Skip to content

confused deputy fix in example + supporting sdk changes #648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

confused deputy fix in example + supporting sdk changes #648

wants to merge 8 commits into from

Conversation

pcarleton
Copy link
Contributor

@pcarleton pcarleton commented May 7, 2025
edited
Loading

Motivation and Context

See the confused deputy consideration here:
https://github.com/modelcontextprotocol/modelcontextprotocol/blob/c255349bd98d9dc73f3579c828d195bd09c0bee8/docs/specification/draft/basic/security_best_practices.mdx#21-confused-deputy-problem

In the example, we front the Github API, so we need to put a consent screen for each new client registration, otherwise the Github consent screen will be skipped for new clients, creating a path for token leakage.

Still TODO:

  • make the has_consent functions optional (currently every provider needs to implement them)
  • allow overriding consent handler (currently always uses the default one)
  • consider keeping consent handler abstract in the SDK, and putting example impl into the example directory

Here's what the consent screen looks like:
CleanShot 2025-05-07 at 11 19 05@2x

How Has This Been Tested?

Tested using inspector to run through auth flow

  • w/ consent required
  • w/o consent required

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@pcarleton pcarleton mentioned this pull request May 7, 2025
Merged
@pcarleton pcarleton force-pushed the pcarleton/auth-confused-deputy branch from 061739d to bdea6dd Compare May 7, 2025 10:13
pcarleton
pcarleton commented May 7, 2025
View reviewed changes
src/mcp/server/auth/handlers/authorize.py Outdated
@@ -218,6 +219,26 @@ async def error_response(
)

try:
# Check if client has already consented
has_consent = await self.provider.has_client_consent(client)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: check client_consent_required before doing this

src/mcp/server/auth/provider.py Outdated
@@ -174,6 +174,27 @@ async def authorize(
"""
...

async def has_client_consent(self, client: OAuthClientInformationFull) -> bool:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: if client_consent_required, these need to be required, but otherwise they should be optional. open to suggestions here. i think a default implementation of return True means we'd solve for being optional, but not for required.

Base automatically changed from ihrpr/auth-example to main May 7, 2025 16:52
@pcarleton pcarleton force-pushed the pcarleton/auth-confused-deputy branch from ede25d3 to 48eb13d Compare May 9, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pcarleton