Getting Started with MCP Server Auth

You've built an MCP server, and now you want a real agent (Claude Code, Codex, Cursor, whatever your users happen to bring) to connect to it securely, on behalf of an actual signed-in user. The moment you try, you run into OAuth. And MCP's take on OAuth has a twist that trips up almost everyone the first time.

In normal OAuth, you register your app with the identity provider once, get a client ID, and ship it. That falls apart in MCP, because you don't know in advance which agent is going to connect, so you can't pre-register every client your users might show up with. This session covers how MCP gets around that with Dynamic Client Registration, plus the handful of OAuth concepts you actually need to follow what's going on.

Then we make it concrete. We'll take an Apollo MCP Server, add OAuth to it with Auth0, and watch the whole thing happen end to end: a client registering itself on the fly, a user logging in to grant access, and a tool call going through with a validated token. By the end you'll understand the flow well enough to set it up on your own server, and you'll be ready for the follow-on workshop on hardening it for real users.

You don't need any OAuth background to follow along. If you've got an MCP server (or are about to build one) and you want agents to access it the right way, this is the place to start. Bring a laptop if you'd like to try it yourself.

In this session, we cover:

• Why MCP needs Dynamic Client Registration

• The OAuth basics that matter for MCP

• Adding OAuth to an Apollo MCP Server with Auth0