Auth-discovery metadata URLs are HTTPS and publicly routable

Only applies when the server signals that authentication is required (HTTP 401/403). Excluded from the score on public servers.

An MCP client follows whatever URLs the discovery chain advertises. A `token_endpoint` on plain HTTP exposes the token exchange to passive interception; a `jwks_uri` pointing at `169.254.169.254` or `127.0.0.1` is an SSRF primitive into the host running the client. Both classes have shipping CVEs (CVE-2025-65513 and the DNS-rebinding family).

Every URL field in PRM and AS metadata is HTTPS and has a publicly routable hostname (the existing `auth_issuer_uses_https` rule covers issuer URLs separately).

At least one advertised URL is non-HTTPS or resolves to a loopback / RFC 1918 / link-local / IPv6 ULA / private-TLD hostname.

When the rule fails, the report records evidence in roughly this shape:

• {"hits": [{"field": "token_endpoint", "url": "http://issuer.example.com/token", "reason": "non-https"}]}

• {"hits": [{"field": "jwks_uri", "url": "https://127.0.0.1/jwks", "reason": "ipv4-loopback"}]}

Serve every advertised endpoint over HTTPS on a publicly routable hostname. Treat the discovery chain as a contract — any URL in PRM/AS metadata is one a client may follow without further validation.

This rule belongs to the Auth discovery posture dimension. When authorization is required, whether the server cooperates with the standards-based discovery chain — RFC 9728 protected resource metadata, RFC 8414 authorization server metadata, validated issuers, and safe grant types.

Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.