OAuth and Open Finance Patterns for Model Context Protocol Security
· One min read
OAuth and Open Finance already solved this—let’s plug MCP into the same architecture.
I just finished Aaron Parecki “Let’s Fix OAuth in MCP” and couldn’t agree more:
- Keep the roles clean. The MCP server is a Resource Server; token minting and consent belong in a separate Authorization Server.
- Advertise endpoints once. Use the new OAuth Protected Resource Metadata (RFC 9728) instead of OIDC discovery to decouple AS and RS.
- Gate Dynamic Client Registration. Open-banking & CDR showed that accreditation + software statements stop drive-by registrations and keep the audit trail.
- Issue audience-restricted and client bound tokens. Zero-trust for AI agents, no “super-tokens” that leak into legacy APIs.
Open-finance, FAPI 2.0, and CDR already solved many puzzles agentic AI is about to hit—no need to reinvent the wheel.
Read Aaron’s piece: Let's fix OAuth in MCP
Take a look and support the proposed changes in the draft version of the MCP specification