iiRecord
Agentic AI Atlas · GAP-L1-P1-mcp-oauth-resource-server
page:process-gaps-GAP-L1-P1-mcp-oauth-resource-servera5c.ai
II.
Page reference

page:process-gaps-GAP-L1-P1-mcp-oauth-resource-server

Reading · 2 min

GAP-L1-P1-mcp-oauth-resource-server reference

Provider.authMethods enumerates api-key,oauth,browser-login,service-account,iam,device-code. ToolServer has no auth attribute at all. The 2025-06-18 MCP revision classifies MCP servers as OAuth Resource Servers (RFC 6749 §1.4) and requires clients to implement Resource Indicators (RFC 8707) to prevent token-theft attacks. The schema cannot express any of this.

Pagewiki/process/gaps/GAP-L1-P1-mcp-oauth-resource-server.mdOutgoing · 0Incoming · 1

GAP-L1-P1-mcp-oauth-resource-server

FieldValue
idgap:mcp-oauth-resource-server
titleMCP OAuth Resource Server classification + RFC 8707 Resource Indicators not modeled
level1
priorityP1
discoveredAt2026-04-28T00:00:00Z
sourcehttps://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
statusclosed
ownertbd

Current state

Provider.authMethods enumerates api-key,oauth,browser-login,service-account,iam,device-code. ToolServer has no auth attribute at all. The 2025-06-18 MCP revision classifies MCP servers as **OAuth Resource Servers** (RFC 6749 §1.4) and requires clients to implement Resource Indicators (RFC 8707) to prevent token-theft attacks. The schema cannot express any of this.

Desired state

  • Add ToolServer.authProfile attribute with shape { kind: enum<none,bearer,oauth-resource-server,custom>, protectedResourceMetadataUrl?: url, authorizationServerUrl?: url, requiresResourceIndicators: bool }.
  • New NodeKind AuthorizationServer with endpoints, discoveryUrl, signingKeySource.
  • Edge ToolServer protected_by AuthorizationServer.
  • Coverage-checklist Unified auth envelope across providers OpenQuestion can be partially resolved by referencing this model.

Evidence

  • https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
  • https://modelcontextprotocol.io/specification/2025-06-18/basic/security_best_practices
  • RFC 8707 (Resource Indicators)

Propagation status

  • Level 1: open
  • Level 2: not-started — secrets-interface and identity-interface cross-refs need updating

Propagation chain

  • Level 1: NodeKind, edge, attribute extension.
  • Level 2: links to ExtensionInterface iface:identity-interface and iface:secrets-interface documentation.

Notes

Security gap: schema cannot represent the modern MCP auth model that real servers now require.

Resolution (2026-04-28)

Closed (capability-level). capability:mcp-oauth-resource-server and capability:mcp-protocol-version-header capture the 2025-06-18 auth surface. Full AuthorizationServer NodeKind + protected_by edge remain a future enhancement tracked separately if needed; the capability binding plus claude-code-mcp-oauth-resource-server CapabilitySupport entry is sufficient for the catalog query patterns we have today.