MP-201c · Module 2

OAuth 2.0 for MCP

4 min read

MCP adopted OAuth 2.0 as its authorization framework for remote servers. The flow follows the standard authorization code grant: the client redirects the user to the MCP server's authorization endpoint, the user authenticates and grants permission, the server redirects back with an authorization code, and the client exchanges the code for an access token. Every subsequent MCP request includes the access token in the Authorization header. This is the same pattern that secures GitHub APIs, Google APIs, and every major SaaS platform.

Scope definitions are where MCP OAuth gets specific. Scopes control which tools, resources, and prompts a client can access. A well-designed MCP server defines granular scopes — "tools:read" for listing available tools, "tools:execute:filesystem" for running filesystem tools, "resources:read:database" for querying database resources. The consent screen should make these scopes human-readable: "This application wants to read your files and query your database." Users must understand what they are authorizing.

Token management requires attention to lifecycle. Access tokens should be short-lived (15 minutes to 1 hour) with refresh tokens for long-running sessions. The client must handle token refresh transparently — when a request returns 401, exchange the refresh token for a new access token and retry. Store refresh tokens securely (encrypted at rest, never in localStorage). Revocation endpoints let users and administrators invalidate tokens immediately when a session is compromised.

// MCP server OAuth 2.0 configuration
const oauthConfig = {
  // Authorization server metadata
  issuer: "https://mcp.example.com",
  authorization_endpoint: "/oauth/authorize",
  token_endpoint: "/oauth/token",
  revocation_endpoint: "/oauth/revoke",
  registration_endpoint: "/oauth/register",

  // Supported grants
  grant_types_supported: ["authorization_code"],
  code_challenge_methods_supported: ["S256"], // PKCE required

  // MCP-specific scopes
  scopes_supported: [
    "tools:list",              // List available tools
    "tools:execute",           // Execute any tool
    "tools:execute:filesystem", // Execute filesystem tools only
    "tools:execute:database",  // Execute database tools only
    "resources:read",          // Read any resource
    "resources:subscribe",     // Subscribe to resource changes
    "prompts:list",            // List available prompts
    "prompts:execute",         // Execute prompts
  ],

  // Token lifetimes
  access_token_ttl: 3600,      // 1 hour
  refresh_token_ttl: 2592000,  // 30 days
};