The Model Context Protocol (MCP) enables AI agents to connect to diverse data sources, but securing these connections requires rethinking traditional OAuth assumptions. In an open ecosystem where users connect their agents to thousands of arbitrary servers, manual client registration is impractical, and Dynamic Client Registration introduces unacceptable complexity and risk.

This masterclass from the co-author of OAuth 2.1 and key contributor to the MCP Authorization specification offers a deep architectural dive into the November 2025 MCP spec update. We will dissect the architectural concepts required to secure MCP servers and clients. We'll focus on the key differences and challenges MCP brings to the table when leveraging OAuth specifications, discussing OAuth 2.1, Client ID Metadata Documents, Protected Resource Metadata, and more.

We will examine how Client ID Metadata Documents (CIMD) allow clients to bring their own identity via DNS, offering authorization servers more control of which agents are able to connect to their servers. We will also cover the implementation patterns for Protected Resource Metadata (RFC 9728) which allows a user to connect to an MCP server using only a single URL Finally, we will cover the "Enterprise-Managed Authorization" extension (Identity Assertion Authorization Grant), explaining how to architect flows that put the Enterprise IdP back in the driver's seat for AI-driven cross-app access.

This session is designed for architects and developers who need to understand the structural requirements for building enterprise-ready MCP authorization.