Same topic, related formats. Practice these next.
Same topic, related formats. Practice these next.
No security hole. Local stdio servers inherit the user's OS permissions, so MCP-layer auth is redundant. Remote streamable HTTP servers need OAuth 2.1 with PKCE because the trust boundary moves to the network.
Imagine you hire a helper to work inside your apartment. You unlocked the door and let them in, so they can already reach anything you can reach. Asking them to also show an ID badge at the kitchen door would not make your apartment safer. A local MCP server is that helper already inside your home. Now imagine the helper works from a different building over the phone. You need a way to confirm it is really them on the line, because anyone could pick up the phone. That phone verification is the auth layer: OAuth for human users, tokens for automated services.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
3 min: stdio trust boundary is the OS account, no MCP auth needed. Remote streamable HTTP trust boundary is the network, OAuth 2.1 with PKCE for user-facing servers, bearer for services. Never ship a remote server without auth. Token stays out of the model context.
Real products, models, and research that use this idea.
What an interviewer would ask next. Try answering before peeking at the approach.
Red flags and common mistakes that signal junior thinking. Click to expand.
Adding OAuth to a local stdio server. The OS account already gates everything the server can do; OAuth on top is wasted ceremony. The reverse mistake is worse: shipping a remote server with no auth at all.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.