Skip to content

[spec] Auth: Token validation #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
localden merged 25 commits into from
May 20, 2025
Merged

[spec] Auth: Token validation #408

localden merged 25 commits into from
May 20, 2025

Conversation

@pcarleton
Copy link
Member

@pcarleton pcarleton commented Apr 24, 2025
edited
Loading

Motivation and Context

Split from #387 to allow for longer discussion without holding up the section shuffle

Previous discussion:
#387 (comment)

@pcarleton pcarleton mentioned this pull request Apr 24, 2025
Merged
@pcarleton pcarleton changed the title [spec] Auth: Token validation security consideration [spec] Auth: Token validation Apr 24, 2025
localden
localden reviewed Apr 24, 2025
View reviewed changes
@0Itsuki0
Copy link

0Itsuki0 commented Apr 27, 2025

I personally think it would be helpful to force client to send audience while requesting for a token so that the access token generated can be linked to a specific RS.

aaronpk
aaronpk reviewed Apr 29, 2025
View reviewed changes
aaronpk
aaronpk reviewed Apr 29, 2025
View reviewed changes
@aaronpk
Copy link
Contributor

aaronpk commented Apr 29, 2025

I personally think it would be helpful to force client to send audience while requesting for a token so that the access token generated can be linked to a specific RS.

RFC 8707 is only one way the AS can audience restrict tokens. It is a good option, but there are other ways to solve it as well, such as defining scopes per resource server. For example, if the client requested the scope mail:read, that would indicate to the AS to issue a token with the mail audience. Using resource indicators is a more explicit way to solve that, but we don't necessarily need to introduce anything into the client code to solve the problem.

Base automatically changed from pcarleton-security-considerations to main April 30, 2025 15:49
@localden localden marked this pull request as ready for review April 30, 2025 18:07
D-McAdams
D-McAdams requested changes May 1, 2025
View reviewed changes
Copy link

@D-McAdams D-McAdams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This topic is more verbose than other security considerations and duplicates requirements from other specifications. For example, recommend that we don't list token validation options as these are defined in OAuth 2.1 - Section 5.2

In some places, it also conflicts with specifications. For example, it asserts that MCP Servers MUST strictly validate token audiences, but this only applies to RFC 9068 (JWT Tokens). Opaque tokens don't have an audience field available - they are validated via token introspection.

The intent appears to be to discourage token passthrough by reminding parties of the restrictions in the specifications. It should be possible to achieve this with fewer lines. See suggested short version in comments.

@allenzhou101
Copy link
Contributor

allenzhou101 commented May 2, 2025

Regarding @aaronpk and @0Itsuki0 's points on RFC 8707 above, the scope-based audience restriction would work for preventing valid Resource Server (RS) token misuse, but not for a malicious RS, right?

I'm thinking about the case listed in @aaronpk 's RFC here.

Could theoretically be solved by listing valid RSs in the Authorization Server Metadata (ASM) as described in PRM but only if the RSs are enumerable.

Wonder if it's worth including this somehow.

@maia-iyer maia-iyer mentioned this pull request May 2, 2025
Open
@aaronpk aaronpk added the auth label May 2, 2025
@0Itsuki0
Copy link

0Itsuki0 commented May 2, 2025

Regarding @aaronpk and @0Itsuki0 's points on RFC 8707 above, the scope-based audience restriction would work for preventing valid Resource Server (RS) token misuse, but not for a malicious RS, right?

I'm thinking about the case listed in @aaronpk 's RFC here.

Could theoretically be solved by listing valid RSs in the Authorization Server Metadata (ASM) as described in PRM but only if the RSs are enumerable.

Wonder if it's worth including this somehow.

Since this is an optional property, I wonder if 3rd party authorization server actually include this in their ASM...If not then enforcing AS to include this property would basically make whoever implemented the RS to make the AS as well...

@localden localden requested review from D-McAdams and aaronpk May 5, 2025 05:27
@localden
Copy link
Contributor

localden commented May 5, 2025

@allenzhou101 @0Itsuki0 without being too verbose, I added a reference to RFC 8707 at the end of the section.

@localden localden requested a review from aaronpk May 6, 2025 15:34
D-McAdams
D-McAdams reviewed May 7, 2025
View reviewed changes
D-McAdams
D-McAdams reviewed May 7, 2025
View reviewed changes
@localden localden requested a review from D-McAdams May 13, 2025 17:21
@aaronpk
Copy link
Contributor

aaronpk commented May 14, 2025

I am on board with moving the bulk of the explanation lower down like this.

aaronpk
aaronpk previously approved these changes May 14, 2025
View reviewed changes
D-McAdams
D-McAdams reviewed May 14, 2025
View reviewed changes
D-McAdams
D-McAdams reviewed May 14, 2025
View reviewed changes
aaronpk
aaronpk reviewed May 14, 2025
View reviewed changes
@maia-iyer maia-iyer mentioned this pull request May 15, 2025
Open
D-McAdams
D-McAdams reviewed May 15, 2025
View reviewed changes
D-McAdams
D-McAdams reviewed May 15, 2025
View reviewed changes
D-McAdams
D-McAdams reviewed May 15, 2025
View reviewed changes
@localden localden enabled auto-merge May 16, 2025 18:28
@AlibabaCloudSecurity AlibabaCloudSecurity mentioned this pull request May 18, 2025
Open
@localden localden requested a review from D-McAdams May 20, 2025 20:30
@localden localden merged commit 93980ae into main May 20, 2025
5 checks passed
@localden localden deleted the pcarleton/token-validation branch May 20, 2025 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@localden localden localden left review comments

@aaronpk aaronpk aaronpk approved these changes

@D-McAdams D-McAdams D-McAdams approved these changes

+2 more reviewers

@ayshsandu ayshsandu ayshsandu left review comments

@maia-iyer maia-iyer maia-iyer left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@pcarleton @0Itsuki0 @aaronpk @allenzhou101 @localden @ayshsandu @maia-iyer @D-McAdams