The latest version of the MCP spec is now officially 2025-06-18! Congrats to everyone in the MCP community involved in making this happen!
Key updates to the authorization section:
⚙️ MCP Servers are no longer responsible for issuing access tokens or handling user authentication
🛡️ A dedicated Authorization Server separate from the MCP Server handles user authentication and issuing access tokens
🔍 RFC9728 Protected Resource Metadata enables the MCP client to dynamically discover the MCP Server's authorization server
👉 RFC8707 Resource Indicators are required as a security measure
Thanks to everyone who contributed to the many discussions to update the authorization part of the spec to be more compatible with existing OAuth systems!
David Soria Parra, Paul Carleton, Den Delimarsky, Nate Barbettini, William Dawson, Jared Hanson, Karl McGuinness, Darin McAdams, Jean-François LOMBARDO and apologies if I forgot to mention you, those threads were extremely long!
#modelcontextprotocol #mcp #oauth #ai
WeChat ID
aaronpk_tv
