New features
Split MCP sessions
Session management has been refactored to separate credentials from session data. The OAuth flow now usesstate instead of sessionId for authorization completion, making the protocol consistent across authorization and session lifecycle events. New createdAt and updatedAt timestamps are tracked on session management to improve observability.
OAuth state validation
The OAuth flow now validates and managesstate parameters throughout the authentication flow, preventing CSRF and replay attacks. Enhanced session management with dedicated credentials support improves the separation of concerns between authentication data and session state.
MCP Assistant documentation
Documentation for the MCP Assistant skill is now available, including a feature overview and usage guide.Updates
- README restructured with package descriptions and feature enhancements
- Log statements updated in OAuth client for clarity
- OAuth session lifecycle refactored for improved maintainability
Bug fixes
- Fixed missing
createdAtandupdatedAttimestamps in session creation flows - Various OAuth session lifecycle improvements for edge cases during token refresh and state transitions