Skip to content

Commit bfbd978

Browse files
PieterKasPieterKas
authored
Update specification/draft/workload-identity-federation.mdx
1 parent 13b5523 commit bfbd978

File tree

1 file changed

+14
-26
lines changed

1 file changed

+14
-26
lines changed

specification/draft/workload-identity-federation.mdx

Lines changed: 14 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -85,32 +85,20 @@ The message flow combines using a JWT as an authorization grant as define in [RF
8585
The complete Workload Identity Federation flow proceeds as follows:
8686

8787
```
88-
┌──────────┐ ┌──────────────────┐ ┌──────────┐
89-
│ │ │ │ │ │
90-
│ MCP │ │ Authorization │ │ MCP │
91-
│ Client │ │ Server │ │ Server │
92-
│ │ │ │ │ │
93-
└──────────┘ └──────────────────┘ └──────────┘
94-
│ │ │
95-
│ 1. Request Access Token │ │
96-
│--------------------------->│ │
97-
│ │ │
98-
│ 2. Determine Issuer Key Location │
99-
│ │ │
100-
│ 3. Obtain Issuer Keys │
101-
│ │ │
102-
│ 4. Validate JWT │
103-
│ │ │
104-
│ 5. Return Access Token │ │
105-
│<---------------------------│ │
106-
│ 6. MCP Server Access │
107-
│--------------------------------------------------------->│
108-
│ │
109-
│ 7. Validate Access Token
110-
│ 8. MCP Server Response │
111-
│<---------------------------------------------------------│
112-
113-
```
88+
```mermaid
89+
sequenceDiagram
90+
participant Client as MCP Client
91+
participant Auth as Authorization Server
92+
participant Server as MCP Server
93+
94+
Client->>Auth: 1. Request Access Token
95+
Note over Auth: 2. Determine Issuer Key Location
96+
Note over Auth: 3. Obtain Issuer Keys
97+
Note over Auth: 4. Validate JWT
98+
Auth->>Client: 5. Return Access Token
99+
Client->>Server: 6. MCP Server Access
100+
Note over Server: 7. Validate Access Token
101+
Server->>Client: 8. MCP Server Response
114102
### Flow Steps
115103
116104
1. **Request Access Token**: The MCP client makes a POST request to the authorization

0 commit comments

Comments
 (0)