You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -269,15 +269,14 @@ Servers **MUST** return appropriate HTTP status codes for authorization errors:
269
269
270
270
## 3. Security Considerations
271
271
272
-
### 3.1 Client Token Theft
273
-
Attackers who obtain tokens stored by the client can access protected resources with
272
+
### 3.1 Token Theft
273
+
Attackers who obtain tokens stored by the client, by accessing tokens cached or logged on the server can access protected resources with
274
274
requests that appear legitimate to resource servers.
275
275
276
276
Clients **MUST** implement secure token storage and follow OAuth 2.0 best practices,
277
277
as outlined in [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700).
278
278
279
-
### 3.2 Server Token Theft
280
-
An attacker who compromises an MCP authorization server may access stored tokens. MCP authorization servers SHOULD enforce token expiration and rotation to limit the window of exploitation.
279
+
MCP authorization servers SHOULD enforce token expiration and rotation to limit the window of exploitation.
281
280
282
281
### 3.3 Token Interception
283
282
An attacker positioned between MCP clients and MCP servers can intercept tokens via [Man-in-the-Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks.
MCP clients **SHOULD** use and verify state parameters in the authorization code flow
300
299
and discard any results that do not include or have a mis-match with the original state.
301
300
302
-
### 3.5 Insecure Redirect URIs
303
-
An attacker can capture data transmitted to non-secure endpoints. Redirect URIs MUST be either localhost URLs or HTTPS URLs to prevent token and code interception.
304
301
305
-
### 3.6 Confused Deputy Problem
302
+
### 3.5 Confused Deputy Problem
306
303
An attacker can exploit OAuth proxy configurations that share 3rd party client credentials across multiple users. When an MCP server fronts another authorization server that does not support dynamic client registration, the MCP uses a static client_id with the backing service. If the backing service sets cookies after user authorization, an attacker can craft malicious authorization requests that bypass consent screens for previously authorized applications. MCP servers using a static client_id for a backing service MUST require explicit approval for each newly registered dynamic client prior to forwarding requests to the backing authorization server for user consent.
0 commit comments