Update docs/specification/draft/basic/authorization.mdx

Co-authored-by: Aaron Parecki <[email protected]>

Author: localden

docs/specification/draft/basic/authorization.mdx

@@ -276,7 +276,7 @@ An attacker positioned between MCP clients and MCP servers can intercept tokens
 Implementations MUST follow [OAuth 2.1 section 1.5](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-1.5).
 
 Specifically:
-1. All authorization endpoints **MUST** be served over HTTPS.
+1. All authorization server endpoints **MUST** be served over HTTPS.
 1. All redirect URIs **MUST** be either `localhost` or use HTTPS.
 
 ### 3.3 Authorization Code Protection