You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/authorization.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -257,7 +257,7 @@ requests that appear legitimate to resource servers.
257
257
Clients and servers **MUST** implement secure token storage and follow OAuth best practices,
258
258
as outlined in [OAuth 2.1, Section 7.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-7.1).
259
259
260
-
MCP authorization servers SHOULD issue short-lived access tokens token to reduce the impact of leaked tokens.
260
+
MCP authorization servers SHOULD issue short-lived access tokens to reduce the impact of leaked tokens.
261
261
For public clients, MCP authorization servers **MUST** rotate refresh tokens as described in [OAuth 2.1 Section 4.3.1 "Refresh Token Grant"](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-4.3.1).
0 commit comments