What is OAuth for MCP?

OAuth for MCP is the authorization story for remote MCP servers. A local stdio server can simply read a key from your environment, but a hosted server reached over the network needs a way to know who is calling and what they are allowed to do, without every user hard-coding a shared secret. The Model Context Protocol's authorization spec answers this with OAuth 2.1: the server acts as (or sits behind) an authorization server, and when a client first connects it triggers a standard browser-based sign-in and consent flow. The user authenticates, approves the requested scopes, and the client receives a short-lived access token it presents on subsequent requests. This gives per-user, revocable, least-privilege access and keeps credentials out of plaintext config. The MCP profile leans on modern OAuth building blocks, PKCE, protected-resource metadata for discovery, and Dynamic Client Registration so clients can register themselves automatically. Glen's remote server uses exactly this pattern, so each teammate authorizes their own access to the shared memory store.