modelcontextprotocol/ext-auth
Source code, specifications, and reference implementations for MCP
authorization extensions.
Why authorization extensions?
The core MCP specification includes a robust authorization framework built on OAuth 2.0. That framework handles the common case well: a user interactively grants an MCP client permission to access a server on their behalf. But not every MCP deployment fits this pattern:- Machine-to-machine integrations don’t have a human in the loop. Background services, CI pipelines, and automated workflows need to authenticate without interactive user consent flows.
- Enterprise environments often have centralized identity providers (IdPs) that enforce policy across all applications. Requiring employees to authorize each MCP server individually creates friction and bypasses existing security controls.
Available extensions
OAuth Client Credentials
Machine-to-machine authentication using the OAuth 2.0 client credentials
flow. No user interaction required.
Enterprise-Managed Authorization
Centralized access control via enterprise identity providers. Employees
access MCP servers through their organization’s IdP.
Choosing the right extension
| Scenario | Recommended extension |
|---|---|
| Background service or daemon accessing an MCP server | OAuth Client Credentials |
| CI/CD pipeline calling MCP tools | OAuth Client Credentials |
| Server-to-server API integration | OAuth Client Credentials |
| Enterprise employees accessing MCP servers at work | Enterprise-Managed Authorization |
| Organization-wide MCP access policy enforcement | Enterprise-Managed Authorization |
| Standard interactive user authorization | Core MCP spec (no extension needed) |
Client support
Authorization extension support varies by client. See the client matrix for a full breakdown. Both extensions require explicit support from the MCP client — they are never active by default.Specification
Both extensions are specified in the ext-auth repository. They use the standard MCP extension negotiation mechanism: clients and servers declare support in theextensions field of their capabilities during initialization.