You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+16-2Lines changed: 16 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -271,10 +271,24 @@ as outlined in [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700).
271
271
An attacker who compromises an MCP authorization server may access stored tokens. MCP authorization servers SHOULD enforce token expiration and rotation to limit the window of exploitation.
272
272
273
273
### 3.3 Token Interception
274
-
An attacker positioned between clients and servers can intercept tokens transmitted over insecure connections. All authorization endpoints MUST be served over HTTPS. Clients MUST implement PKCE according to [OAuth 2.1 section 7.5.2](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-countermeasures)
274
+
An attacker positioned between MCP clients and MCP servers can intercept tokens via [Man-in-the-Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks.
275
+
276
+
To mitigate the risk of this threat:
277
+
278
+
1. All authorization endpoints **MUST** be served over HTTPS.
279
+
1. MCP clients **MUST** implement PKCE according to [OAuth 2.1 section 7.5.2](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-countermeasures). PKCE helps prevent authorization code interception attacks by requiring clients to create a secret verifier-challenge pair, ensuring that only the original requestor can exchange an authorization code for tokens.
280
+
1. All redirect URIs **MUST** be either `localhost` or use HTTPS to prevent token and code interception.
275
281
276
282
### 3.4 Open Redirection
277
-
An attacker may craft malicious redirect URIs to direct users to phishing sites. MCP authorization servers MUST validate redirect URIs against pre-registered values to prevent redirection attacks.
283
+
An attacker may craft malicious redirect URIs to direct users to phishing sites
284
+
and intercept credentials during the authorization flow.
285
+
286
+
MCP clients **MUST** have redirect URIs registered with the authorization server.
287
+
288
+
Authorization servers **MUST** validate exact redirect URIs against pre-registered values to prevent redirection attacks.
289
+
290
+
MCP clients **SHOULD** use and verify state parameters in the authorization code flow
291
+
and discard any results that do not include or have a mis-match with the original state.
278
292
279
293
### 3.5 Insecure Redirect URIs
280
294
An attacker can capture data transmitted to non-secure endpoints. Redirect URIs MUST be either localhost URLs or HTTPS URLs to prevent token and code interception.
0 commit comments