20 lines (15 loc) · 669 Bytes

SAFE-M-16: Token Scope Limiting

Overview

Mitigation ID: SAFE-M-16
Type: Preventive Control
Complexity: Medium
Effectiveness: High

Description

Enforce minimal OAuth scopes and warn users when MCP servers request broad permissions to limit potential damage from compromised tokens.

Implementation

[To be documented]

Related Techniques

SAFE-T1007: OAuth Authorization Phishing
SAFE-T1202: OAuth Token Persistence

References

OAuth 2.0 Security Best Current Practice

⚡