KR-MCP-006: Invalid OAuth Client ID Configuration - Kiro MCP

Summary

• Rule ID: KR-MCP-006
• Severity: MEDIUM
• Category: Kiro MCP
• Normative Level: SHOULD
• Auto-Fix: No
• Verified On: 2026-05-14

Applicability

• Tool: kiro
• Version Range: >=2.3.0
• Spec Revision: unspecified

Evidence Sources

• https://kiro.dev/changelog/cli/2-3/

Test Coverage Metadata

• Unit tests: true
• Fixture tests: false
• E2E tests: false

Examples

The following examples demonstrate what triggers this rule and how to fix it.

Invalid

{"mcpServers": {"local": {"command": "node", "args": ["server.js"], "oauth": {"clientId": "registered-client"}}}}

Valid

{"mcpServers": {"remote": {"url": "https://example.com/mcp", "oauth": {"clientId": "registered-client"}}}}