What is Dynamic Client Registration?

Dynamic Client Registration (DCR) is an extension of OAuth that facilitates the programmatic creation of OAuth clients through an API, rather than a manual user interface. An OAuth client, such as Claude Desktop, requests access on behalf of a user to perform actions like accessing a Google Calendar. Client registration is crucial for the authorization server to understand application-specific rules, including redirect URIs and permitted flows. While DCR streamlines onboarding in environments like the Model Context Protocol (MCP) by removing cumbersome manual steps, it necessitates robust server-side protections against potential risks like spam and phishing, given the often unauthenticated nature of the registration endpoint. Consequently, DCR-registered clients should always be treated as untrusted, requiring explicit user consent for access.