You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+12Lines changed: 12 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -297,3 +297,15 @@ Authorization servers **MUST** take precautions to prevent redirecting user agen
297
297
298
298
Authorization servers **SHOULD** only automatically redirect the user agent if it trusts the redirection URI. If the URI is not trusted, the authorization server MAY inform the user and rely on the user to make the correct decision.
299
299
300
+
### 3.4 Confused Deputy Problem
301
+
302
+
An attacker can exploit OAuth proxy configurations that share third-party client credentials
303
+
across multiple users.
304
+
305
+
When an MCP server fronts an authorization server that does not support dynamic client
306
+
registration, the MCP server will use a static client ID to acquire credentials for the
307
+
upstream API.
308
+
309
+
If the the backing authorization server sets cookies after user consent, an attacker can craft malicious authorization requests that bypass consent flows for previously authorized applications.
310
+
311
+
MCP servers using a static client_id for a backing service MUST require explicit approval for each newly registered dynamic client prior to forwarding requests to the backing authorization server for user consent.
0 commit comments