Home / Companies / WorkOS / Blog / Post Details
Content Deep Dive

How to secure your MCP server with OAuth resource indicators

Blog post from WorkOS

Post Details
Company
Date Published
Author
Maria Paktiti
Word Count
1,622
Company Posts That Month
31
Language
English
Hacker News Points
-
Summary

As the Model Context Protocol (MCP) evolves, its authentication layer has incorporated resource indicators from OAuth 2.0 to enhance security by binding tokens to specific resource servers. Resource indicators, defined in RFC 8707, allow a client to specify which server a token is intended for, preventing misuse across multiple servers and mitigating token confusion attacks. MCP utilizes these indicators by having clients include a resource parameter during authentication, ensuring that tokens are bounded to designated servers and reducing potential security risks. Implementation requires consistent URI advertisement, aud claim validation, and informative error messaging to aid debugging. For MCP client developers, managing tokens for multiple servers is crucial, as each server necessitates a unique token. Meanwhile, authorization server operators must support RFC 8707, handling the resource parameter and ensuring correct aud claim embedding. Resource indicators complement OAuth scopes, defining not just what actions a token permits but also where they can be executed, thereby bolstering security in multi-server environments. WorkOS AuthKit provides a solution for those who prefer not to manage this infrastructure, offering native support for resource indicators and seamless integration with existing systems.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
MCP 45 6,026 689 188 -15%
Vector Search 2 2,091 556 118 -8%