PRM Missing hindering - no metadata for OAuth discovery #87
Description
Hi Guys, looks like PRM is missing, is this by design?
Command: authprobe scan --llm-max-tokens=1080 --openai-api-key="***REDACTED***" http://localhost:8004/mcp
Scanning: http://localhost:8004/mcp
Scan time: Feb 21, 2026 01:04:44 UTC
Github: https://github.com/authprobe/authprobe
Funnel
[1] MCP probe (401 + WWW-Authenticate) [-] SKIP
auth not required
[2] MCP initialize + tools/list [+] PASS
initialize -> 200
notifications/initialized -> 202
tools/list -> 200 (tools: perplexity_ask, perplexity_research,
perplexity_reason, perplexity_search)
[3] PRM fetch matrix [X] FAIL
PRM unreachable or unusable; OAuth discovery unavailable
[4] Auth server metadata [-] SKIP
auth not required
[5] Token endpoint readiness (heuristics) [-] SKIP
auth not required
[6] Dynamic client registration (RFC 7591) [-] SKIP
auth not required
┌───────────────────────┤ CALL TRACE ├───────────────────────┐
Call Trace Using: https://github.com/authprobe/authprobe
┌────────────┐ ┌────────────┐
│ authprobe │ │ MCP Server │
└─────┬──────┘ └─────┬──────┘
│ │
│ ╔═══ Step 1: MCP probe ═══════╪═══════════════════╗
│ GET http://localhost:8004/mcp
│ Reason: 401 + WWW-Authenticate discovery
│ Accept: text/event-stream
│ Host: localhost:8004
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Cache-Control: no-cache, no-transform
│ Connection: keep-alive
│ Content-Type: text/event-stream
│ Date: Sat, 21 Feb 2026 01:04:36 GMT
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ ╔═══ Step 2: MCP initialize ═══════╪═══════════════════╗
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (pre-init tools/list)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 7432
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (initialize)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 813
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (notifications/initialized)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 202 Accepted
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Type: text/plain; charset=UTF-8
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (null id probe)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 400 Bad Request
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 101
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (notification id probe)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 78
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (origin probe)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
│ Origin: http://invalid.example
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Allow-Origin: http://invalid.example
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 7433
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (protocol version probe)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: invalid
├─────────────────────────────────────────────────────────────────►│
│ 400 Bad Request
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 195
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
│ │
│ POST http://localhost:8004/mcp
│ Reason: Step 2: MCP initialize + tools/list (tools/list)
│ Accept: application/json, text/event-stream
│ Content-Type: application/json
│ Host: localhost:8004
│ Mcp-Protocol-Version: 2025-11-25
├─────────────────────────────────────────────────────────────────►│
│ 200 OK
│ Access-Control-Expose-Headers: Mcp-Session-Id,mcp-protocol-version
│ Connection: keep-alive
│ Content-Length: 7432
│ Content-Type: application/json
│ Date: Sat, 21 Feb 2026 01:04:44 GMT
│ Keep-Alive: timeout=5
│ Vary: Origin
│ X-Powered-By: Express
│◄─────────────────────────────────────────────────────────────────┤
▼ ▼
┌──────────────────┤ ROOT-CAUSE ANALYSIS ├───────────────────┐
The AuthProbe scan results highlight two main compliance issues with the MCP OAuth server implementation at http://localhost:8004/mcp, specifically in the context of MCP 2025-11-25 and related RFCs (RFC 9728, RFC 8414, JSON-RPC 2.0). Below is a detailed, spec-grounded analysis explaining why the failure is valid and justified, along with recommendations for corrective actions.
Summary of Findings
1. Failure at Step [3]: PRM fetch matrix
- Issue: PRM (Protected Resource Metadata) is unreachable or unusable.
- OAuth Discovery: OAuth-related discovery metadata is unavailable from the MCP endpoint.
- Implication: Without OAuth discovery metadata, clients cannot perform necessary dynamic discovery of the authorization server endpoints as required by RFC 8414.
- Validation: This failure is valid and justified because the MCP mode (even with "best-effort") expects reachable OAuth discovery endpoints to support authorization and token issuance properly.
