adityamparikh opened a new pull request, #123: URL: https://github.com/apache/solr-mcp/pull/123
## Summary Per the [MCP Authorization specification](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization): > MCP servers MUST validate that tokens presented to them were specifically issued for their use … MUST reject tokens that do not include them in the audience claim. Without audience validation, any valid JWT from the same IdP issued for any sibling application is accepted by this server — a classic token-confusion pivot ([CWE-345](https://cwe.mitre.org/data/definitions/345.html)). This PR wires the existing \`McpServerOAuth2Configurer\` with: - \`.resourcePath(\"/mcp\")\` — declares the canonical resource indicator surfaced via OAuth 2.0 Protected Resource Metadata ([RFC 9728](https://www.rfc-editor.org/rfc/rfc9728.html)). - \`.validateAudienceClaim(true)\` — enforces that the JWT \`aud\` claim matches that resource indicator ([RFC 8707](https://www.rfc-editor.org/rfc/rfc8707.html)). These options are already provided by the upstream \`spring-ai-community/mcp-server-security\` library; this PR just turns them on. ## Operator impact When \`http.security.enabled=true\`, the IdP must populate the JWT \`aud\` claim with the MCP server's URL. The expanded comment block in \`application-http.properties\` documents the per-IdP setup: | IdP | Configuration | |---|---| | Auth0 | Client passes \`audience=<MCP URL>\` on auth request → reflected into \`aud\` automatically | | Okta | Configure the audience on the Authorization Server | | Keycloak | Add an **Audience** protocol mapper on a client scope (Keycloak [does not yet support RFC 8707 \`resource=\` natively](https://www.keycloak.org/securing-apps/mcp-authz-server)) | \`http.security.enabled=false\` (current default) is unaffected. ## Test plan - [x] \`./gradlew spotlessApply\` clean - [x] \`./gradlew build\` passes (full test suite, 37s) - [ ] Manual verification with an IdP issuing tokens carrying the correct \`aud\` ## Note on PR ordering Touches \`HttpSecurityConfiguration.java\` and \`application-http.properties\`, which overlap with PR #121 (CORS allowlist). Whichever lands second will need a small rebase. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
