Commit activity
Last 12 weeks · 2 commits
Community health
5 of 6 standards met
100
✓README✓License✓Contributing✓Code of Conduct○Issue Template✓PR Template
Recent PRs & issues
Active · 7 in progress · Last activity 2w ago
See all on GitHub →[Authorization] Support token exchange protocol for clients that do not interact with the userOpenIssue
Is your feature request related to a problem? Please describe. The current Authorization Spec draft focuses many details on a client that performs the login itself with Authorization Code Flow + PKCE. I see use cases where the client would not interact with the user, and instead the host application receives an access token from some other application that has been granted access to the host app on behalf of a user. When this happens, it seems Token Exchange is the proper method to obtain a new access token meant for the MCP Server. I wonder if there needs to be some way for a client to know the expected value of the MCP Server's audience claim. I'd like to open discussion surrounding this use case. Describe the solution you'd like I wonder if there could be a section in the Authorization spec dedicated to this use case. Evidently the token validation in this case would need to be performed by the Host application instead of the MCP Client (which I'm not sure is in the scope of this spec?). However, the token exchange is something that I believe should fall to the MCP Client if in other cases the MCP Client is responsible for handling the login. Given this affects the implementation of an MCP Client, I believe this belongs in the main authorization spec. Describe alternatives you've considered If this is perhaps not meant for the main authorization spec, I feel this is a common enough pattern at least worth a mention in the security-best-practices doc. Additional context This issue is semi-related to modelcontextprotocol/modelcontextprotocol#214 but is a slightly different (maybe broader) use case. Also having been watching the open PR modelcontextprotocol/modelcontextprotocol#408 possibly there should be some discussion of token exchange by the server to downstream tool, but perhaps that use case discussion can belong in another issue.
Recent fixes
Replaces Anthropic HackerOne VDP references with standard GitHub Security Advisory process.
Structured data for AI agents
Repository: modelcontextprotocol/ext-auth. Description: Extensions to authorization Stars: 61, Forks: 19. Primary language: MDX. Languages: MDX (100%). License: MIT. Open PRs: 7, open issues: 6. Last activity: 2w ago. Community health: 100%. Top contributors: D-McAdams, aaronpk, pcarleton, localden, koic.