Get explicit user consent before granting an MCP client permission to invoke tools related to third party services #27
Description
Summary:
Introduce an upfront consent dialog in the MCP server to ensure end-users explicitly authorize MCP clients before they are granted authorization to invoke third party service bound MCP tools.
Background:
Currently, when an end-user is redirected through the MCP server to a third-party OAuth provider (e.g., GitHub), there's no intermediate step for the user to consent to the specific MCP client initiating the request. This absence can be exploited by malicious actors who register rogue MCP clients and trick users into granting access unknowingly[1].
[1] modelcontextprotocol/modelcontextprotocol#265
Proposed Solution:
Implement a consent dialog within the MCP server that:
- Identifies the requesting MCP client.
- Presents the end-user with a clear choice to allow or deny access.
- Only proceeds to the third-party OAuth flow upon explicit user consent.
Implementation Considerations:
- Consent Tracking: Store user consent decisions, possibly using cookies or server-side sessions, to prevent repeated prompts for the same client.
- Security Measures: Ensure that the consent dialog cannot be bypassed by malicious clients.
- User Experience: Design the dialog to be user-friendly and informative, clearly stating the implications of granting access.
Benefits:
- Enhances user trust by making authorization flows transparent.
- Mitigates potential phishing or unauthorized access attempts by malicious MCP clients.
- Aligns with best practices for user consent in authentication flows.
Next Steps:
- Define the UI/UX for the consent dialog.
- Determine the storage mechanism for tracking user consents.
- Implement the consent check in the MCP server's authorization flow.
- Update documentation to reflect the new consent process.