{
  "id": "page:docs-harness-features-backlog-gaps-security-gap-sec-006",
  "_kind": "Page",
  "_file": "wiki/docs/harness-features-backlog/gaps/security/gap-sec-006.md",
  "_cluster": "wiki",
  "attributes": {
    "nodeKind": "Page",
    "sourcePath": "docs/harness-features-backlog/gaps/security/GAP-SEC-006.md",
    "sourceKind": "repo-docs",
    "title": "GAP-SEC-006: OAuth Integration",
    "displayName": "GAP-SEC-006: OAuth Integration",
    "slug": "docs/harness-features-backlog/gaps/security/gap-sec-006",
    "articlePath": "wiki/docs/harness-features-backlog/gaps/security/GAP-SEC-006.md",
    "article": "\n# GAP-SEC-006: OAuth Integration\n\n| Field | Value |\n|-------|-------|\n| Category | security |\n| Priority | Medium |\n| Effort | L |\n| Status | Missing |\n\n## Description\nOAuth flow for authenticating with external services (MCP servers, APIs, SaaS integrations) during orchestration, enabling secure credential management.\n\n## Current State\nNo OAuth in harness. Harness delegates auth to host CLI. External service credentials managed ad-hoc.\n\n## Target State\nOAuth flow for MCP server authentication. Secure credential storage with scoped access. Token refresh lifecycle management. Credential sharing across runs within a session.\n\n## Dependencies\n- [GAP-SEC-001](../security/GAP-SEC-001.md) -- governance policy for credential access control\n\n## Key Files\n| Component | Path |\n|-----------|------|\n| MCP server | `packages/sdk/src/mcp/` |\n| Config module | `packages/sdk/src/config/` |\n\n## Recommendation\nPhase 4 implementation. Add OAuth client library. Integrate with MCP authentication. Store tokens securely in global state directory.\n",
    "documents": []
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "page:docs-harness-features-backlog",
      "to": "page:docs-harness-features-backlog-gaps-security-gap-sec-006",
      "kind": "contains_page"
    }
  ]
}