OAuth's Role in MCP Security
5 comments
·April 20, 2025gsibble
boleary-gl
You’re not wrong but also this does raise a central question that I think is super un-considered in this whole MCP thing: how are we handling identity in those contexts.
If anything we should be more concerned so it that because of the power that it can hand over to agents.
adamm255
Totally. Still getting my head around this write up but it goes into a lot of detail. https://aaronparecki.com/2025/04/03/15/oauth-for-model-conte...
mdaniel
> What callback url are you going to use?
There is actually a dedicated redirect_uri URN for fixing that: "urn:ietf:wg:oauth:2.0:oob" or, if the service is modern enough, RFC 8252 offers custom scheme support https://datatracker.ietf.org/doc/html/rfc8252#section-7.1
spacebanana7
I feel the authorisation layer really needs to sit with the MCP server.
Ultimately the LLM provider’s servers can’t be prevented from using a token however they want.
I don’t think this is a great article. MCP is inherently designed so integrating something like oAUTH is going to be very difficult. What callback url are you going to use? How are you going to pass the token in so it isn’t stored by the LLM provider? Etc.