Skip to content

Commit

Permalink
Update spec
Browse files Browse the repository at this point in the history
  • Loading branch information
k6l3 committed Dec 9, 2024
1 parent 9b9340d commit 8573bb9
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 152 deletions.
2 changes: 1 addition & 1 deletion docs/specification/auth/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ Servers that support authentication **MUST** include their supported authenticat
"capabilities": {
"auth": {
"oauth2": {
"authorize": true,
"token": true,
"revoke": true
},
Expand Down Expand Up @@ -103,7 +104,6 @@ Servers that support non-standard authentication schemes can declare them as exp
1. Clients **SHOULD**:
- Prompt users for consent before initiating authentication flows
- Provide clear user interfaces for authentication management
- Implement automatic token refresh
- Handle authentication errors gracefully

2. Servers **SHOULD**:
Expand Down
56 changes: 37 additions & 19 deletions docs/specification/auth/credential.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Clients supporting credential authentication **MUST** declare it during initiali
{
"capabilities": {
"auth": {
"credential": true
"credentials": true
}
}
}
Expand All @@ -32,7 +32,7 @@ Servers supporting credentials **MUST** include their capabilities:
{
"capabilities": {
"auth": {
"credential": {
"credentials": {
"list": true
}
}
Expand All @@ -43,31 +43,40 @@ Servers supporting credentials **MUST** include their capabilities:
## Protocol Messages

### Credential Requirements
Clients can list required credentials with an `auth/credentials/list` capability.

Servers can list required credentials using the credential/list capability:

**Request:**
```json
{
"jsonrpc": "2.0",
"id": 1,
"method": "auth/credentials/list",
}
```
**Response:**
```json
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"credential": [
"credentials": [
{
"name": "X-API-KEY",
"name": "API-KEY",
"description": "An API key must be provided to call this tool."
},
{
"name": "X-MISC-PASSWORD",
"name": "MISC-PASSWORD",
"description": "A password must be provided to list this resource"
}
]
}
}
```
- Clients and servers **MUST** treat credential names as case-insensitive.

### Providing Credentials

Clients provide credentials through headers during initialization:
Clients **MUST** provide credentials through headers during initialization:

```json
{
Expand All @@ -80,36 +89,45 @@ Clients provide credentials through headers during initialization:
"credential": true
}
},
"headers": {
"X-API-KEY": "api_key",
"X-MISC-PASSWORD": "password"
"auth": {
"credentials": {
"API-KEY": "api_key",
"MISC-PASSWORD": "password"
}
}
}
}
```

## Error Handling

When credentials are missing or invalid, servers **SHOULD** respond with:
When credentials are missing or invalid, servers **MUST** respond with at least an error code.

**Response:**
```json
{
"jsonrpc": "2.0",
"id": 1,
"error": {
"code": 32004,
"message": "See required configuration",
"code": -32001,
"message": "Auth error, please see nested data.",
"data": {
"requiredConfiguration": [
{
"name": "X-API-KEY",
"description": "An API key must be provided to call this tool."
"authRequest": {
"credentials": {
"error": "ASCII error code", // REQUIRED
"errors": { // RECOMMENDED
// Breakdown of error per-credential
}

}
]
}
}
}
}
```
- Servers **SHOULD** include helpful error messages
- Servers **SHOULD** include per-credential breakdowns of errors
- Clients **SHOULD** surface errors in a human-readable way to the end user.

## Security Considerations

Expand Down
Loading

0 comments on commit 8573bb9

Please sign in to comment.