While the spec includes OAuth 2.1 now, that's only half the story. The real question is where the credentials live.
When your agent calls a CLI or curls an API, it uses credentials stored on the developer's machine.
For one person that's fine. But for 50 agents across a department, each needing keys for Slack, Jira, GitHub, your CRM, and a dozen internal APIs? You've recreated the pre-SSO world, except access is autonomous and at machine speed.
Remote MCP servers (streamable HTTP, not stdio) change that. The agent authenticates via OAuth/SSO, the server holds the downstream keys, and the user never sees them. Disable the SSO account and every agent loses access.
This is the same pattern as centralizing database credentials instead of baking them into every microservice config, just on a different layer.
The auth story is heavily overlooked by most folks that are solo-vibing and then think that advice, the tools, and the practices that work for 1 works for a team or org.
It's right there in the docs and it's just OIDC + OAuth: https://modelcontextprotocol.io/specification/draft/basic/au...
While the spec includes OAuth 2.1 now, that's only half the story. The real question is where the credentials live.
When your agent calls a CLI or curls an API, it uses credentials stored on the developer's machine.
For one person that's fine. But for 50 agents across a department, each needing keys for Slack, Jira, GitHub, your CRM, and a dozen internal APIs? You've recreated the pre-SSO world, except access is autonomous and at machine speed.
Remote MCP servers (streamable HTTP, not stdio) change that. The agent authenticates via OAuth/SSO, the server holds the downstream keys, and the user never sees them. Disable the SSO account and every agent loses access.
This is the same pattern as centralizing database credentials instead of baking them into every microservice config, just on a different layer.
Longer version: https://dev.to/dennistraub/missing-from-the-mcp-debate-who-h...
Yes; I made the same point in my write up.
The auth story is heavily overlooked by most folks that are solo-vibing and then think that advice, the tools, and the practices that work for 1 works for a team or org.