Great question. The whole MCP thing is super changeable right now, but the security side of things is going to start shaping up really soon (it needs to!). The newer approaches to OAuth that allows for greater "self-discovery" will be interesting if that gets fully adopted.
Some consideration probably needs to be made by folks who are going to provide authenticated services via MCP to agents is around the automated creation of "agentic users". This would likely be similar to how workspace level API tokens are created today to differentiate between humans and machines, but when there's no human in the loop to create it, and perhaps no UI to use, doing this entirely autonomously via MCP tools is going to be necessary.
Right now though, for many services API keys should be at least a minimum requirement, and we've made adding support for that either at the MCP server level, or follow on endpoints (or both) as easy as adding that policy to the route.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great question. The whole MCP thing is super changeable right now, but the security side of things is going to start shaping up really soon (it needs to!). The newer approaches to OAuth that allows for greater "self-discovery" will be interesting if that gets fully adopted.
Some consideration probably needs to be made by folks who are going to provide authenticated services via MCP to agents is around the automated creation of "agentic users". This would likely be similar to how workspace level API tokens are created today to differentiate between humans and machines, but when there's no human in the loop to create it, and perhaps no UI to use, doing this entirely autonomously via MCP tools is going to be necessary.
Right now though, for many services API keys should be at least a minimum requirement, and we've made adding support for that either at the MCP server level, or follow on endpoints (or both) as easy as adding that policy to the route.