Content
View differences
Updated by Jan Sandbrink about 2 months ago
**As** an MCP client,
**I require to** have access to metadata of the OAuth authorization server built into OpenProject,
**so that** I know where and how to obtain access tokens from it.
**Acceptance criteria**
* Authorization server metadata is exposed at a well-known location [according to RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414)
* including all REQUIRED metadata attribtues
* including the optional attibutes:
* `scopes_supported`
* `grant_types_supported`
* `token_endpoint_auth_methods_supported`
* `service_documentation` (pointing to a suitable page of our documentation about OAuth application creation)
* `protected_resources` (defined via RFC 9728)
**Technical notes**
* We should check whether this can be implemented upstream in Doorkeeper
* (or whether it is already implemented)
**Permissions and visibility considerations**
* To everyone, even/especially unauthenticated clients
**I require to** have access to metadata of the OAuth authorization server built into OpenProject,
**so that** I know where and how to obtain access tokens from it.
**Acceptance criteria**
* Authorization server metadata is exposed at a well-known location [according to RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414)
* including all REQUIRED metadata attribtues
* including the optional attibutes:
* `scopes_supported`
* `grant_types_supported`
* `token_endpoint_auth_methods_supported`
* `service_documentation` (pointing to a suitable page of our documentation about OAuth application creation)
* `protected_resources` (defined via RFC 9728)
**Technical notes**
* We should check whether this can be implemented upstream in Doorkeeper
* (or whether it is already implemented)
**Permissions and visibility considerations**
* To everyone, even/especially unauthenticated clients