Skip to content

Support for OAuth Client ID Metadata Document #18375

New issue
New issue
Open
Open
Support for OAuth Client ID Metadata Document#18375
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
@pzgadzaj

Description

@pzgadzaj
pzgadzaj
opened on Dec 30, 2025

Expected Behavior
Spring authorization server supports "OAuth Client ID Metadata Document" described in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-client-id-metadata-document-00. As it's still a draft document, it would also appreciated that, documentation describes how to extend the Client repository to support Client ID Metadata documents

Current Behavior
Spring authorization server does not have support for https://datatracker.ietf.org/doc/html/draft-ietf-oauth-client-id-metadata-document-00.

Context
I'm working on using Spring Authorization server as AS in MCP Authentication protocol.

My organization decided to not use DCR because of security risks (publicly available endpoints). Also MCP specification: https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization mentions "OAuth Client ID Metadata Document" as primary way of "registering" the client and DCR as fallback being there mainly for backward compatibility reasons

I also reported that ticket in Spring authorization server board: spring-projects/spring-authorization-server#2270

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions