Zero-Touch OAuth for MCP
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Zero-Touch OAuth for MCP is a novel, actionable protocol for AI agent authentication, directly relevant to agent orchestration.
The Enterprise-Managed Authorization (EMA) extension for MCP is now stable, enabling organizations to centrally manage server access through their identity provider (IdP) like Okta. Users authenticate once via SSO and receive an Identity Assertion JWT Authorization Grant (ID-JAG) from the IdP, which is exchanged for an access token without per-server consent prompts. Early adopters include Anthropic (Claude, Claude Code, Cowork), Microsoft (VS Code), and server providers like Asana, Atlassian, Canva, and Figma.
Paul Carleton (Core Maintainer)