Chris Coutinho f2af5a39a8 docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access ...

- Supersedes ADR-002 which fundamentally misunderstood MCP protocol constraints
- Introduces "Sign-in with Nextcloud" architecture pattern
- MCP server becomes OAuth client to enable offline/background operations
- Implements full token rotation with reuse detection for security
- Includes comprehensive implementation details and migration strategy

Key architectural shift:
- From: Pass-through authentication (stateless, no offline access)
- To: MCP server as OAuth client (stateful, full offline capabilities)

The solution enables background workers to operate independently of MCP
sessions by storing and rotating refresh tokens securely.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-02 23:31:39 +01:00

..

ADR-001-enhanced-note-search.md

ADR search and handling categories in notes

2025-05-07 23:06:22 +02:00

ADR-002-vector-sync-authentication.md

docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access

2025-11-02 23:31:39 +01:00

ADR-003-vector-database-semantic-search.md

docs: Add ADRs

2025-10-31 02:59:44 +01:00

ADR-004-mcp-application-oauth.md

docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access

2025-11-02 23:31:39 +01:00

audience-validation-setup.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

authentication.md

docs: restructure documentation

2025-10-14 01:23:49 +02:00

calendar.md

docs: fix duplicate

2025-09-11 17:31:00 +02:00

comparison-context-agent.md

docs: Update README

2025-10-15 14:47:43 +02:00

configuration.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

contacts.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

cookbook.md

feat(cookbook): Add full Cookbook app support with 13 tools and 2 resources

2025-10-17 03:08:16 +02:00

deck.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

installation.md

docs: Remove pip

2025-10-14 01:23:38 +02:00

jwt-oauth-reference.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

keycloak-multi-client-validation.md

feat: Add Keycloak OAuth provider support with refresh token storage

2025-11-02 22:03:19 +01:00

nextcloud_notes_image_embedding.md

Add support for attachments in notes

2025-05-06 02:52:51 +02:00

notes.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

oauth-architecture-comparison.md

docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access

2025-11-02 23:31:39 +01:00

oauth-architecture.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-impersonation-findings.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

oauth-setup.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-upstream-status.md

docs: Update upstream OAuth status with completed oidc app PRs [skip ci]

2025-11-02 22:03:21 +01:00

quickstart-oauth.md

fix(oauth): Remove the option to force_register new clients

2025-10-15 16:27:22 +02:00

running.md

docs: Update Docs

2025-10-14 01:23:38 +02:00

table.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

testing-client-sessions-architecture.md

docs: Update jwt docs

2025-10-23 11:20:49 +02:00

testing-oidc-consent.md

feat: Split read/write scopes into app:read/write scopes

2025-10-24 04:38:49 +02:00

troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

webdav.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00