Supported by Curity Logotype

Session

MCP Client — Just Another OAuth Client?

Model Context Protocol (MCP) allows AI applications to call APIs, and calling APIs requires proper authorization. Fortunately, the protocol takes this into consideration and requires implementations to use OAuth — a well-established standard. But does that mean an MCP client is just another OAuth client that will work with your existing infrastructure, or do you need additional components, special considerations, or enhanced features?

In this talk, I will take a closer look at authorization in MCP and talk about:

  • how securing access to the MCP server differs from securing your APIs,
  • best practices for using OAuth features such as consent and refresh tokens with MCP,
  • whether you need an MCP gateway to ensure proper protections,
  • what security concerns and attack vectors you might face when dealing with MCP.

Smarter Tech Decisions Using APIs

Smarter Tech Decisions Using APIs

API blog

High impact blog posts and eBooks on API business models, and tech advice

API conferences

Connect with market leading platform creators at our events

API community

Join a helpful community of API practitioners

API Insights Straight to Your Inbox!

Can't make it to the event? Signup to the Nordic APIs newsletter for quality content. High impact blog posts on API business models and tech advice.

By clicking below, you agree that we process your information per the terms in our Privacy Policy.

Join Our Thriving Community

Become a part of our global community of API practitioners and enthusiasts. Share your insights on the blog, speak at an event or exhibit at our conferences and create new business relationships with decision makers and top influencers responsible for API solutions.

Nordic APIs Community Nordic APIs Community Nordic APIs Community Nordic APIs Community

Write

Speak

Sponsor