OAuth mode is an authentication option for service accounts where the MCP server validates tokens using JSON Web Key Set (JWKS) from an external OAuth or OpenID Connect provider. This mode is designed for enterprise deployments that require integration with identity providers and support for separate service account and user tokens.

The following example shows how to configure OAuth mode for service account authentication:
{
  "service_account": {
    "enabled": true,
    "mode": "oauth",
    "header": "X-OEMCP-SERVICEACCOUNT",
    "prefix": "Bearer ",
    "issuer": "https://auth.example.com/realms/myapp",
    "jwks_uri": "https://auth.example.com/realms/myapp/certs",
    "algorithms": ["RS256"],
    "required_scopes": ["service.access"]
  },
  "user_auth": {
    "enabled": true,
    "header": "Authorization",
    "prefix": "Bearer "
  }
}

OAuth authentication modes

OAuth-based authentication provides flexibility for integrating MCP with external identity providers and enabling Single Sign-On. These modes allow secure token validation and forwarding to downstream APIs.

The supported OAuth modes and patterns are:
  • OAuth SSO mode—When sso_mode=true, the server automatically:
    • Forces mode="oauth"
    • Sets the header to Authorization
    • Applies the prefix Bearer
    • Sets user_auth.enabled: false because the service account token is used for both authentication and authorization.
    • Exposes the OAuth RFC 9728 protected resource metadata endpoint automatically.
    • Includes the resource_metadata parameter in WWW-Authenticate headers for enhanced client discovery.
    These actions enable seamless Single Sign-On where the same OAuth token validates MCP access and is forwarded to downstream APIs. Use this mode when MCP clients already have valid OAuth tokens from external providers. The following example shows how to configure OAuth SSO mode for service account authentication:
    {
  "service_account": {
    "enabled": true,
    "mode": "oauth",
    "header": "Authorization",
    "prefix": "Bearer ",
    "issuer": "https://auth.example.com/realms/myapp", 
    "jwks_uri": "https://auth.example.com/realms/myapp/certs",
    "algorithms": ["RS256"],
    "audience": "mcp-server-api",
    "required_scopes": ["api.access"],
    "advertised_scopes": ["api.read", "api.write"],
    "sso_mode": true,
    "bearer_methods_supported": ["header"],
    "require_metadata_on_401": true,
    "resource_documentation": "https://docs.example.com/api",
    "authorization_servers": ["https://auth.example.com/realms/myapp"]
  },
  "user_auth": {
    "enabled": false
  }
}
  • OAuth2 proxy mode (delegated authentication)—When mode="oauth" with client_id and client_secret configured, the server acts as an OAuth2 authorization server implementing Authorization Code and PKCE flow while delegating user authentication to external identity providers such as Keycloak, Azure AD, or AWS Cognito. Use this mode when MCP clients need to obtain OAuth tokens through the MCP server.
  • Individual modes:—You can use either of these modes:
    • SSO only—MCP client brings an existing OAuth token, which the server validates and forwards.
    • Proxy only—MCP client obtains an OAuth token from the MCP server without downstream forwarding.

OAuth2 endpoints and metadata

The OAuth2 proxy endpoints are automatically installed when proxy mode is active. The following table lists the OAuth2 proxy endpoints and their purpose:
Proxy endpoint Purpose
GET /authorize Starts the OAuth2 authorization flow and redirects to the external provider
POST /token Exchanges the authorization code for an access token and validates PKCE
GET /oauth/callback Handles the callback from the external OAuth provider after user authentication
The MCP server publishes metadata endpoints to comply with OAuth2 and resource protection standards. These endpoints help clients discover authorization servers and resource details automatically. The following table lists the discovery and metadata endpoints:
Metadata endpoint Standard Exposure condition Purpose
/.well-known/oauth-authorization-server RFC 8414 Exposed automatically when OAuth2 proxy mode is active Provides OAuth2 server metadata, including authorization and token endpoints, supported grant types (authorization_code), response types (code), and PKCE code challenge methods (S256, plain).
/.well-known/oauth-protected-resource RFC 9728 Exposed only when service account authentication is enabled Provides protected resource metadata, including authorization servers, supported scopes, bearer methods, and other compliance details for OAuth client discovery.

