Shipping an OAuth-protected remote MCP server: the spec and 3 security bugs

A blog post discusses the specification for an OAuth-protected remote MCP server and identifies three security bugs related to it. The post is available on the skilldb.dev blog. A comments section for the post is also available on Hacker News. The post has garnered some attention, with one point and no comments so far. The blog post aims to inform about the specification and security issues of the OAuth-protected remote MCP server.