Discover the Model Context Protocol (MCP) and its authorization mechanisms. Learn how to use API keys, OAuth 2.1 implementation, and best practices for secure LLM API connections.
Read more…
Brought to you by @juan.martinez
Seeking more information? Questions are welcome – ask away!
I think there is a mistake in the sequence diagram for 3rd party auth flow - the arrow nr 5 from the top (Authorization code) should go to MCP Server, not to 3rd party Auth Server - which is exactly the problem you’re describing 
Great read! And apparently there is hope already - Issue 205 has just been resolved with an update to the spec.
Hi @zablivt,
Thanks for reading. The authorization code goes to the 3rd party, the problem in the spec mentioned, is that the spec blurs the line between the resource server and the authorization server.
As for the new spec, I’m really looking forward to when that gets finalized. I’m sure I’ll write about it once it’s published.