Chris Coutinho 027fc0b2d6 docs: Add critical token exchange pattern documentation ...

Documents the architectural flaw in current implementation where
session tokens and background tokens are not properly separated.

Key issues identified:
- Session tokens should be exchanged on-demand (RFC 8693)
- Background tokens should use separate refresh token grant
- Current implementation reuses refresh tokens incorrectly
- No separation between foreground and background operations

This is a P0 blocker that must be fixed before production use.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-03 20:33:55 +01:00

..

ADR-001-enhanced-note-search.md

ADR search and handling categories in notes

2025-05-07 23:06:22 +02:00

ADR-002-vector-sync-authentication.md

docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access

2025-11-02 23:31:39 +01:00

ADR-003-vector-database-semantic-search.md

docs: Add ADRs

2025-10-31 02:59:44 +01:00

ADR-004-mcp-application-oauth.md

docs: Refactor ADR-004 to Progressive Consent architecture with dual OAuth flows

2025-11-03 02:55:27 +01:00

audience-validation-setup.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

authentication.md

docs: restructure documentation

2025-10-14 01:23:49 +02:00

calendar.md

docs: fix duplicate

2025-09-11 17:31:00 +02:00

comparison-context-agent.md

docs: Update README

2025-10-15 14:47:43 +02:00

configuration.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

contacts.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

cookbook.md

feat(cookbook): Add full Cookbook app support with 13 tools and 2 resources

2025-10-17 03:08:16 +02:00

CRITICAL-TOKEN-EXCHANGE-PATTERN.md

docs: Add critical token exchange pattern documentation

2025-11-03 20:33:55 +01:00

deck.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

installation.md

docs: Remove pip

2025-10-14 01:23:38 +02:00

jwt-oauth-reference.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

keycloak-multi-client-validation.md

feat: Add Keycloak OAuth provider support with refresh token storage

2025-11-02 22:03:19 +01:00

nextcloud_notes_image_embedding.md

Add support for attachments in notes

2025-05-06 02:52:51 +02:00

notes.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

oauth-architecture-comparison.md

docs: Rewrite ADR-004 for Federated Authentication Architecture

2025-11-02 23:58:15 +01:00

oauth-architecture.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-impersonation-findings.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

oauth-setup.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-upstream-status.md

docs: Update upstream OAuth status with completed oidc app PRs [skip ci]

2025-11-02 22:03:21 +01:00

quickstart-oauth.md

fix(oauth): Remove the option to force_register new clients

2025-10-15 16:27:22 +02:00

running.md

docs: Update Docs

2025-10-14 01:23:38 +02:00

table.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

testing-client-sessions-architecture.md

docs: Update jwt docs

2025-10-23 11:20:49 +02:00

testing-oidc-consent.md

feat: Split read/write scopes into app:read/write scopes

2025-10-24 04:38:49 +02:00

troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

webdav.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00