Current access model
OAuth is optional. brightplace Connect accepts unauthenticated tool calls, which are rate-limited and audited by MCP session. When a valid OAuth bearer token is present, brightplace Connect uses it only for account attribution and audit records. A token does not unlock additional tools or change the public tool contracts.Discovery / metadata
brightplace Connect publishes OAuth protected-resource metadata for MCP clients that support RFC 9728:authorization_servers instead of hard-coding an issuer.
| Item | Value |
|---|---|
| MCP server URL | https://mcp.brightplace.ai/mcp |
| OAuth resource/audience | https://mcp.brightplace.ai/mcp |
| Authorization server | Discover from authorization_servers in protected-resource metadata |
| Grant type | Authorization Code with PKCE |
| Dynamic Client Registration | Not supported for public clients |
Token lifecycle
Access tokens expire according to the authorization server policy. If a token expires, the client can continue unauthenticated tool calls subject to normal rate limits, or reconnect the account before making OAuth-attributed calls. brightplace Connect does not requestoffline_access or a refresh-token scope
for public clients. If the authorization server issues a refresh token for an
approved client, store it only in the client-side account-connection system and
use it to obtain a new access token before retrying.
Users revoke access by disconnecting brightplace Connect from the AI client or
workspace settings. After revocation, clients should discard stored tokens and
treat future calls as unauthenticated unless the user reconnects.
For token-related failures, handle UNAUTHORIZED and TOKEN_EXPIRED from
Error Codes.
Consent meaning
Consent allows the AI client to call brightplace Connect tools during the conversation. It does not authorize the client to sign a lease, submit an application, contact a property outside the explicit tool flow, or act as a licensed broker. Use must also follow Acceptable Use.Identity scopes
brightplace Connect requests only these identity scopes:| Scope | Purpose |
|---|---|
openid | Establishes an authenticated identity. |
email | Associates the connection with an email address from the identity provider when available. |
profile | Associates basic profile information from the identity provider when available. |
offline_access, refresh-token scopes, or
unrelated operator or bulk-data scopes. Tool access is controlled by the
server-side MCP tool surface documented here.
Client guidance
- Use
https://mcp.brightplace.ai/mcpas the MCP server URL. - Treat OAuth as account-linking and account attribution unless brightplace publishes narrower tool scopes later.
- Show users the brightplace Privacy Policy and Terms of Service before or during account connection.
- Send access tokens only in the
Authorization: Bearer <token>header, never in a URL or query string. - Store tokens encrypted at rest and scoped to the MCP session or account connection that received consent.
- Require the token audience/resource to be restricted to
https://mcp.brightplace.ai/mcp. - Never cache OAuth tokens in logs, prompts, analytics, or client-visible tool outputs.