2. Info: MCP_INITIALIZE_ORDERING_NOT_ENFORCED
- Evidence: A
tools/listrequest returned 200 prior toinitialize. - Spec Reference: The MCP 2025-11-25 specification requires that the client MUST send an
initializerequest before any other MCP method calls (e.g.,tools/list) to ensure proper session initialization. - Impact: Serving MCP JSON-RPC methods before
initializeis a protocol violation and leads to undefined or unsupported server/client state. - Recommendation: The server MUST enforce ordering by rejecting all MCP JSON-RPC requests other than
initializewith appropriate error responses (likely JSON-RPC error code -32000 or a custom error indicating "Not Initialized").
3. Low confidence: MCP_ORIGIN_NOT_VALIDATED
- Evidence: Origin header probes returned 200 instead of 403 or denial.
- Spec Reference: MCP 2025-11-25 recommends validating the
OriginHTTP header to mitigate DNS rebinding attacks and cross-site request forgery. - Requirement: Servers should return HTTP 403 Forbidden if the
Originheader is invalid or unauthorized. - Current Behavior: Server allows requests regardless of Origin.
- Impact: This leaves the server vulnerable to security issues related to cross-origin attacks.
- Recommendation: Implement strict
Originvalidation as per MCP recommendations. Reject unauthorized origins with HTTP 403.
Spec-Grounded Explanation and Correct Server Behavior
MCP Initialization Ordering (MCP 2025-11-25, Section 6.x)
- MCP protocol requires that clients MUST first issue the
initializemethod call before any other MCP JSON-RPC methods. - Server MUST reject non-
initializerequests if the session is not initialized. - Correct behavior: Return a JSON-RPC error response with a clear error code/message indicating that initialization is required.
PRM Fetch Matrix and OAuth Discovery (RFC 8414, RFC 9728)
- MCP leverages OAuth 2.0 and requires dynamic discovery of authorization server endpoints (token, authorization, introspection).
- RFC 8414 defines the
.well-known/oauth-authorization-servermetadata endpoint essential for client discovery. - Failure to serve this endpoint or the PRM matrix means clients cannot perform OAuth flows.
- MCP servers enforcing OAuth must provide this metadata discoverable and reachable.
- Correct behavior: Provide a reachable and standards-compliant OAuth authorization server metadata endpoint as per RFC 8414 at a standard location.
OAuth Token Endpoint Readiness (RFC 9728)
- Token endpoints and OAuth flows are essential for client authentication and authorization.
- Even in best-effort mode, minimal OAuth support must be accessible to support token issuance.
- The failure to reach the PRM matrix and OAuth discovery logically entails the token endpoint readiness step also fails or is skipped.
- Correct behavior: Ensure token endpoint adheres to RFC 9728, supports OAuth grant types, and is accessible according to OAuth discovery metadata.
Origin Validation (MCP 2025-11-25 Security Considerations)
- Origin validation mitigates DNS rebinding and CSRF vulnerabilities.
- Servers should check the
Origin(and potentiallyReferer) headers on incoming requests. - Invalid or unauthorized origins must be denied with HTTP 403.
- This prevents attackers from performing requests from malicious contexts.
- Correct behavior: Implement strict origin validation policy as described.
JSON-RPC 2.0 Handling (JSON-RPC 2.0 Specification)
- MCP interfaces are JSON-RPC 2.0 compliant.
- Responses must use standard JSON-RPC format with:
- A top-level
jsonrpcstring"2.0" methodid- For errors, an
errorobject containingcode,message, and optionally adatafield.
- A top-level
- MCP servers must respond with JSON-RPC errors for requests violating protocol, e.g., requests before
initialize. - The server must not respond with HTTP 200 if the JSON-RPC request is invalid; the response body must carry JSON-RPC error indicating the failure mode.
Recommendations to Achieve Compliance and Pass AuthProbe
| Issue | Required Action | Spec Reference |
|---|---|---|
| PRM fetch matrix unavailable | Implement OAuth discovery metadata endpoint at standard location (.well-known/oauth-authorization-server) | RFC 8414, MCP 2025-11-25 |
| Initialize ordering not enforced | Enforce initialize as first MCP method; reject others with JSON-RPC error | MCP 2025-11-25, JSON-RPC 2.0 |
| Origin not validated | Validate Origin header; return 403 for unauthorized origins | MCP 2025-11-25 Security |