Skip to content

Commit c8567fb

Browse files
localdenaaronpk
localden
and
aaronpk
authored
Update docs/specification/draft/basic/authorization.mdx
Co-authored-by: Aaron Parecki <[email protected]>
1 parent d317be6 commit c8567fb

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

docs/specification/draft/basic/authorization.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -265,7 +265,7 @@ Implementations **MUST** follow OAuth 2.1 security best practices as laid out in
265265
Attackers who obtain tokens stored by the client, or tokens cached or logged on the server can access protected resources with
266266
requests that appear legitimate to resource servers.
267267

268-
Clients **MUST** implement secure token storage and follow OAuth 2.0 best practices,
268+
Clients **MUST** implement secure token storage and follow OAuth best practices,
269269
as outlined in [OAuth 2.1, section 7.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-7.1).
270270

271271
MCP authorization servers SHOULD issue short-lived access tokens token to reduce the impact of leaked tokens. For public clients, MCP authorization servers MUST rotate refresh tokens as described in [Section 4.3.1 of OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-4.3.1).

0 commit comments

Comments
 (0)