Authentication

Authentication in MCP is the process of a server verifying that a client (or the user behind the client) has the right to access specific resources or invoke certain tools.

Mechanisms in MCP

• → Initial Connection: Authentication can happen during the transport establishment (e.g., API keys in HTTP headers).
• → Dynamic Elicitation: Using the OAuth2 flow to prompt the user for credentials just-in-time for third-party services.
• → Local Trust: Stdio-based local servers often rely on the security context of the user running the process.

OAuth Flow Distinctions

MCP supports two distinct OAuth contexts that must not be confused:

1. MCP Authorization: The client authenticating to the MCP server itself (e.g., API keys, OAuth tokens for server access).
2. URL Mode Elicitation: Just-in-time OAuth flow for third-party services where the MCP server acts as an OAuth client to external APIs.

Critical Security Requirement: Third-party credentials obtained through elicitation MUST NOT transit through the MCP client. The server acts as both an OAuth resource server (to the MCP client) and an OAuth client (to third-party services). Token passthrough is explicitly forbidden to maintain security boundaries.

Secure authentication is paramount for protecting sensitive enterprise data in agentic workflows.

Secure Authentication in Practice with HasMCP

HasMCP provides robust, production-grade security by integrating an encrypted secret vault for managing API keys and credentials. Instead of exposing sensitive data to the LLM, HasMCP handles the injection of secrets at the proxy level. Furthermore, its native support for MCP Elicitation Auth allows for just-in-time user authentication via OAuth2, ensuring that every tool call remains authorized and secure without manual developer intervention.

Questions & Answers

How does MCP handle authentication during the transport phase?

Authentication can be established during transport, for example, by including API keys in HTTP headers for networked servers or relying on the local system's security context for stdio-based servers.

What is "Dynamic Elicitation" in the context of MCP authentication?

Dynamic Elicitation is a just-in-time authentication process where the MCP server initiates an OAuth2 flow to obtain user credentials for third-party services only when needed to execute a tool. Importantly, these third-party credentials never transit through the MCP client—the server manages the OAuth flow directly with the external service.

How does a gateway like HasMCP improve authentication security?

HasMCP manages API keys and credentials in an encrypted vault and handles their injection at the proxy level, so that sensitive secrets are never directly exposed to the LLM.