You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/draft/basic/security_best_practices.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -115,7 +115,7 @@ attack becomes possible:
115
115
MCP proxy servers using static client IDs **MUST** obtain user consent for each dynamically
116
116
registered client before forwarding to third-party authorization servers (which may require additional consent).
117
117
118
-
### 2.2 Token passthrough
118
+
### 2.2 Token Passthrough
119
119
120
120
"Token passthrough" is an anti-pattern where an MCP server accepts tokens from an MCP client without validating that the tokens were properly issued _to the MCP server_ and "passing them through" to the downstream API.
0 commit comments