Let's fix oauth in mcp

aaronparecki.com/2025/04/03/15/oauth-fo..., by Aaron Parecki, April 3, 2025

Aaron Parecki's thoughts on fixing OAuth in MCP, where he walks through a bunch of OAuth flows. I'll quote the last bit which makes it clear how this impacts LLM usage:

The problem is only made worse with the explosion of AI tools. Every AI tool will need access to data in every other application in the enterprise. That is a lot of OAuth consent flows for the user to manage. Plus, the user shouldn't really be the one granting consent for Slack to access the company Google Docs account anyway. That consent should ideally be managed by the enterprise IT admin.

What we actually need is a way to enable the IT admin to grant consent for apps to talk to each other company-wide, removing the need for users to be sent through an OAuth flow at all.

This is the basis of another OAuth spec I've been working on, theΒ Identity Assertion Authorization Grant.

The same problem applies to MCP Servers, and with the separation of concerns laid out above, it becomes straightforward to add this extension to move the consent to the enterprise and streamline the user experience.

Notes mentioning this note