Claude 781e78fa82 docs: Enhance OAuth design with security improvements and agent execution API ...

Security improvements:
- Replace iframe with popup window (industry standard, avoids clickjacking)
- Mandatory PKCE for all OAuth flows (including confidential clients)
- Scoped credential grants (apps request specific capabilities, not blanket access)
- Proxy allowlists (only pre-defined API paths can be proxied)
- SSRF prevention via strict URL validation
- Comprehensive audit logging for all operations
- postMessage nonce validation to prevent replay attacks

New Agent Execution API:
- GET /api/v1/capabilities - capability-based discovery (not raw credential lists)
- POST /api/v1/agents/{agent_id}/execute - grant-scoped agent execution
- GET /api/v1/executions/{execution_id} - poll execution status
- GrantBasedCredentialResolver for secure credential isolation
- Webhook notifications with HMAC signatures
- Rate limiting and concurrent execution limits

2025-12-08 16:02:56 +00:00

..

oauth-integration-flow.md

docs(frontend, backend): add OAuth security boundary docs (#10202)

2025-06-26 18:08:55 +00:00

oauth-provider-design.md

docs: Enhance OAuth design with security improvements and agent execution API

2025-12-08 16:02:56 +00:00

tests.md

fix(docs): missing tags from code that are referenced in docs (#10400)

2025-07-18 01:15:35 +00:00