3a05766f88
All checks were successful
Deploy to Production / deploy (push) Successful in 1m28s
- /oauth/register: drop resource_required check, accept generic registrations (Claude Desktop omits resource in DCR body per spec). serverId stored as NULL; /authorize still enforces org-ownership + access-token aud claim still pinned to resource. Fixes Claude Desktop DCR failure (ofid_d7e39530c109fa7f). - /oauth/authorize: skip strict server.id check when client.serverId is NULL (generic client); org check remains the security boundary. - schema: oauth_clients.server_id no longer NOT NULL. - migration 0002: ALTER COLUMN server_id DROP NOT NULL (already applied on prod). - install-snippets: add Claude Code (CLI), VS Code, Codex, raw URL tabs. Claude Desktop now shows form-field values (Name / Remote MCP Server URL / OAuth Client ID / Secret) matching the new Custom Connector UI instead of the obsolete JSON config. - types: InstallTarget enum extended. - hero-video: clicking the audio toggle restarts the video from frame 0 so unmute aligns with the spoken opening. - marketing: drop em-dashes from rendered copy.
9 lines
447 B
SQL
9 lines
447 B
SQL
-- Allow generic RFC 7591 Dynamic Client Registration:
|
|
-- a client may register without binding to a specific MCP server.
|
|
-- /oauth/authorize still enforces the org-ownership check on every
|
|
-- authorization, and the access-token `aud` claim is pinned to the
|
|
-- resource declared at /token, so a generic client cannot mint a
|
|
-- token usable against a server outside the user's org.
|
|
ALTER TABLE oauth_clients
|
|
ALTER COLUMN server_id DROP NOT NULL;
|