Skip to content

Commit 30796d0

Browse files
pcarletonpcarleton
committed
some clean up
1 parent 9992fe6 commit 30796d0

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

docs/specification/draft/basic/authorization.mdx

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -303,21 +303,21 @@ An attacker can exploit configurations where an MCP server operates as a proxy i
303303

304304
#### 3.4.1 Terminology
305305

306-
MCP Proxy Server
306+
**MCP Proxy Server**
307307
: An MCP server that acts as an intermediary between MCP clients and a protected
308308
third-party API. The MCP proxy server provides MCP functionality while delegating
309309
API operations to a third-party API server. The MCP proxy server acts as a single OAuth client to the third-party API server.
310310

311-
Third-Party Authorization Server
311+
**Third-Party Authorization Server**
312312
: The authorization server that protects access to the third-party API. This server may not
313313
support dynamic client registration, requiring the MCP proxy server to use a single static
314314
client ID for all requests.
315315

316-
Third-Party API
316+
**Third-Party API**
317317
: The protected resource server that provides the actual API functionality. Access to this
318318
API requires tokens issued by the third-party authorization server.
319319

320-
Static Client ID
320+
**Static Client ID**
321321
: A fixed OAuth 2.0 client identifier used by the MCP proxy server when communicating with
322322
the third-party authorization server, shared across all MCP clients.
323323

@@ -343,10 +343,11 @@ sequenceDiagram
343343
TAS->>UA: Set consent cookie for client ID: mcp-proxy
344344
TAS->>UA: 3P Authorization code + redirect to mcp-proxy-server.com
345345
UA->>M: 3P Authorization code
346-
Note over M: Store 3rd party access token
346+
Note over M,TAS: Exchange 3P code for 3P token
347+
Note over M: Generate MCP authorization code
347348
M->>UA: Redirect to MCP Client with MCP authorization code
348349
349-
Note over M,UA: Exchange code for token, use token
350+
Note over M,UA: Exchange code for token, etc.
350351
351352
Note over UA,A: Step 2: Attack (leveraging existing cookie)
352353
A->>M: Dynamically register malicious client, redirect_uri: attacker.com
@@ -356,7 +357,8 @@ sequenceDiagram
356357
357358
TAS->>UA: 3P Authorization code + redirect to mcp-proxy-server.com
358359
UA->>M: 3P Authorization code
359-
Note over M: Store 3rd party access token
360+
Note over M,TAS: Exchange 3P code for 3P token
361+
Note over M: Generate MCP authorization code
360362
M->>UA: Redirect to attacker.com with MCP Authorization code
361363
UA->>A: MCP Authorization code delivered to attacker.com
362364
Note over M,A: Attacker exchanges MCP code for MCP token

0 commit comments

Comments
 (0)