Vibe Coding
MCP Specification Update: Servers Classified as OAuth 2.1 Resource Servers with Role-Based Authorization
The updated MCP authorization specification formally classifies MCP servers as OAuth 2.0 Resource Servers, mandating Resource Indicators (RFC 8707) to prevent token misuse and introducing role-based authorization via @RolesAllowed annotations. Incremental scope consent allows clients to request minimum access per operation. With 10,000+ public MCP servers in the ecosystem and the protocol now under the Linux Foundation's Agentic AI Foundation, this standardization addresses the protocol's most critical security gap.
Source
↳ Follow the thread