diff --git a/docs/clients/index.html b/docs/clients/index.html index 648a9ad..ee0e82f 100644 --- a/docs/clients/index.html +++ b/docs/clients/index.html @@ -260,7 +260,7 @@
/sse + /messages) — legacy transport; needed for the claude.ai web connector and older MCP clients.Both transports share the same tools, sessions, and OAuth flow. Clients without a bearer token pass through; invalid bearers are rejected with 401.
+Both transports share the same tools, sessions, and OAuth flow. Clients without a bearer token pass through; invalid bearers are rejected with 401. As of v1.15.1, the WWW-Authenticate challenge on a 401 includes RFC 9728 resource_metadata="…/.well-known/oauth-protected-resource" plus error="invalid_token" per RFC 6750 §3.1 — MCP clients can use the resource_metadata attribute to discover the authorization server.
claude.ai uses the legacy SSE transport. Paste your Pathfinder URL into the custom connector dialog, then click Authenticate — the OAuth handshake runs automatically and the connector is approved anonymously.
+claude.ai uses the legacy SSE transport. Paste your Pathfinder URL into the custom connector dialog, then click Authenticate — the OAuth handshake runs automatically. As of v1.15, the handshake shows a consent screen confirming the connector and its redirect target before issuing the auth code; the screen is single-click for the anonymous DCR flow.
+ GET /authorize renders a server-rendered consent screen instead of auto-approving. The screen carries an HMAC-bound nonce; the form posts back to POST /authorize/consent, which re-verifies every bound parameter (client_id, redirect_uri, state, code_challenge, response_type, scope, resource) before issuing an auth code. The final redirect URL is built from the nonce-bound redirect_uri, never the form body — this is the phishing-resistance invariant.
+
+ The page is locked down with Content-Security-Policy: default-src 'none'; frame-ancestors 'none', X-Frame-Options: DENY, and Referrer-Policy: no-referrer. No JavaScript, no external resources.
+
+ POST /register applies a redirect_uri policy: https-only except for loopback (localhost, 127.0.0.0/8, [::1]); rejects 0.0.0.0/8, RFC 1918, link-local, ULA, IPv4-mapped private addresses, wildcards, userinfo, and fragments. Maximum 2048 chars per URI, 10 URIs per client.
+
+ Registered clients are capped at 10,000 total / 100 per-IP with lazy TTL eviction (30 days unused or 7 days never-used-after-registration). Overflow returns 429 (per-IP) or 503 (total) with a Retry-After header.
+
/mcp and /sse
DATABASE_URLMCP_JWT_SECRETopenssl rand -hex 32. Rotating this invalidates all issued tokens — clients will re-authenticate transparently. In any non-production environment (any NODE_ENV other than production) a random secret is generated per process and logged as a warning.PATHFINDER_CONSENT_HMAC_KEY/authorize → /authorize/consent flow. Generate with openssl rand -hex 32. Comma-separated values are accepted for rotation — the first key signs, all keys verify; rotate by prepending a new key. Rotating invalidates only in-flight consent nonces (10-minute TTL) — issued access/refresh tokens are unaffected. In any non-production environment (any NODE_ENV other than production) a random ephemeral key is generated per process and logged as a warning.OPENAI_API_KEYGITHUB_TOKENGITHUB_WEBHOOK_SECRET