I've built a remote mcp with oauth2 auth from scratch just last week.
The standard has a page on authorization[0], though it's not particularly easy to read for someone not well-versed with OAuth.
In short, MCP just uses plain boring oauth, like any other oauth authorization. Like when you authorize an app to access your google calendar. The only difference is that instead of accessing your normal API, they access your MCP http endpoint. Each connection to that endpoint will pass the Authorisation header with an oauth token, which you can resolve to a user on your side. Same as you would with normal OAuth.
One cool bit is that MCP providers are supposed to support OAuth2 Dynamic Client Registration, which means that e.g. Claude can provision an OAuth2 client in your app programmatically (and get a client_id/client_secret that it can use for authorization flows).
When you add an MCP server to your Claude organization, you just add the MCP server. Each user will have to go through the integration's OAuth2 authorization flow separately.
> When you add an MCP server to your Claude organization, you just add the MCP server. Each user will have to go through the integration's OAuth2 authorization flow separately.
The standard has a page on authorization[0], though it's not particularly easy to read for someone not well-versed with OAuth.
In short, MCP just uses plain boring oauth, like any other oauth authorization. Like when you authorize an app to access your google calendar. The only difference is that instead of accessing your normal API, they access your MCP http endpoint. Each connection to that endpoint will pass the Authorisation header with an oauth token, which you can resolve to a user on your side. Same as you would with normal OAuth.
One cool bit is that MCP providers are supposed to support OAuth2 Dynamic Client Registration, which means that e.g. Claude can provision an OAuth2 client in your app programmatically (and get a client_id/client_secret that it can use for authorization flows).
When you add an MCP server to your Claude organization, you just add the MCP server. Each user will have to go through the integration's OAuth2 authorization flow separately.
[0]: https://modelcontextprotocol.io/specification/2025-03-26/bas...