Skip to content

Commit a45cad7

Browse files
localdenlocalden
committed
Update authorization.mdx
1 parent eeebf87 commit a45cad7

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

docs/specification/draft/basic/authorization.mdx

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,8 @@ Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
269269

270270
MCP servers, acting in their role as an OAuth 2.1 resource server, **MUST** validate access tokens as described in
271271
[OAuth 2.1 Section 5.2](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-5.2).
272+
MCP servers **MUST** validate that access tokens were issued specifically for them as the intended audience,
273+
according to [RFC 8707 Section 2](https://www.rfc-editor.org/rfc/rfc8707.html#section-2).
272274
If validation fails, servers **MUST** respond according to
273275
[OAuth 2.1 Section 5.3](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-5.3)
274276
error handling requirements. Invalid or expired tokens **MUST** receive a HTTP 401
@@ -359,9 +361,11 @@ MCP servers **MUST** validate access tokens before processing the request, ensur
359361

360362
A MCP server **MUST** follow the guidelines in [OAuth 2.1 - Section 5.2](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#section-5.2) to validate inbound tokens.
361363

362-
MCP servers **MUST** only accept tokens specifically intended for themselves.
364+
MCP servers **MUST** only accept tokens specifically intended for themselves and **MUST** reject tokens that do not include them in the audience claim or otherwise verify that they are the intended recipient of the token. See [Security Best Practices](../security_best_practices) for details.
363365

364366
If the MCP server makes requests to upstream APIs, it may act as an OAuth client to them. The access token used at the upstream API is a seperate token, issued by the upstream authorization server. The MCP server **MUST NOT** pass through the token it received from the MCP client.
365367

366-
MCP clients **MUST** implement and use the `resource` parameter as defined in [RFC 8707 - Resource Indicators for OAuth 2.0](https://www.rfc-editor.org/rfc/rfc8707.html) to explicitly specify the target resource for which the token is being requested.
367-
This ensures that access tokens are bound to their intended resources and cannot be misused across different services.
368+
MCP clients **MUST** implement and use the `resource` parameter as defined in [RFC 8707 - Resource Indicators for OAuth 2.0](https://www.rfc-editor.org/rfc/rfc8707.html)
369+
to explicitly specify the target resource for which the token is being requested. This requirement aligns with the recommendation in
370+
[RFC 9728 Section 7.4](https://datatracker.ietf.org/doc/html/rfc9728#section-7.4). This ensures that access tokens are bound to their intended resources and
371+
cannot be misused across different services.

0 commit comments

Comments
 (0)