Skip to content

add description of authorization extensions to main authorization spec page #1707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
localden merged 13 commits into from
Nov 15, 2025
Merged

add description of authorization extensions to main authorization spec page #1707

Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a87e040
link to extensions from main authorization page
aaronpk Oct 23, 2025
9b4473a
fix link syntax
aaronpk Oct 23, 2025
afd0ac8
fix list syntax
aaronpk Oct 24, 2025
5cfc5bc
rm extra newlines
aaronpk Oct 24, 2025
02a41ef
Merge branch 'main' into aaronpk/ext-auth
aaronpk Oct 24, 2025
bead0c0
Update docs/specification/draft/basic/authorization.mdx
aaronpk Nov 12, 2025
76dc6fa
Update docs/specification/draft/basic/authorization.mdx
aaronpk Nov 12, 2025
850f5d7
Merge branch 'main' into aaronpk/ext-auth
aaronpk Nov 12, 2025
a6f24f1
Merge branch 'main' into aaronpk/ext-auth
aaronpk Nov 15, 2025
4e3e8d1
Update authorization.mdx
localden Nov 15, 2025
166f52c
Merge branch 'aaronpk/ext-auth' of https://github.com/modelcontextpro…
localden Nov 15, 2025
1739c6a
Apply suggestion from @aaronpk
aaronpk Nov 15, 2025
162818b
Apply suggestion from @aaronpk
aaronpk Nov 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions docs/specification/draft/basic/authorization.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -703,3 +703,14 @@ MCP clients **MUST** implement and use the `resource` parameter as defined in [R
to explicitly specify the target resource for which the token is being requested. This requirement aligns with the recommendation in
[RFC 9728 Section 7.4](https://datatracker.ietf.org/doc/html/rfc9728#section-7.4). This ensures that access tokens are bound to their intended resources and
cannot be misused across different services.

## MCP Authorization Extensions

There are several authorization extensions to the core protocol that define additional authorization mechanisms. These extensions are:

- **Optional** - Implementations can choose to adopt these extensions
- **Additive** - Extensions do not modify or break core protocol functionality; they add new capabilities while preserving core protocol behavior
- **Composable** - Extensions are modular and designed to work together without conflicts, allowing implementations to adopt multiple extensions simultaneously
- **Versioned independently** - Extensions follow the core MCP versioning cycle but may adopt independent versioning as needed

A list of supported extensions can be found in the [MCP Authorization Extensions](https://github.com/modelcontextprotocol/ext-auth) repository.
Loading