Skip to content

[Client] Implement Cross-App Access (token exchange, RFC 8693) #325

Open
Open
[Client] Implement Cross-App Access (token exchange, RFC 8693)#325
Labels
ClientIssues & PRs related to the Client componentP2Moderate issues affecting some users, edge cases, potentially valuable featureauthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScript
@soyuka

Description

@soyuka
soyuka
opened on May 19, 2026

Context

Cross-App Access (XAA) lets an MCP client present an existing IdP id_token to the MCP server's authorization server to obtain a scoped access token for the MCP resource. Uses grant_type=urn:ietf:params:oauth:grant-type:token-exchange (RFC 8693).

Scope

Conformance scenarios unblocked

auth/cross-app-access-complete-flow.

Dependencies

Blocked by: #321, #318.

Acceptance

  • Unit tests for token exchange request shape.
  • Conformance: scenario passes.

cc @soyuka

Metadata

Metadata

Assignees

No one assigned

    Labels

    ClientIssues & PRs related to the Client componentP2Moderate issues affecting some users, edge cases, potentially valuable featureauthIssues and PRs related to Authentication / OAuthenhancementRequest for a new feature that's not currently supportedimproves spec complianceImproves consistency with other SDKs such as TyepScript

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions