You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+1-6Lines changed: 1 addition & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,12 +88,7 @@ the `authorization_servers` field containing at least one authorization server.
88
88
89
89
The specific use of `authorization_servers` is beyond the scope of this specification; implementers should consult
90
90
the [OAuth 2.0 Protected Resource Metadata](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-13) documentation for
91
-
guidance on implementation details.
92
-
93
-
Protected Resource Metadata documents can define multiple authorization servers. Most MCP server
94
-
implementations will only require a single authorization server entry.
95
-
96
-
The responsibility for selecting which authorization server to use lies with the MCP client, following the guidelines specified in
91
+
guidance on implementation details. Implementors should note that Protected Resource Metadata documents can define multiple authorization servers. The responsibility for selecting which authorization server to use lies with the MCP client, following the guidelines specified in
MCP servers **MUST** use the HTTP header `WWW-Authenticate` when returning a _401 Unauthorized_ to indicate the location of the resource server metadata URL
0 commit comments