Authentication and Authorization

MCP servers that access sensitive data need authentication. The protocol supports OAuth 2.0 for SSE-based servers, which means your server can require users to authenticate before accessing tools. The flow: Claude Code connects to your MCP server, the server responds with an OAuth authorization URL, the user authenticates in their browser, and the server receives the token. Subsequent tool invocations include the token automatically.

For stdio servers, authentication is simpler because the server runs locally as the user. Environment variables are the standard mechanism — your server reads an API key from the environment (process.env.MY_API_KEY) and uses it to authenticate with external services. The API key never passes through Claude — it stays in the server process. This is a critical security property: Claude sees the tool results but never sees the credentials used to obtain them.