Delegate duplicated OAuth material in the authorization spec to RFC citations#3062
Open
claude[bot] wants to merge 4 commits into
Open
Delegate duplicated OAuth material in the authorization spec to RFC citations#3062claude[bot] wants to merge 4 commits into
claude[bot] wants to merge 4 commits into
Conversation
…itations Replace passages duplicated from the OAuth RFCs with normative citations, compress restated requirements to their MCP-specific delta plus a citation, and relocate flow-independent guidance to the authorization tutorial and security best-practices docs pages. All flow diagrams and canonical rules are kept verbatim.
Complete the two remaining #3054 audit items. In authorization server discovery, merge the metadata discovery preamble into one paragraph citing RFC 8414 Sections 3.1 and 5 and OpenID Connect Discovery Section 4, and replace the no-path worked URL list with a sentence. The MUST-level endpoint priority order stays. In Token Handling, reduce the opening paragraph to OAuth 2.1 Section 5.2 and 5.3 citations plus the 401 requirement. The audience validation sentence stays verbatim. Co-Authored-By: Claude <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_016WBaED7Rta4YsYVz66Qoru
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requested by Den Delimarsky · Slack thread
Before
The authorization spec restates OAuth RFC requirements and mixes tutorial content into normative pages.
After
The spec states MCP-specific requirements and deltas with normative RFC citations, and flow-independent guidance lives on the docs pages.
How
7 duplicate passages replaced by citations, 26 requirements compressed to their MCP delta plus citation (3 were wholly canonical text and left verbatim), 15 blocks relocated to the authorization tutorial and security best-practices pages, all flow diagrams and 13 canonical rules (query-string token ban, PKCE, exact redirect-URI matching) kept verbatim, and the RFC 8707 resource MUST now stated once in index.mdx with cross-references.
Closes #3054.
Supersedes #3055, re-anchored onto the split authorization pages after the branch synced with main. Standard squash merge is fine for this PR.
Generated by Claude Code