Everything you need to know to secure your MCP server using OAuth 2.1 and PKCE, server and auth metadata, client registration, JWT validation, and role-based access control.
By creating a central catalog of available servers, the MCP Registry has solved the discovery problem—but that's only half the equation. The real challenge lies in authentication.
42% of companies abandoned most AI initiatives in 2025, up from just 17% in 2024. After analyzing dozens of enterprise deployments, we found 4 patterns that separate winners from the graveyard of abandoned prototypes.
Build a CIMD-based confidential MCP client in Python using Authorization Code + PKCE.
Anthropic, OpenAI, Block, and the Linux Foundation discuss governing MCP together as the new Agentic AI Foundation launches with 50 companies on day one.
Michael Grinich traces MCP's evolution from local file system interface to industry standard, announces the Agentic AI Foundation, and walks through the latest spec updates.
Paul Irish shows how Chrome DevTools' MCP integration lets AI agents parse 15M-line performance traces and debug browser sessions programmatically.
Den Delimarsky demonstrates MCP's new auth flow—Protected Resource Metadata replaces Dynamic Client Registration for zero-config authentication.
Reilly Wood on why structured queries beat freeform commands at scale
Craig Cannon demos the Turbo-Man Tracker at MCP Night, showing how Supabase's MCP server turns natural language into SQL queries in real-time.
Cloudflare's Code Mode generates code instead of calling MCP tools directly—cutting token usage by 32% for simple tasks and 81% for complex batch operations.
A practical guide to choosing the right role-based access control provider for modern multi-tenant SaaS apps.
MCP Night, The Holiday Special, marked a historic moment: Anthropic donated MCP to the Linux Foundation, launching the Agentic AI Foundation. Demos from Cloudflare, Supabase, Datadog, Microsoft, and Google.
How the Identity Assertion Authorization Grant (ID-JAG)—marketed by Okta as Cross-App Access (XAA)—lets enterprises manage MCP AI app connections through their IdP, with centralized visibility, policy control, and no consent fatigue.
The Linux Foundation unites MCP, goose, and AGENTS.md under open governance. WorkOS breaks down what the new Agentic AI Foundation (AAIF) means for developers.
A practical guide to OAuth’s original MCP onboarding method: how DCR works, where it breaks at scale, and why it still matters alongside CIMD.
Scalable, stateless client registration for AI agents: using a URL as your OAuth client ID to access MCP servers.
OAuth 2.0 and OIDC are no longer just for SSO or integrations; they’re the trust layer that makes AI agents safe, scoped, and governable.
Our global team is growing and we’re hiring all types of roles.
WorkOS builds developer tools for quickly adding enterprise features to applications.
This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.
.webp)
.webp)
.webp)