When authentication fails, the MCP server provides additional metadata in the response to guide clients in obtaining valid credentials. If require_metadata_on_401=true, which is the default value, all 401 responses include a WWW-Authenticate header with the Bearer realm and a resource_metadata parameter pointing to the protected resource metadata endpoint. This helps clients discover the correct OAuth configuration.

OAuth2 authentication patterns

OAuth2 integration patterns define how the server interacts with external identity providers and manages token validation and forwarding. Each pattern includes configuration examples, flow descriptions, and security considerations.
  • External OAuth flow (SSO mode only)—Used when client applications already have OAuth integration with an enterprise identity provider. The MCP server validates the token and forwards it to downstream APIs. The following example shows how to configure external OAuth flow:
    {
  "service_account": {
    "enabled": true,
    "mode": "oauth",
    "sso_mode": true,
    "issuer": "http://localhost:8082/realms/mcp",
    "jwks_uri": "http://localhost:8082/realms/mcp/protocol/openid-connect/certs",
    "audience": "mcp-client",
    "algorithms": ["RS256"],
    "required_scopes": ["mcp_access"]
    
  }
}
    Note: The configuration provided in the example does not include client_id or client_secret. As a result, OAuth endpoints are not provided by the MCP server in this pattern.
    These steps explain how the external OAuth flow works:
    1. Client obtains OAuth token directly from Keycloak or Azure.
    2. Client uses token to call MCP server tools.
    3. MCP server validates token through JWKS and executes tools.
    4. MCP server forwards the same token to downstream APIs.
  • MCP server OAuth flow (standard pattern)—Simplifies client OAuth integration by allowing the MCP server to handle identity provider-specific details. The following example shows how to configure MCP server OAuth flow:
    {
  "service_account": {
    "enabled": true,
    "mode": "oauth",
    "sso_mode": true,
    "issuer": "http://localhost:8082/realms/mcp",
    "jwks_uri": "http://localhost:8082/realms/mcp/protocol/openid-connect/certs",
    "client_id": "mcp-client",
    "client_secret": "your-client-secret-here",
    "audience": "mcp-client", 
    "algorithms": ["RS256"],
    "required_scopes": ["mcp_access"],
    "advertised_scopes": ["openid", "profile", "email", "mcp_access"]
  }
}
    These steps explain how the flow works:
    1. The client initiates the OAuth process through the MCP server by calling the /authorize endpoint and then the /token endpoint.
    2. The MCP server delegates user authentication to an external identity provider such as Keycloak or Azure.
    3. After successful authentication, the client receives an external provider token from the MCP server.
    4. The client uses this token to call MCP server tools.
    5. The MCP server validates the token and executes the requested tools.
    6. Finally, the MCP server forwards the same token to downstream APIs for further processing.
  • Standard OAuth2 pattern (proxy and SSO combined)—Most deployments use both features together. This pattern works as follows:
    • Set sso_mode to true to forward the same token to downstream APIs.
    • Configure client_id and client_secret to provide OAuth endpoints for MCP clients.
    This configuration allows the MCP client to obtain an OAuth token from the MCP server, use the token for MCP calls, and forward the same token to downstream APIs.

PKCE flow for secure OAuth2 authentication

The MCP server implements the OAuth2 authorization code flow with Proof Key for Code Exchange (PKCE) to secure authentication for public clients such as browser-based MCP clients. PKCE adds cryptographic proof to prevent interception attacks by ensuring that the client initiating the authorization request is the same client exchanging the authorization code for tokens.

PKCE strengthens the OAuth2 authorization code flow by adding a code challenge and verifier mechanism. This prevents attackers from using intercepted authorization codes. Here is the PKCE security flow sequence:
  1. The user initiates the process through the MCP client, which interacts with the MCP server and the identity provider.
  2. During the discovery step, the client communicates with the MCP server to retrieve OAuth2 metadata from the /.well-known/oauth-authorization-server endpoint.
  3. In the authorization step, the client sends an authorization request to the identity provider that includes a code_challenge.
  4. The identity provider responds by returning an authorization code to the client in the callback step.
  5. For token exchange, the client sends the authorization code along with the code_verifier to the MCP server at the /token endpoint.
  6. For the backend exchange, the MCP server uses its client_secret to exchange the code with the identity provider and obtain tokens.
  7. Finally, the client uses the issued token to call MCP server APIs by including the Authorization: Bearer header in its requests.

