Creativity · MCP — pattern

MCP Server Authentication Patterns

Authentication in MCP depends on whether the server is local or remote. Local stdio servers trust the process that spawned them and typically read secrets from env vars; remote HTTP servers implement OAuth 2.1 with dynamic client registration per the 2025 spec revision. Getting auth right — scopes, rotation, audit — is what separates a demo from a production integration.

MCP facts

Kind
pattern
Ecosystem
anthropic-mcp
Transports
stdio, http, sse

Capabilities

  • Local stdio: env var secrets, vault integration, OS keychains
  • Remote HTTP: OAuth 2.1 authorization code flow with PKCE
  • Dynamic Client Registration (RFC 7591) so clients register without manual setup
  • Scope design: read-only vs write, per-resource grants, short-lived tokens

Configuration

{
  "mcpServers": {
    "github-local": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx" }
    },
    "notion-remote": {
      "url": "https://mcp.notion.com/mcp"
    }
  }
}

Frequently asked questions

How do remote MCP servers authenticate users?

The 2025 spec mandates OAuth 2.1 with PKCE. The client does the browser redirect, the user consents in the vendor's UI (e.g. Notion, GitHub, Linear), and the client exchanges the code for access/refresh tokens. Tokens are attached as Authorization: Bearer headers on every MCP request.

What is dynamic client registration?

RFC 7591 lets an MCP client create its own OAuth client record at the server on first use — no manual 'Copy the Client ID and Secret' step. It is the key feature that lets any MCP client (Claude, Cursor, Zed) connect to any remote server without per-pair setup.

How should I store the tokens for local stdio servers?

Never hard-code them in prompts or checked-in config. Use an OS keychain (Keychain on macOS, DPAPI on Windows, libsecret on Linux) via a shim, or a secret manager like 1Password CLI that injects env vars at launch time.

What about network-level auth?

Remote MCP servers should sit behind TLS and, for internal deployments, a network edge like Cloudflare Access or Tailscale. OAuth gives you user identity; network policy gives you reachability.

Sources

  1. MCP Authorization specification — accessed 2026-04-20
  2. OAuth 2.1 draft — accessed 2026-04-20
  3. RFC 7591 — OAuth 2.0 Dynamic Client Registration — accessed 2026-04-20

Related

  • MCP for Developers — building your first server — A developer-focused introduction to building MCP servers: transports, primitives (tools/resources/prompts), the TypeScript and Python SDKs, and how Claude Desktop loads your server.
  • MCP Registry and Discovery — How users and agents find Model Context Protocol servers — from the official MCP Registry and the modelcontextprotocol/servers repo to per-client marketplaces in Cursor, Claude Desktop, and Cline.
  • MCP Transports — stdio vs SSE vs Streamable HTTP — Compare the three official Model Context Protocol transports — stdio, Server-Sent Events, and the newer Streamable HTTP — and learn when to pick each for local tools vs remote multi-tenant servers.
  • All MCP — Browse the complete mcp library
  • VSET — Programmes offered — B.Tech programs (CSE, AI&ML, AI&DS, Electronics, IIoT)