New: OAuth for MCP Servers — Lessons From Building for AI Agents

In this episode, the Semaphore team walks through the practical hurdles of adding OAuth support to their MCP server, a core component for securing agent‑driven workflows. They explain how dynamic client registration emerged as a moving target: each AI agent expects slightly different discovery URLs, client metadata, and scope handling. Because the MCP specification evolves monthly, the engineers had to build a flexible endpoint‑resolution layer that can interpret both "/.well-known/oauth" and custom paths without breaking existing agents.

A significant portion of the discussion centers on the integration with Keycloak. Rather than using Keycloak for full‑blown authorization, the team treats it as an identity provider, handling authentication and basic token issuance. This decision simplified early development but exposed limits when trying to enforce granular, project‑level permissions. Consequently, Semaphore split authorization into custom services, giving them tighter control over scopes such as read‑only versus read‑write access for MCP actions. The conversation highlights why understanding provider capabilities and spec maturity is crucial before committing to a particular OAuth flow.

Finally, the hosts stress a pragmatic testing strategy. They recommend starting with the most stable MCP spec version—typically the one from the previous year—and validating against a suite of real agents. Tools like MCP Jam Inspector provide step‑by‑step visibility into client requests and server responses, surfacing mismatches that generic error logs hide. By iterating across diverse agents and leveraging these inspection tools, teams can ensure reliable authentication while the underlying standards continue to evolve. This approach balances speed with robustness for businesses building secure, AI‑powered pipelines.