feat(client/auth): RFC 9207 iss parameter validation (SEP-2468 reference impl)#1957
Draft
feat(client/auth): RFC 9207 iss parameter validation (SEP-2468 reference impl)#1957
Conversation
Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
…n tools are present (#1407) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
…1.x backport) (#1382) Co-authored-by: Konstantin Konstantinov <KKonstantinov@users.noreply.github.com>
* fix: add transport isolation guards to prevent cross-client data leaks When a single McpServer or stateless transport is reused across multiple client connections, responses can be routed to the wrong client due to message ID collisions. This is a data leak vulnerability (CWE-362). Two guards added: - Protocol.connect() throws if already connected to a transport - Stateless transport.handleRequest() throws if called more than once Also fixes three examples that shared a single McpServer across sessions: - standaloneSseWithGetStreamableHttp.ts - ssePollingExample.ts - elicitationFormExample.ts Related: #820, #204, #243 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct misleading test name and add per-request cleanup - Rename 'should reject second SSE stream even in stateless mode' to 'should allow multiple SSE streams in stateless mode with per-request transports' since the test now asserts both streams succeed (status 200) - Add mcpServer.close() after per-request handling in stateManagementStreamableHttp.test.ts to prevent resource leaks, matching the pattern used in streamableHttp.test.ts - Remove unused mcpServers array that collected but never cleaned up per-request server instances * thread abort through sendRequest and notification to prevent crosstalk * test: remove dummy objects from stateless setupServer return In stateless mode, setupServer() was creating unused McpServer and StreamableHTTPServerTransport instances solely to satisfy the return type. Make mcpServer/serverTransport optional in the return type and simplify the stateless beforeEach/afterEach to only track server and baseUrl. * fix: use McpError for sendRequest abort guard and fix Hono example reuse - sendRequest abort guard now throws McpError(ErrorCode.ConnectionClosed) instead of plain Error for consistency with the rest of the codebase - Hono example updated to create fresh transport and server per request, fixing breakage from the stateless transport reuse guard * fix: use separate resolvers per protocol in transport isolation test Address review feedback: each protocol handler now has its own resolver returning distinct data (responseForA vs responseForB), so the test properly demonstrates that responses route to the correct transport. Uses explicit 'handler entered' promises for deterministic synchronization. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Paul Carleton <paulcarletonjr@gmail.com>
Co-authored-by: Matt <77928207+mattzcarey@users.noreply.github.com>
#1528) Co-authored-by: Konstantin Konstantinov <KKonstantinov@users.noreply.github.com>
Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
🏠 Remote-Dev: homespace
) (#757) Co-authored-by: Paul Carleton <paulc@anthropic.com>
…n_endpoint_auth_methods_supported (#1611) Co-authored-by: Basil Hosmer <basil@anthropic.com> Co-authored-by: Matt <77928207+mattzcarey@users.noreply.github.com>
Co-authored-by: Matt <77928207+mattzcarey@users.noreply.github.com>
…roller cleanup (#1462) Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
Co-authored-by: Konstantin Konstantinov <KKonstantinov@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
…e capability object (#1811)
…1640) Co-authored-by: JiangNan <1394485448@qq.com> Co-authored-by: Felix Weinberger <fweinberger@anthropic.com> Co-authored-by: Konstantin Konstantinov <KKonstantinov@users.noreply.github.com>
Co-authored-by: mozmo15 <mozmo@mail.com> Co-authored-by: Felix Weinberger <fweinberger@anthropic.com>
… attacks Adds an optional `iss` argument to `finishAuth()` and validates it against the cached authorization server metadata before exchanging the code, per the RFC 9207 §2.4 decision table keyed on `authorization_response_iss_parameter_supported`. Reference implementation for SEP-2468.
🦋 Changeset detectedLatest commit: 6f0bf49 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| await transport.handleRequest(req, res, req.body); | ||
| } catch (error) { | ||
| console.error('Error handling MCP request:', error); | ||
| if (!res.headersSent) { |
Aligns with the SEP-2468 spec text: when the AS doesn't advertise authorization_response_iss_parameter_supported but iss is present, compare rather than reject. Accommodates servers that emit iss before advertising it.
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reference implementation for SEP-2468 / RFC 9207. Mirrors the approach in go-sdk#859.
finishAuth(code, iss?)validates the receivedissagainst the cached AS metadata before exchanging the code, using the RFC 9207 §2.4 decision table keyed onauthorization_response_iss_parameter_supported.Behavioral note
Signature is additive, but when an AS advertises
authorization_response_iss_parameter_supported: trueand the host app does not passiss, validation rejects per §2.4. Options considered:issfrom the redirect URL (this PR)isswas explicitly passed — vulnerable to a strip-the-param attack, defeats the pointenforceIssuerValidationopt-in flag — adds API surface for a temporary stateGoing with (a). Open to (c) if reviewers prefer a softer rollout.