You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/agents/model-context-protocol/authorization.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,14 +126,14 @@ Read the docs for the [Workers oAuth Provider Library](https://github.com/cloudf
126
126
127
127
If your application already implements an Oauth Provider itself, or you use [Stytch](https://stytch.com/), [Auth0](https://auth0.com/), [WorkOS](https://workos.com/), or authorization-as-a-service provider, you can use this in the same way that you would use a third-party OAuth provider, described above in (2).
128
128
129
-
You can use the auth provider to:
129
+
You can use the auth provider to:
130
130
- Allow users to authenticate to your MCP server through email, social logins, SSO (single sign-on), and MFA (multi-factor authentication).
131
131
- Define scopes and permissions that directly map to your MCP tools.
132
132
- Present users with a consent page corresponding with the requested permissions.
133
133
- Enforce the permissions so that agents can only invoke permitted tools.
134
134
135
135
#### Stytch
136
-
Get started with a [remote MCP server that uses Stytch](https://stytch.com/docs/guides/connected-apps/mcp-servers) to allow users to sign in with email, Google login or enterprise SSO and authorize their AI agent to view and manage their companys OKRs on their behalf. Stytch will handle restricting the scopes granted to the AI agent based on the users role and permissions within their organization. When authorizing the MCP Client, each user will see a consent page that outlines the permissions that the agent is requesting that they are able to grant based on their role.
136
+
Get started with a [remote MCP server that uses Stytch](https://stytch.com/docs/guides/connected-apps/mcp-servers) to allow users to sign in with email, Google login or enterprise SSO and authorize their AI agent to view and manage their company's OKRs on their behalf. Stytch will handle restricting the scopes granted to the AI agent based on the user's role and permissions within their organization. When authorizing the MCP Client, each user will see a consent page that outlines the permissions that the agent is requesting that they are able to grant based on their role.
137
137
138
138
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/ai/tree/main/demos/mcp-stytch-b2b-okr-manager)
139
139
@@ -148,7 +148,7 @@ To set it up, first deploy the protected API endpoint:
148
148
149
149
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-auth0/todos-api)
150
150
151
-
Then, deploy the MCP server that handles authentication through Auth0 and securely connects AI agents to your API endpoint.
151
+
Then, deploy the MCP server that handles authentication through Auth0 and securely connects AI agents to your API endpoint.
152
152
153
153
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-auth0/mcp-auth0-oidc)
![hyperlint-ai[bot]](https://avatars.githubusercontent.com/in/718456?v=4&size=40){kind=avatar}
0 commit comments