Skip to content

Auth: MCP Servers are Resource Servers only. Add Protected Resource Metadata to discover Authorization Server #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 23, 2025
Merged

Auth: MCP Servers are Resource Servers only. Add Protected Resource Metadata to discover Authorization Server #338

merged 2 commits into from
Apr 23, 2025
+107 −218

Conversation

dsp-ant
Copy link
Member

@dsp-ant dsp-ant commented Apr 14, 2025

No description provided.

aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 15, 2025
View reviewed changes
@dsp-ant dsp-ant force-pushed the davidsp/auth-rs-as-prm branch from 075bc17 to df2ebe8 Compare April 15, 2025 17:52
@dsp-ant dsp-ant force-pushed the davidsp/auth-rs-as-prm branch from df2ebe8 to 63095fb Compare April 17, 2025 16:00
aaronpk
aaronpk reviewed Apr 17, 2025
View reviewed changes
localden
localden reviewed Apr 22, 2025
View reviewed changes
@dsp-ant dsp-ant force-pushed the davidsp/auth-rs-as-prm branch from 63095fb to b8b98cb Compare April 22, 2025 15:17
@dsp-ant @localden
@aaronpk @pcarleton
authorization: Separate authorization server and resource server
ef76ec2 
In the initial specification of authorization in MCP, the MCP server
acted as both the authorization server (AS) and reseource server (RS).
This makes enterprise deployments difficult where the AS is often a
separate entity such as Auth0/Entra ID or others.

The specification reworks the separation between AS/RS, making
the MCP server an RS server only. This adds the complication
that the MCP server must inform the client about the AS. We are
using the Protected Resource Metadata OAuth specification for this.

This is a first step into the right direction.

Co-authored-by: Den Delimarsky 🌺 <[email protected]>
Co-authored-by: Aaron Parecki <[email protected]>
Co-authored-by: Paul Carleton <[email protected]>
@dsp-ant dsp-ant force-pushed the davidsp/auth-rs-as-prm branch from 47aab66 to ef76ec2 Compare April 23, 2025 10:50
@localden localden merged commit 89a2e98 into main Apr 23, 2025
5 checks passed
@localden localden deleted the davidsp/auth-rs-as-prm branch April 23, 2025 17:24
@dsp-ant dsp-ant mentioned this pull request Apr 23, 2025
Closed
4 tasks
This was referenced Apr 23, 2025
Closed
Closed
@localden localden mentioned this pull request Apr 23, 2025
Merged
0Itsuki0
0Itsuki0 reviewed Apr 26, 2025
View reviewed changes
Copy link

@0Itsuki0 0Itsuki0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The link for the OAuth 2.0 Protected Resource Metadata in section 2.3.1 points to the draft. (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-13)

Shouldn't it be https://datatracker.ietf.org/doc/html/rfc9728 instead?

@aaronpk
Copy link
Contributor

aaronpk commented Apr 26, 2025

I already fixed that in #402

@0Itsuki0
Copy link

I already fixed that in #402

Oops! Sorry about that!

@janakamarasena
Copy link

I think it would be good to add more context around the refresh token. I can see it is shown in the flow and the specification mentions that refresh token handling best practices should be used. I feel it might be better to mention in which cases a refresh token should be used, otherwise the client could unnecessarily have indefinite access. It would be better to provide a reference to refresh token handling best practices (maybe https://datatracker.ietf.org/doc/html/rfc9700#name-refresh-token-protection). Also noticed that the specification directly mentions the authorization code grant and the client credentials grant but doesn't have a mention of the refresh token grant although the refresh token is referenced.

@localden localden mentioned this pull request Apr 29, 2025
Closed
@pcibraro
Copy link

pcibraro commented May 1, 2025
edited
Loading

The specification does not mention how the WWW-Authenticate header should look like. A sample would be useful. Thanks

@dsp-ant dsp-ant changed the title WIP: RS/AS split and PRM Auth: MCP Servers are Resource Servers only. Add Protected Resource Metadata to discover Authorization Server May 2, 2025
@dsp-ant dsp-ant moved this from Draft to Approved in Standards Track May 2, 2025
@maia-iyer maia-iyer mentioned this pull request May 2, 2025
Open
@aaronpk aaronpk mentioned this pull request May 30, 2025
Open
@dsp-ant dsp-ant added this to the DRAFT: 2025-03-26 milestone Jun 5, 2025
@ihrpr ihrpr mentioned this pull request Jun 9, 2025
Open
@primeinc primeinc mentioned this pull request Jun 18, 2025
Draft
@ihrpr ihrpr mentioned this pull request Jun 18, 2025
Open
3 tasks
@desimone desimone mentioned this pull request Jun 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tolginator tolginator tolginator left review comments

@dksmetters dksmetters dksmetters left review comments

@0Itsuki0 0Itsuki0 0Itsuki0 left review comments

@aaronpk aaronpk aaronpk approved these changes

@localden localden localden approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Standards Track
Status: Approved
Milestone
DRAFT: 2025-03-26
Development

Successfully merging this pull request may close these issues.
8 participants
@dsp-ant @aaronpk @0Itsuki0 @janakamarasena @pcibraro @tolginator @dksmetters @localden