MCP supports authentication via OAuth2, which is what we use here. For the most part, this means that a browser window is opened and the user can sign in with their GitHub or Google account. The access token is verified by us and passed to the upstream MCP server.
We'd love to allow orgs to bring their own IdP but there is some refactoring we still have to do for this.
MCP supports authentication via OAuth2, which is what we use here. For the most part, this means that a browser window is opened and the user can sign in with their GitHub or Google account. The access token is verified by us and passed to the upstream MCP server.
We'd love to allow orgs to bring their own IdP but there is some refactoring we still have to do for this.