How MCP Clients Find Your Auth Server (Without You Telling Them)

In early implementations, the lack of a standard for authorization in MCP (Managed Cloud Platform) led to insecure practices, such as manually configuring credentials and relying on Dynamic Client Registration (DCR), which introduced vulnerabilities like registration endpoint abuse and Server-Side Request Forgery (SSRF). Enterprise Identity Providers (IdPs) like Okta and Azure AD disabled DCR by default due to its security risks, prompting a shift towards more secure solutions. The June 2025 revision introduced Protected Resource Metadata, allowing MCP servers to specify which authorization server to use, thereby enhancing security and eliminating the need for client registration. By November 2025, the introduction of Client ID Metadata Document (CIMD) further secured the system by requiring clients to host their metadata at controllable URLs, allowing authentication servers to verify identities without exposing registration endpoints. This approach streamlines the security model, where clients assert their identity and authorization servers verify it, while MCP servers focus solely on token validation, representing a significant advancement in securing MCP environments by 2026.