Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Auth for MCP: Secure MCP servers using OAuth

Avatar for Deepu K Sasidharan Deepu K Sasidharan
October 01, 2025
Programming
0
12

Auth for MCP: Secure MCP servers using OAuth

Learn how to secure MCP servers using Ouath and Auth0

Avatar for Deepu K Sasidharan

Deepu K Sasidharan

October 01, 2025
Tweet

More Decks by Deepu K Sasidharan

See All by Deepu K Sasidharan
Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue
Avatar for Deepu K Sasidharan deepu105
0
13
Auth0 for AI Agents
Avatar for Deepu K Sasidharan deepu105
1
37
Securing the Future of AI: Authorization Strategies for RAG Systems using LangChain4J and OpenFGA
Avatar for Deepu K Sasidharan deepu105
0
74
Demystifying OAuth and OIDC: JFokus
Avatar for Deepu K Sasidharan deepu105
1
130
Mastering Kubernetes Security from Containers to Cluster Fortresses
Avatar for Deepu K Sasidharan deepu105
1
77
Go containerless on Kubernetes
Avatar for Deepu K Sasidharan deepu105
1
110
A Passwordless Future! Passkeys for Java Developers
Avatar for Deepu K Sasidharan deepu105
0
140
Go containerless on Kubernetes with WebAssembly and Rust
Avatar for Deepu K Sasidharan deepu105
0
70
An illustrated crash course for OAuth and OIDC
Avatar for Deepu K Sasidharan deepu105
1
190

Other Decks in Programming

See All in Programming
AIで開発生産性を上げる個人とチームの取り組み
Avatar for TaniiGo taniigo
0
130
CSC305 Lecture 03
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
230
猫と暮らすネットワークカメラ生活🐈 ~Vision frameworkでペットを愛でよう~ / iOSDC Japan 2025
Avatar for Yutaro Muta yutailang0119
0
210
プログラマのための作曲入門
Avatar for CHEEBOW cheebow
0
510
半自動E2Eで手っ取り早くリグレッションテストを効率化しよう
Avatar for Ryuta Kibe beryu
6
2.4k
階層構造を表現するデータ構造とリファクタリング 〜1年で10倍成長したプロダクトの変化と課題〜
Avatar for yuhi yuhisatoxxx
3
850
大規模アプリにおけるXcode Previews実用化までの道のり
Avatar for Sho Ikeda ikesyo
0
970
育てるアーキテクチャ:戦い抜くPythonマイクロサービスの設計と進化戦略
Avatar for fujidomoe fujidomoe
1
150
LLMとPlaywright/reg-suitを活用した jQueryリファクタリングの実際
Avatar for kinocoboy kinocoboy2
4
660
Pull-Requestの内容を1クリックで動作確認可能にするワークフロー
Avatar for Atsuya Sato natmark
1
330
GitHub Actions × AWS OIDC連携の仕組みと経緯を理解する
Avatar for Itaru Ota ota1022
0
220
2分台で1500examples完走!爆速CIを支える環境構築術 - Kaigi on Rails 2025
Avatar for Hayato OKUMOTO falcon8823
3
2.6k

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.2k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
657
61k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
332
24k
Fireside Chat
Avatar for paigeccino paigeccino
40
3.7k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
3k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
460k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
274
40k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
75
5k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k

Transcript

  1. Auth for MCP Secure MCP servers using OAuth Deepu K

    Sasidharan

  2. @auth0 | @deepu105 | deepu.tech ➔ JHipster co-chair ➔ Creator

    of KDash, JDL Studio, JWT UI ➔ Developer Advocate @ Auth0 ➔ OSS aficionado, polyglot dev, Java Champion, author, speaker Hi, I’m Deepu K Sasidharan @[email protected] deepu.tech @deepu105.bsky.social deepu05

  3. @auth0 | @deepu105 | deepu.tech MCP & Security OAuth for

    MCP

  4. @auth0 | @deepu105 | deepu.tech • Standardized in MCP spec

    • MCP clients and servers can use OAuth to delegate authorization • MCP servers are resource servers • Built-in Security Baseline (PKCE by default) • Simplified Connections (Metadata Discovery) • Seamless Onboarding (Dynamic Client Registration - DCR) • Leveraging Your Existing Identity Infrastructure (Third-Party Auth) Authorization using OAuth 2.1.

  5. @auth0 | @deepu105 | deepu.tech Metadata Discovery

  6. @auth0 | @deepu105 | deepu.tech Dynamic Client Registration

  7. @auth0 | @deepu105 | deepu.tech Authorization Flow

  8. @auth0 | @deepu105 | deepu.tech Authorization Flow (Full)

  9. @auth0 | @deepu105 | deepu.tech FastMCP Server with OAuth flow

    github.com/deepu105/auth0-fastmcp-demo

  10. @auth0 | @deepu105 | deepu.tech Auth0 MCP Server

  11. @auth0 | @deepu105 | deepu.tech # Install the MCP server

    npx @auth0/auth0-mcp-server init # Select scopes and authorize # Configure the MCP server in Goose goose configure # Add extension > command line # Name: auth0 # command: npx -y @auth0/auth0-mcp-server run --tools * # Env: DEBUG: auth0-mcp Setup

  12. @auth0 | @deepu105 | deepu.tech # Prompts ## Create Auth0

    application Create a new Auth0 web app application named ‘My Web App’, with a Callback URL http://localhost:3000/callback and an Allowed Logout URL http://localhost:3000 and make sure it is OIDC compliant and set the JWT to use alg RS256 ## Get app details Get the auth0 app #ID Manage Auth0 Apps

  13. @auth0 | @deepu105 | deepu.tech # Prompts ## Create Auth0

    application Create a new Auth0 web app application named ‘My Web App’, with a Callback URL http://localhost:3000/callback and an Allowed Logout URL http://localhost:3000 and make sure it is OIDC compliant and set the JWT to use alg RS256 ## Get app details Get the auth0 app #ID Get logs

  14. @auth0 | @deepu105 | deepu.tech Auth for GenAI a0.to/ai-event

  15. @auth0 | @deepu105 | deepu.tech AI Content from Auth0 https://auth0.com/blog/ai/

  16. Thank You