Model Context Protocol
Replies: 3 comments
-
|
Since protected resource metadata is extensible I opened modelcontextprotocol/modelcontextprotocol#573 to allow the MCP server to advertise public client ids |
Beta Was this translation helpful? Give feedback.
-
|
This is, actually, somewhat covered in the spec (emphasis mine):
For AS that do not support DCR, the client needs to use a pre-baked ID (this is what Visual Studio Code does with Entra ID and GitHub) or provide an affordance for the user to provide their own client ID. Not saying this is ideal, but it's in the protocol definition. |
Beta Was this translation helpful? Give feedback.
-
|
yep, I'm familiar. I just proposed an alternative that doesn't require hardcoding or client UI. I think if we're talking well known static public client ids, then the protected resource metadata might be a clean way to communicate them. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
Your Idea
Currently, it seems that dynamic client registration is inherit in the auth spec. This causes issues for enterprises who need to maintain more control over their client registration process.
Some clients might allow a static override, but this does not seem to be in the spec. I am looking for something in the spec that offers a consistent way to override the dynamic registration.
This could be done with client side config and/or if servers omit the client registration endpoint, then clients would load the local clientid.
Scope
Beta Was this translation helpful? Give feedback.
All reactions