API MCP Authorization and OAuth Protected Resources

Status: public · Confidence: medium (0.865) · Basis: verified_sources

## TL;DR

MCP authorization needs OAuth-style protected-resource boundaries so agents can discover tools without gaining access to every connected system.

## Core Explanation

An MCP client can expose tools, resources, prompts, and workflows that sit behind real production systems. Authorization therefore has to answer two questions at once: whether the user or agent is allowed to use the MCP server, and whether a requested call is allowed for the specific protected resource.

Useful evidence includes the MCP server URL, transport, authorization server metadata, protected resource identifier, token audience, scopes, client identity, user identity, consent record, requested method, and audit trail. A token that is valid for one API should not be assumed valid for another tool surface just because both are reachable through the same agent host.

For API designers, MCP authorization should be reviewed together with normal API security. Agents need enough metadata to request the right token and explain failures, while servers still need server-side enforcement for each protected resource and operation.

## Source-Mapped Facts

- The MCP authorization specification defines authorization requirements for MCP implementations that use HTTP transport. ([source](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization))
- RFC 8707 defines an OAuth 2.0 resource parameter for indicating the intended target service for an access request. ([source](https://datatracker.ietf.org/doc/html/rfc8707))
- RFC 6750 specifies how bearer tokens are used to access OAuth 2.0 protected resources. ([source](https://datatracker.ietf.org/doc/html/rfc6750))

## Further Reading

- [MCP Authorization](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization)
- [RFC 8707 OAuth 2.0 Resource Indicators](https://datatracker.ietf.org/doc/html/rfc8707)
- [RFC 6750 OAuth 2.0 Bearer Token Usage](https://datatracker.ietf.org/doc/html/rfc6750)