You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+12-5Lines changed: 12 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -259,22 +259,29 @@ Implementations **MUST** follow OAuth 2.1 security best practices. Refer to
259
259
[RFC9700](https://datatracker.ietf.org/doc/html/rfc9700) for details.
260
260
261
261
### 3.1 Token Theft
262
-
Attackers who obtain tokens stored by the client, by accessing tokens cached or logged on the server can access protected resources with
262
+
Attackers who obtain tokens stored by the client, or tokens cached or logged on the server can access protected resources with
263
263
requests that appear legitimate to resource servers.
264
264
265
265
Clients **MUST** implement secure token storage and follow OAuth 2.0 best practices,
266
266
as outlined in [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700).
267
267
268
268
MCP authorization servers SHOULD enforce token expiration and rotation to limit the window of exploitation.
269
269
270
-
### 3.2 Token Interception
270
+
### 3.2 Communication Security
271
271
An attacker positioned between MCP clients and MCP servers can intercept tokens via [Man-in-the-Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks.
272
272
273
-
To mitigate the risk of this threat:
273
+
Implementations MUST follow [OAuth 2.1 section 1.5](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-1.5).
274
274
275
+
Specifically:
275
276
1. All authorization endpoints **MUST** be served over HTTPS.
276
-
1. MCP clients **MUST** implement PKCE according to [OAuth 2.1 section 7.5.2](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-countermeasures). PKCE helps prevent authorization code interception attacks by requiring clients to create a secret verifier-challenge pair, ensuring that only the original requestor can exchange an authorization code for tokens.
277
-
1. All redirect URIs **MUST** be either `localhost` or use HTTPS to prevent token and code interception.
277
+
1. All redirect URIs **MUST** be either `localhost` or use HTTPS.
278
+
279
+
### 3.3 Authorization Code Protection
280
+
281
+
An attacker who has gained access to an authorization code contained in an authorization response can try to redeem the authorization code for an access token or otherwise make use of the authorization code. (Further described in [RFC 9700 Section 4.5](https://www.rfc-editor.org/rfc/rfc9700.html#name-authorization-code-injectio))
282
+
283
+
MCP clients **MUST** implement PKCE according to [OAuth 2.1 section 7.5.2](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-countermeasures). PKCE helps prevent authorization code interception attacks by requiring clients to create a secret verifier-challenge pair, ensuring that only the original requestor can exchange an authorization code for tokens.
284
+
278
285
279
286
### 3.3 Open Redirection
280
287
An attacker may craft malicious redirect URIs to direct users to phishing sites
0 commit comments