Skip to content

Adding Client Credentials & Token Exchange Grant Types to Auth #882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 31 commits into
base: main
Choose a base branch
from

Conversation

SoldierSacha
Copy link

@SoldierSacha SoldierSacha commented Jun 4, 2025

Motivation and Context

#881

In addition to adding the Client Credentials grant (from the issue linked above), I've also gone on to add the Token Exchange grant.

Reasoning for Token Exchange: Since the client credentials grant is for machine-to-machine authorization, I realized that there are times where the client machine (acting as an MCP Client) might have to make requests on behalf of an end-user to the MCP Server. With that being said, in the current implementation, this did not exist because there was no way to securely identify the end-user.

Now it does through Token Exchange.

How Has This Been Tested?

Added test cases (all pass), and also currently using in my own mcp server and client. Everything is working as intended.

Breaking Changes

None

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

No

@SoldierSacha
Copy link
Author

@SoldierSacha
Copy link
Author

@Kludex @pcarleton

@SoldierSacha SoldierSacha changed the title Adding Client Credentials to Auth Adding Client Credentials & Token Exchange Grant Types to Auth Jun 10, 2025
@SoldierSacha
Copy link
Author

Went ahead and updated the PR to also support the Token Exchange grant type (in addition to Client Credentials).

This is ready to be merged!! This PR is a huge win for this community.

@dsp-ant @jspahrsummers @calclavia @nick-merrill @jerome3o-anthropic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant