Records that a user has approved a particular dynamically-registered client
to be forwarded to the upstream identity provider, and answers whether a
given client has already been approved.
Because the proxy hands every DCR client the SAME fixed upstream
client_id, the upstream IdP can see only one client and may auto-skip its
own consent screen for that already-trusted application. The MCP
authorization spec (2025-06-18 / 2025-11-25 §Security Considerations >
Confused Deputy Problem) therefore requires:
"MCP proxy servers using static client IDs MUST obtain user consent for
each dynamically registered client before forwarding to third-party
authorization servers (which may require additional consent)."
The proxy distinguishes dynamically-registered clients by their
client-supplied redirect_uri (the only per-client identity it holds, since
the client_id is shared). An integrator records consent for a
redirect_uri once the user has approved that client on the proxy's own
consent screen; OAuthProxy.authorize then refuses to build the upstream
redirect until consent for that redirect_uri is present.
Records that a user has approved a particular dynamically-registered client to be forwarded to the upstream identity provider, and answers whether a given client has already been approved.
Because the proxy hands every DCR client the SAME fixed upstream client_id, the upstream IdP can see only one client and may auto-skip its own consent screen for that already-trusted application. The MCP authorization spec (2025-06-18 / 2025-11-25 §Security Considerations > Confused Deputy Problem) therefore requires:
"MCP proxy servers using static client IDs MUST obtain user consent for each dynamically registered client before forwarding to third-party authorization servers (which may require additional consent)."
The proxy distinguishes dynamically-registered clients by their client-supplied redirect_uri (the only per-client identity it holds, since the client_id is shared). An integrator records consent for a redirect_uri once the user has approved that client on the proxy's own consent screen; OAuthProxy.authorize then refuses to build the upstream redirect until consent for that redirect_uri is present.