MCP OAuth
Demystified

How authentication actually works between AI clients and MCP servers, why enterprise IdPs are a challenge, and what you can do about it today.

December 2025 | Based on MCP Spec 2025-11-25

02

The Core Problem

What MCP Needs

MCP spec requires OAuth 2.1 for authentication
Clients (Claude, VSCode) need to connect to any MCP server
Spec says auth servers SHOULD support Dynamic Client Registration (DCR)
DCR lets clients self-register and get credentials automatically

What Enterprises Have

Okta, Entra, Google don't support DCR
Enterprise IdPs require manual app registration
Each client needs pre-configured credentials
Creates M clients x N servers registration nightmare

The gap: MCP assumes dynamic, automatic client registration. Enterprise IdPs assume manual, pre-approved app onboarding. These models are fundamentally incompatible.

03

Solution: OAuth Proxy Pattern

The bridge that makes non-DCR IdPs work with MCP today

MCP Client

Claude / VSCode

DCR request

→

OAuth Proxy

FastMCP / WorkOS

Fixed credentials

→

Enterprise IdP

Okta / Entra

HOW IT WORKS

Proxy Presents DCR

MCP client calls /register on the proxy. Proxy accepts the dynamic callback URL and returns its pre-configured upstream credentials.

KEY INSIGHT

One Registration

You register the proxy once with your IdP. The proxy then handles unlimited MCP client connections using those fixed credentials.

SECURITY

Dual-PKCE

Proxy maintains separate PKCE flows with client and IdP. Issues its own JWTs that reference upstream tokens. Full security at both layers.

04

OAuth Proxy Deep Dive

1

Client Calls /register

Claude sends its dynamic callback URL (e.g., http://localhost:54321/callback). Proxy stores this and returns its pre-configured client_id from the upstream IdP.

2

Authorization Redirect

Client hits /authorize. Proxy stores client's PKCE challenge, generates its own PKCE for upstream, shows consent screen, then redirects to IdP using proxy's fixed callback URL.

3

Upstream Token Exchange

IdP redirects to proxy's callback. Proxy exchanges auth code for upstream tokens, encrypts and stores them, generates a new auth code for the client.

4

Client Token Issuance

Proxy redirects to client's original dynamic callback. Client exchanges its code for a proxy-issued JWT that references the upstream token. Done.

05

Your Options Today

Approach	Who Handles DCR?	Enterprise IdP?	Status
OAuth Proxy (FastMCP)	Proxy presents DCR facade	✓ Via fixed creds	Production
DCR-Native Provider WorkOS, Auth0, Stytch	Provider (native DCR)	✓ Via OAuth bridge	Production
Manual Client ID	N/A (pre-registered)	✓ Direct	Available
CIMD Client ID Metadata Docs	Client hosts metadata URL	✓ Domain-based trust	VSCode only
Cross App Access SEP-990	N/A (IdP controls all)	✓ Native	Draft

For enterprises today: Use OAuth Proxy (FastMCP) or a DCR-native provider (WorkOS). Both work now with existing IdPs.

06

What's Coming

The Nov 2025 MCP spec introduced two major changes to client registration

CIMD Shipping

Client ID Metadata Documents - the new default

Client hosts metadata at a URL:
https://app.com/client.json
URL is the client_id
Server fetches metadata on-demand
No more unbounded client registration
VSCode already supports it

Cross App Access Draft

Enterprise-Managed Authorization (SEP-990)

Enterprise IdP controls everything
User logs in via SSO
IdP issues ID-JAG token directly
No OAuth redirect dance needed
Not yet implemented

CIMD flips the registration model: instead of clients registering at servers, servers fetch client metadata from URLs. This eliminates the database sprawl problem that plagued DCR.

07

Enterprise Action Plan

A pragmatic path forward while the auth landscape matures

Step 1

Go Public First

Start with unauthenticated MCP servers
Tools that are safe to expose publicly
Docs, code assist, public APIs
Build organizational muscle with MCP
Learn usage patterns and trace flows

Step 2

Experiment with Auth

Pick one use case to test auth
Try OAuth Proxy (FastMCP) or a DCR-native provider
Map scopes to your RBAC
Understand the complexity firsthand
The spec is maturing quickly

Step 3

Watch the Horizon

CIMD adoption across clients
Cross App Access (SEP-990) progress
You'll be best positioned when these land
Experience + mature auth = full unlock

The recommendation: See how far you can get with unauthenticated servers first. Build the muscle. When the auth story matures, you'll be ready to unlock sensitive use cases with confidence.

Questions? Just ask.

MCP OAuthDemystified