MCP OAuth 2.1 Authorization Auditor

Authorization is the #1 way MCP servers get it wrong. This auditor validates the /.well-known/oauth-protected-resource document (RFC 9728), visualizes the discovery chain, checks RFC 8707 resource-indicator / audience binding against your canonical server URI, and self-assesses the two cardinal sins — token passthrough and the confused deputy.

⚠ The MCP authorization spec evolves (the 2026-07-28 release candidate adds RFC 9207 iss hardening). Rules here track the current spec. This tool inspects pasted metadata only — it performs no live OAuth flow, fetches nothing, and sees no tokens.

OAuth 2.1 RFC 9728 · RFC 8707 Zero PII Client-Side · No Network

Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. Paste metadata documents and configuration descriptions only — never a real access token. This audit checks structure and policy, not a live authorization server. Deterministic · zero PII · CC BY 4.0.

▸ Validate /.well-known/oauth-protected-resource (RFC 9728)

Paste the protected-resource-metadata JSON your MCP server exposes. An example is pre-loaded.

▸ Resource-indicator / audience binding (RFC 8707)

Enter your server's canonical resource URI and the token's aud claim (paste the value only — never a real token). Checks that the audience binds to this server.

Canonical MCP server resource URI Token aud claim (string or JSON array)

▸ OAuth 2.1 discovery chain

The sequence a compliant MCP client follows from an unauthorized request to a bound access token.

▸ Token-passthrough & confused-deputy self-assessment

Answer for your server. The cardinal rule: an MCP server MUST NOT pass a client-supplied token through to a downstream API.