Skip to content

Delegate duplicated OAuth material in the authorization spec to RFC citations#3062

Open
claude[bot] wants to merge 4 commits into
docs/2026-07-28-releasefrom
claude/delegate-auth-spec-to-rfcs-split
Open

Delegate duplicated OAuth material in the authorization spec to RFC citations#3062
claude[bot] wants to merge 4 commits into
docs/2026-07-28-releasefrom
claude/delegate-auth-spec-to-rfcs-split

Conversation

@claude

@claude claude Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Requested by Den Delimarsky · Slack thread

Before

The authorization spec restates OAuth RFC requirements and mixes tutorial content into normative pages.

After

The spec states MCP-specific requirements and deltas with normative RFC citations, and flow-independent guidance lives on the docs pages.

How

7 duplicate passages replaced by citations, 26 requirements compressed to their MCP delta plus citation (3 were wholly canonical text and left verbatim), 15 blocks relocated to the authorization tutorial and security best-practices pages, all flow diagrams and 13 canonical rules (query-string token ban, PKCE, exact redirect-URI matching) kept verbatim, and the RFC 8707 resource MUST now stated once in index.mdx with cross-references.

Closes #3054.

Supersedes #3055, re-anchored onto the split authorization pages after the branch synced with main. Standard squash merge is fine for this PR.


Generated by Claude Code

…itations

Replace passages duplicated from the OAuth RFCs with normative citations,
compress restated requirements to their MCP-specific delta plus a citation,
and relocate flow-independent guidance to the authorization tutorial and
security best-practices docs pages. All flow diagrams and canonical rules
are kept verbatim.
@github-actions github-actions Bot added the documentation Improvements or additions to documentation label Jul 10, 2026
@localden localden marked this pull request as ready for review July 10, 2026 04:59
@localden localden requested review from a team as code owners July 10, 2026 04:59
@localden localden added the rc-high-priority Related to an upcoming specification release and needs to be addressed with a high priority. label Jul 10, 2026
Complete the two remaining #3054 audit items. In authorization server
discovery, merge the metadata discovery preamble into one paragraph
citing RFC 8414 Sections 3.1 and 5 and OpenID Connect Discovery
Section 4, and replace the no-path worked URL list with a sentence.
The MUST-level endpoint priority order stays. In Token Handling,
reduce the opening paragraph to OAuth 2.1 Section 5.2 and 5.3
citations plus the 401 requirement. The audience validation sentence
stays verbatim.

Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016WBaED7Rta4YsYVz66Qoru
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation rc-high-priority Related to an upcoming specification release and needs to be addressed with a high priority.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants