Skip to content

Implement SEP-1046: OAuth Client Credentials Flow (Extension) #522

New issue
New issue
Open
#707
Open
Implement SEP-1046: OAuth Client Credentials Flow (Extension)#522
#707
Labels
P2Medium: important but non-blocking improvementT-securitySecurity-related changesenhancementNew feature or request
@felixweinberger

Description

@felixweinberger
felixweinberger
opened on Nov 7, 2025

This is a tracking issue for implementation of SEP-1046.

Summary

This SEP adds the OAuth client credentials flow to the MCP authorization specification as an extension to enable machine-to-machine scenarios where end-users are unavailable for interactive authorization. The Rust SDK needs to implement support for JWT Assertions as defined in RFC 7523 for asymmetric authentication, and optionally client secrets via HTTP Basic authentication for maximum compatibility with existing enterprise systems. As an extension, this feature is opt-in and requires explicit support from both clients and servers through capability advertisement.

Related Issues & PRs

  • Implementation PRs: n/a
  • Related PRs: n/a
  • Related Issues: n/a

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Medium: important but non-blocking improvementT-securitySecurity-related changesenhancementNew feature or request

    Type

    No type

    Projects

    2025-11-25 Implementation

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions