Remote MCP in the Real World: OAuth 2.1,
medium.com
Remote MCP in the Real World: OAuth 2.1,
Auth Support
- Claude supports the 3/26 auth spec and (as of July) the 6/18 auth spec.
- Claude supports Dynamic Client Registration (DCR).
- OAuth servers can signal to Claude that a DCR client has been deleted and that Claude should re-register the client by returning an HTTP 401 with an error of invalid_client from the token endpoint, as described in RF
Building Custom Connectors via Remote MCP Servers | Claude Help Center
Authorization Flow
Overview
Overview
- MCP auth implementations MUST implement OAuth 2.1 with appropriate security measures for both confidential and public clients.
- MCP auth implementations SHOULD support the OAuth 2.0 Dynamic Client Registration Protocol (RFC7591).
- MCP servers SHOULD and MCP clients MUST implement OAuth 2.0 Authorization Server Metadata
Authorization - Model Context Protocol
Is OAuth part of the Model Context Protocol?
As per the MCP specification, authorization is optional for MCP implementations. MCP servers using an HTTP-based transport (as opposed to STDIO and other alternative transport methods) can support standardized authorization via OAuth, or must implement their own custom authorization via HTTP headers, for... See more
As per the MCP specification, authorization is optional for MCP implementations. MCP servers using an HTTP-based transport (as opposed to STDIO and other alternative transport methods) can support standardized authorization via OAuth, or must implement their own custom authorization via HTTP headers, for... See more