-
Notifications
You must be signed in to change notification settings - Fork 141
[Client][Auth] SEP-2468: Validate iss parameter in authorization response (RFC 9207) #360
Copy link
Copy link
Open
Labels
2026-07-28All issues and PRs related to the spec release 2026-07-28All issues and PRs related to the spec release 2026-07-28ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP0Broken core functionality, security issues, critical missing featureBroken core functionality, security issues, critical missing featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Description
Metadata
Metadata
Assignees
Labels
2026-07-28All issues and PRs related to the spec release 2026-07-28All issues and PRs related to the spec release 2026-07-28ClientIssues & PRs related to the Client componentIssues & PRs related to the Client componentP0Broken core functionality, security issues, critical missing featureBroken core functionality, security issues, critical missing featureauthIssues and PRs related to Authentication / OAuthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScriptImproves consistency with other SDKs such as TyepScript
Type
Fields
Give feedbackNo fields configured for issues without a type.
Implements SEP-2468 for the MCP Spec 2026-07-28 release.
Tracked by umbrella #338.
Spec summary
PHP SDK changes
issmatches the AS that produced theauthorization_endpointURL.issis emitted by the AS.Related