Spot the OAuth misconfiguration in this MCP server implementation
Same topic, related formats. Practice these next.
Same topic, related formats. Practice these next.
Click any words you think contain an error. Click again to unmark.
The token exchange skips PKCE verification, so an attacker who steals the authorization code can redeem it as the server, a classic confused-deputy escalation.
Imagine a coat-check desk that gives you a ticket when you drop off your coat. PKCE is like writing a secret word on your half of the ticket and keeping the matching half in your pocket. When you return, the attendant checks both halves agree before handing back the coat. This server skips that check. It gives the coat to whoever shows up with any ticket stub, even one snatched from the trash. Worse, the server fetches the coat using its own master key, which opens far more closets than yours ever should. So a thief with a stolen stub walks away wearing the server's privileges, not just your own.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
5 min: locate the missing PKCE check, explain verifier and challenge binding, trace code interception to the confused-deputy escalation, then give the four-part secure pattern.
| Aspect | Vulnerable code | Secure pattern |
|---|---|---|
| PKCE check | Verifier never validated | Verifier re-hashed and matched before token issue |
| Token model | One static token reused across users | Per-user token minted at consent |
| Audience binding | Token accepted by any backend | Token scoped to one intended audience |
| Blast radius | Server's full credential scope | Single consenting user's scope |
| Consent | Implicit and server-wide | Explicit, per scope per user |
Real products, models, and research that use this idea.
What an interviewer would ask next. Try answering before peeking at the approach.
Red flags and common mistakes that signal junior thinking. Click to expand.
Thinking PKCE is only for public clients. OAuth 2.1 makes it mandatory for every client, including server-side MCP integrations that hold broad scopes.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.