OpenChainGraph Suite · ART-148 · wave 27

MCP Authorization Metadata Validator (RFC 9728)

Validates OAuth 2.0 Protected Resource Metadata per RFC 9728: resource URI, authorization servers, supported scopes, and bearer methods. Middle node of the mcp-server-governance-conformance chain.

RFC 9728OAuth 2.0 PRMZero PIIW3C VC §13.11

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Scope

Middle node: consumes server identity verdict (art-147), feeds MCP Registry entry conformance (art-149). Validates OAuth 2.0 Protected Resource Metadata per RFC 9728 — resource URI, authorization server list, supported scopes, and bearer methods.

Presets

Authorization Metadata Inputs

metadata.resource (Protected Resource URI)

metadata.authorization_servers (one URL per line)

metadata.scopes_supported (one scope per line)

Bearer Methods Supported

header

Authorization: Bearer token in HTTP header (RFC 6750 §2.1)

body

access_token in request body (RFC 6750 §2.2)

query

access_token query parameter (RFC 6750 §2.3)

Additional bearer methods (comma-separated, triggers BEARER_METHODS_UNRECOGNIZED if non-standard)

Result

Execution Hash & §4 Artifact

SHA-256 execution hash (JCS canonical — RFC 8785):