Skip to content

Commit 560164b

Browse files
jhrozekclaude
andcommitted
RFC: vMCP session binding by identity tuple
The current HMAC-of-bearer-token binding rejects legitimate OAuth refreshes — the access-token bytes change on each refresh, so users get logged out once per access-token TTL. Pin the binding to the (iss, sub) identity tuple instead, so the invariant matches what is actually stable across a session. Drops the per-deployment HMAC secret and the operator-side plumbing that distributed it. Closes a prior LocalUserMiddleware gap where every local user fell into the anonymous equivalence class. Supersedes the session-binding portion of THV-0038; preserves the cross-pod persistence design of THV-0047 with the new key. Tracks toolhive#5306. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1 parent 414931f commit 560164b

1 file changed

Lines changed: 294 additions & 0 deletions

File tree

0 commit comments

Comments
 (0)