independent versioning as needed
715
+
716
+
A list of supported extensions can be found in the [MCP Authorization Extensions](https://github.com/modelcontextprotocol/ext-auth) repository.
0 commit comments