Model Context Protocol
Replies: 3 comments
-
|
Link to github issue on sentry mcp getsentry/sentry-mcp#214 (comment) |
Beta Was this translation helpful? Give feedback.
-
|
What is think I'm basically interested in is a formalised standard for dynamic registration that would enable a client to reliably register a compatible client where permitted... If every server rolls their own registration flow, makes it hard to scale clients... https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization 2.4 Dynamic Client Registration Clients cannot know all possible servers in advance Hardcode a client ID (and, if applicable, client secret) specifically for that MCP server, or |
Beta Was this translation helpful? Give feedback.
-
|
https://curity.io/resources/learn/using-dynamic-client-registration/ closed, skill issue |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
Discussion Topic
I've built a Native Android and Native iOS MCP Client and am looking to integrate this with modern servers following latest spec.
In the auth flow (using https://mcp.sentry.dev/sse) as an example, I can implement my client to handle the discovery and oauth handshake, however the oauth flow cannot (by design) work unless my redirect url is allowed by the oauth server itself.
In practice, this means that the oauth flow in the spec is impractical, unless every supported client and every compliant server manually implement this trusted pattern.
Is there, or should there be, a discovery mechanism for servers to trust "all" mcp clients, from the perspective of large oauth hosts (sentry.io being the first example of theoretically thousands), it seems there should be some mechanism.
What is the recommendation here? (Is trusted redirects * even theoretically possible or safe?)
Beta Was this translation helpful? Give feedback.
All reactions