Understanding URL-mode elicitation in MCP

The Model Context Protocol (MCP) utilizes elicitation to request user input during active sessions, allowing workflows to be interactive rather than restricted to single tool calls. Traditional elicitation involves collecting structured data directly through the MCP client, which works well for simple, non-sensitive inputs but is inadequate for interactions involving sensitive information like OAuth authorization or payment details. To address this gap, URL-mode elicitation enables MCP servers to guide users to external URLs for secure and trusted interactions, ensuring that sensitive data remains outside the MCP client and model context. This approach requires explicit client capability declarations to support URL-mode elicitation, which acts as a blocking control-flow step, ensuring critical interactions are completed securely. While form mode and URL mode serve different purposes, both are integral to MCP’s execution model, allowing for secure, real-world workflows that integrate automated reasoning, server-side orchestration, and human interaction, without compromising security. As MCP adoption grows, URL-mode elicitation is expected to become essential in bridging AI workflows with external systems, enhancing security and protocol consistency.