Authorization - Model Context Protocol
modelcontextprotocol.io
Authorization - Model Context Protocol
OAuth Grant Types
OAuth specifies different flows or grant types, which are different ways of obtaining an access token. Each of these targets different use cases and scenarios.
MCP servers SHOULD support the OAuth grant types that best align with the intended audience. For instance:
OAuth specifies different flows or grant types, which are different ways of obtaining an access token. Each of these targets different use cases and scenarios.
MCP servers SHOULD support the OAuth grant types that best align with the intended audience. For instance:
- Authorization Code: useful when the client is acting on behalf of a
Authorization - Model Context Protocol
Authorization Flow
Overview
Overview
- MCP auth implementations MUST implement OAuth 2.1 with appropriate security measures for both confidential and public clients.
- MCP auth implementations SHOULD support the OAuth 2.0 Dynamic Client Registration Protocol (RFC7591).
- MCP servers SHOULD and MCP clients MUST implement OAuth 2.0 Authorization Server Metadata
Authorization - Model Context Protocol
Protocol Requirements
Authorization is OPTIONAL for MCP implementations. When supported:
Authorization is OPTIONAL for MCP implementations. When supported:
- Implementations using an HTTP-based transport SHOULD conform to this specification.
- Implementations using an STDIO transport SHOULD NOT follow this specification, and instead retrieve credentials from the environment.
- Implementations using alternative transports