Easy, Secure Dynamic Client Registration for MCP & AI Agents

Dynamic Client Registration (DCR) is a key recommendation of the Model Context Protocol (MCP) Authorization Spec, designed to simplify client and server deployments by automating the registration process through an API rather than manual operations across various identity provider portals. Despite its potential, DCR has not seen widespread adoption, particularly among major public OAuth servers, due to its relatively rare use cases until the recent rise of MCP servers, especially those used for AI agents. Tailscale, through its tsidp service, aims to simplify this process by enabling secure DCR that leverages existing single sign-on identity providers for authentication while maintaining access control through user identities. For internal MCP servers, Tailscale offers a streamlined security alternative by directly checking Tailscale identities, bypassing the need for an OAuth server. However, as MCP deployments grow more complex, particularly with intermediary agents, there is a need for a more robust solution such as STS Token Exchange, which Tailscale is working to support. Tailscale invites developers working on MCP use cases to join their efforts in enhancing their tsidp authorization server to better cater to the specific needs of secure MCP and AI agent deployments.