Skip to content

Task: OAuth Resource Server Classification #411

New issue
New issue
Open
Task
Open
Task: OAuth Resource Server Classification#411
Task
Labels
area: mcp specIssues related to MCP specification compliancepriority: mediumMedium priority, should be addressed soon
@ezynda3

Description

@ezynda3
ezynda3
opened on Jun 19, 2025

Priority: Medium
Breaking Change: Yes (for OAuth implementations)

Description: MCP servers are now classified as OAuth Resource Servers only, with Protected Resource Metadata for Authorization Server discovery.

Implementation Tasks:

  • Implement Protected Resource Metadata (RFC 9728) support
  • Add Authorization Server discovery mechanisms
  • Update OAuth flow to separate Resource Server and Authorization Server roles
  • Add WWW-Authenticate header support
  • Update security documentation
  • Add examples for enterprise OAuth deployments

Files to Update:

  • client/oauth.go
  • server/ (OAuth-related files)
  • Add new OAuth utilities

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: mcp specIssues related to MCP specification compliancepriority: mediumMedium priority, should be addressed soon

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions