Skip to content

Commit 2eada8a

Browse files
committed
split to 2 sequence diagrams
1 parent 68ec276 commit 2eada8a

File tree

1 file changed

+17
-3
lines changed

1 file changed

+17
-3
lines changed

docs/specification/draft/basic/security_best_practices.mdx

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,16 @@ Attackers can exploit MCP servers proxying other resource servers, creating "[co
3636
to the Third-Party API. It is the same value for all MCP server to Third-Party API interactions regardless of
3737
which MCP client initiated the request.
3838

39-
#### 2.1.2 Architecture and Attack Flow
39+
#### 2.1.2 Architecture and Attack Flows
40+
41+
##### 2.1.2.1 Normal OAuth proxy usage (preserves user consent)
4042

4143
```mermaid
4244
sequenceDiagram
4345
participant UA as User-Agent (Browser)
4446
participant MC as MCP Client
4547
participant M as MCP Proxy Server
4648
participant TAS as Third-Party Authorization Server
47-
participant A as Attacker
4849
4950
Note over UA,M: Initial Auth flow completed
5051
@@ -63,12 +64,25 @@ sequenceDiagram
6364
M->>UA: Redirect to MCP Client with MCP authorization code
6465
6566
Note over M,UA: Exchange code for token, etc.
67+
```
68+
69+
##### 2.1.2.3 Malicious OAuth proxy usage (skips user consent)
70+
71+
```mermaid
72+
sequenceDiagram
73+
participant UA as User-Agent (Browser)
74+
participant M as MCP Proxy Server
75+
participant TAS as Third-Party Authorization Server
76+
participant A as Attacker
77+
6678
67-
Note over UA,A: Step 2: Attack (leveraging existing cookie)
79+
Note over UA,A: Step 2: Attack (leveraging existing cookie, skipping consent)
6880
A->>M: Dynamically register malicious client, redirect_uri: attacker.com
6981
A->>UA: Sends malicious link
7082
UA->>TAS: Authorization request (client_id: mcp-proxy) + consent cookie
83+
rect rgba(255, 17, 0, 0.67)
7184
TAS->>TAS: Cookie present, consent skipped
85+
end
7286
7387
TAS->>UA: 3P Authorization code + redirect to mcp-proxy-server.com
7488
UA->>M: 3P Authorization code

0 commit comments

Comments
 (0)