CIMD vs DCR: The new default for MCP Client Registration in 2025

MCP's 2025 release introduces a significant change in the OAuth client registration process, shifting from Dynamic Client Registration (DCR) to Client ID Metadata Documents (CIMD). This transition aims to address the scalability issues inherent in DCR, where clients register with multiple servers, leading to potential security risks and administrative overhead. CIMD offers a solution by allowing clients to identify themselves through a URL pointing to a JSON document, streamlining the process by eliminating the need for per-server registration and reducing client sprawl. This approach aligns with MCP's scale and decentralization needs, as it leverages web-native identity patterns, enhances security by preventing unauthorized access, and simplifies client management without relying on manual registration. While DCR remains useful in controlled environments requiring strict client oversight, CIMD is now the recommended default for MCP, with WorkOS already supporting this new method to facilitate smoother OAuth integration.