Skip to content

fix: block oauth metadata ssrf#935

Merged
DaleSeo merged 2 commits into
mainfrom
fix/oauth-metadata-ssrf
Jun 27, 2026
Merged

fix: block oauth metadata ssrf#935
DaleSeo merged 2 commits into
mainfrom
fix/oauth-metadata-ssrf

Conversation

@DaleSeo

@DaleSeo DaleSeo commented Jun 27, 2026

Copy link
Copy Markdown
Member

Motivation and Context

This fixes an SSRF risk in OAuth metadata discovery where a server-controlled WWW-Authenticate resource_metadata value could make the client fetch internal or cloud metadata endpoints. The OAuth client now only accepts same-origin protected-resource metadata URLs, blocks private and metadata-host authorization server URLs discovered from that metadata, and follows discovery redirects only when they stay on the same origin.

How Has This Been Tested?

Added regression tests for resource metadata parsing, private metadata endpoint rejection, and discovery redirect handling.

Breaking Changes

No. This is a non-breaking bug fix for OAuth discovery behavior.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

@github-actions github-actions Bot added T-core Core library changes T-transport Transport layer changes labels Jun 27, 2026
@DaleSeo DaleSeo marked this pull request as ready for review June 27, 2026 02:37
@DaleSeo DaleSeo requested a review from a team as a code owner June 27, 2026 02:37
jokemanfire
jokemanfire reviewed Jun 27, 2026
View reviewed changes
Comment thread crates/rmcp/src/transport/auth.rs
Some(url)
} else {
debug!(
"rejecting resource metadata URL `{url}` because it is not same-origin with `{base_url}`"

@jokemanfire jokemanfire Jun 27, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe warning? Because it is security problem , the other log same with this point.

@DaleSeo DaleSeo Jun 27, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, @jokemanfire! I changed the same-origin resource_metadata rejection and the blocked authorization-server metadata URL rejection from debug! to warn!.

@DaleSeo DaleSeo requested a review from jokemanfire June 27, 2026 02:55
@DaleSeo DaleSeo merged commit eb435c6 into main Jun 27, 2026
19 checks passed
@DaleSeo DaleSeo deleted the fix/oauth-metadata-ssrf branch June 27, 2026 03:37
@github-actions github-actions Bot mentioned this pull request Jun 27, 2026
Open
@DaleSeo DaleSeo self-assigned this Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jokemanfire jokemanfire jokemanfire approved these changes

Assignees

@DaleSeo DaleSeo

Labels

T-core Core library changes T-transport Transport layer changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DaleSeo @jokemanfire