MCP Server Authorization
Model Context Protocol (MCP) is a protocol for LLM hosts (Claude, ChatGPT, Cursor) to discover and call external tools. MCP servers expose tools; MCP clients invoke them. When an MCP server exposes sensitive resources, it needs authorization to ensure only permitted clients and users can access it.
LumoAuth's role is to authorize those tool calls: register MCP servers as protected resources, configure scopes, and let LumoAuth serve as the OAuth 2.0 authorization server while AI applications act as OAuth clients.
This implementation follows the MCP Authorization specification (draft), including OAuth 2.1, RFC 9728 (Protected Resource Metadata), RFC 8707 (Resource Indicators), and RFC 8414 (Authorization Server Metadata).
Architecture
Key concepts
Roles
| Role | Description | In LumoAuth |
|---|---|---|
| Authorization Server | Issues access tokens and handles user authentication | LumoAuth serves this role |
| Resource Server (MCP Server) | Hosts tools, resources, and prompts; validates Bearer tokens | Your registered MCP server |
| Client (MCP Client) | AI application that connects to MCP servers on behalf of users | Registered as an OAuth client in LumoAuth |
Standards implemented
| Standard | Purpose |
|---|---|
| OAuth 2.1 | Core authorization framework with security best practices |
| RFC 9728 | OAuth 2.0 Protected Resource Metadata — how MCP clients discover the authorization server |
| RFC 8707 | Resource Indicators — binding tokens to specific MCP server audiences |
| RFC 8414 | Authorization Server Metadata — discovering LumoAuth endpoints |
| RFC 7591 | Dynamic Client Registration — MCP clients can self-register |
Quickstart
To secure an MCP server with LumoAuth:
- Register your MCP server in the Organization Portal under Developer > MCP Servers.
- Configure your MCP server to return
401 Unauthorizedwith aWWW-Authenticateheader pointing to LumoAuth's Protected Resource Metadata. - Validate tokens using LumoAuth's token introspection endpoint, verifying that the
audclaim matches your server's Resource URI.
API endpoints
GET /orgs/{orgId}/api/v1/.well-known/oauth-protected-resource/mcp/{serverId} — Protected Resource Metadata (RFC 9728) for a specific MCP server. View details →
GET /orgs/{orgId}/api/v1/.well-known/oauth-protected-resource — root-level Protected Resource Metadata for the organization's MCP servers. View details →
GET /orgs/{orgId}/api/v1/mcp/servers — list all active MCP servers for an organization (requires Bearer token). View details →
GET /orgs/{orgId}/api/v1/mcp/servers/{serverId} — details of a specific MCP server including discovery URLs. View details →
GET / POST /orgs/{orgId}/api/v1/mcp/{serverId}/challenge — test the 401 challenge flow. Returns the WWW-Authenticate header for unauthenticated requests. View details →
Related
- MCP Authorization Flow — step-by-step OAuth 2.1 flow
- Protected Resource Metadata — discovery document details
- MCP Server Registration — register your MCP server