The sequence diagram shows the steps involved in the PKCE flow, including discovery, authorization, callback, token exchange, backend exchange, and API calls. It highlights how the MCP client and MCP server interact with the identity provider to complete the OAuth2 Authorization Code flow securely.

The following table lists the architecture roles and their responsibilities in the PKCE flow:
Role Description
Identity provider (Keycloak or Azure AD) Acts as the authentication server and verifies user credentials.
OpenEdge MCP server
  • Acts as an OAuth2 authorization server that delegates user authentication to external identity providers
  • Manages the OAuth2 flow
  • Issues tokens
  • Enforces scopes
MCP client Acts as the OAuth2 client, initiates the flow, receives tokens, and makes API calls.
The following table lists the PKCE parameters and their descriptions:
Parameter Description
code_challenge A SHA256 hash of a random code_verifier sent in the authorization request.
code_verifier A random string of 43 to 128 characters sent during token exchange.
code_challenge_method Specifies the hashing method used for the challenge. The recommended value is S256 for SHA256 hashing, which is more secure than plain.
PKCE provides the following security benefits:
  • Public client security without requiring a client secret.
  • Protection against authorization code interception attacks.
  • Cryptographic binding between the authorization request and token exchange.

Token exchange pattern for PAS for OpenEdge integration

The MCP server uses token exchange to integrate with Progress Application Server (PAS) for OpenEdge back-end systems. Token exchange allows the server to replace an inbound user token with a PAS for OpenEdge-scoped token that has different claims, a shorter lifetime, and limited scopes. This approach enforces the principle of least privilege and improves security for downstream API calls.

The following table describes the components involved in token exchange pattern:
Component Description
OpenEdge MCP server Acts as a token exchange server. It receives the user token and exchanges it for a PAS for OpenEdge-scoped token.
PAS for OpenEdge SSO/Identity service Provides an external token exchange endpoint that issues PAS for OpenEdge-compatible tokens.

The sequence diagram shows the steps involved in token exchange pattern flow:

The token exchange process follows these steps:
  1. The client sends a service account token in the X-OEMCP-SERVICEACCOUNT header and a user token in the Authorization header.
  2. The MCP server validates the service account token for MCP access.
  3. The MCP server extracts the user token and sends it to the PAS for OpenEdge token exchange endpoint.
  4. The PAS for OpenEdge identity service validates the user token and returns a PAS for OpenEdge-scoped access token.
  5. The MCP server uses the exchanged token to call PAS for OpenEdge downstream APIs.
  6. The MCP server returns the tool results to the client.
The following example shows how to configure token exchange mode for PAS for OpenEdge integration:
{
  "service_account": {
    "enabled": true,
    "mode": "token",
    "header": "X-OEMCP-SERVICEACCOUNT",
    "public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
    "required_scopes": ["mcp_access"]
  },
  "user_auth": {
    "enabled": true,
    "mode": "token", 
    "header": "Authorization",
    "prefix": "Bearer ",
    "token_exchange": {
      "enabled": true,
      "url": "https://pasoe-server.example.com:8810/oeabl/web/identity/token",
      "method": "POST",
      "timeout_ms": 5000,
      "headers": {
        "Accept": "application/json",
        "Content-Type": "application/json",
        "Authorization": {
          "env": "TOKEN_EXCHANGE_LOGIN_TOKEN",
          "prefix": "OECP "
        }
      },
      "body": {
        "mode": "json",
        "field": "token",
        "include_prefix": false
      },
      "response": {
        "type": "json",
        "json_path": "access_token"
      }
    }
  }
}
Token exchange in PAS for OpenEdge provides the following security benefits:
  • Principle of least privilege—PAS for OpenEdge receives tokens that contain only the necessary scopes and audience, ensuring minimal permissions for backend operations.
  • Reduced token lifetime—Exchanged tokens are issued with a shorter expiration period, which limits the time window for potential misuse in backend systems.
  • Audience isolation—PAS for OpenEdge tokens are scoped specifically for backend systems, preventing their use in unintended contexts or external services.
  • Fail-closed security—If the token exchange process fails, the request is aborted and does not fall back to the original token, maintaining strict security controls.
For more information about key guidelines for implementing token exchange for downstream services, see Token exchange for downstream services.