Per the spec, MCP servers MUST validate that access tokens were issued specifically for them as the intended audience, according to RFC 8707 Section 2. In the current SDK, the default TokenVerifier ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback