Pipes MCP: Session-scoped authorization for AI agents

Pipes MCP introduces a session-scoped authorization model that enhances security for agent workflows by limiting their access to OAuth-connected systems like Snowflake, Google Drive, and Salesforce to the duration of a specific task. Unlike traditional OAuth models, which provide long-lived tokens that can be refreshed indefinitely, Pipes MCP requires explicit human approval for session initiation and automatically revokes access when the session ends, thus preventing agents from acting unpredictably beyond their assigned tasks. This system leverages existing Pipes connections, requiring no additional integration with third-party providers, and enforces access checks at runtime, making authorization explicit and manageable. By providing a deployable Model Context Protocol (MCP) server, developers can integrate this model into their infrastructure, allowing agents to interact with connected providers as tools within a time-bound session and ensuring that authorization does not silently extend itself. This approach addresses the ongoing debate regarding agent identity and authorization by treating agents as acting on behalf of a user, with access limited to a specific task or session and governed by human-in-the-loop approval, offering a practical solution for securing agent interactions with third-party systems.