Advanced8 min

MCP Authentication

Secure MCP connections with OAuth 2.1, API keys, and custom auth — including delegated authentication where agents access services on behalf of users.

Quick Reference

→OAuth 2.1 is the standard for MCP server authentication — supported natively in Fleet and Agent Server
→API key auth: pass static keys via custom headers or interceptors
→Delegated auth: agent acts on behalf of the user with scoped, short-lived tokens
→Auth proxy pattern: agent never sees raw credentials — proxy handles token exchange
→Per-server auth: different MCP servers can use different auth methods
→Credential rotation: use interceptors to refresh expired tokens automatically

OAuth 2.1 Authentication

OAuth 2.1 is the recommended auth standard for MCP servers that access user data (Gmail, Slack, Salesforce, etc.). The flow: user authorizes the app → app receives tokens → agent uses tokens to access the MCP server on behalf of the user.

OAuth 2.1 MCP server connection

Delegated Authentication

In delegated auth, the agent accesses services on behalf of the user — not with the app's credentials, but with the user's scoped tokens. This is critical for privacy: the agent can read the user's email but not other users' email.

Auth Proxy Pattern

For maximum security, the agent never sees raw credentials. An auth proxy sits between the agent and the MCP server, handling token exchange and injection. The agent sends requests to the proxy, which adds the right credentials before forwarding to the actual MCP server.

Sign in to read this article

This is a premium article. Sign in with your Google account to continue.