Protect an application
This section takes one MCP server from unprotected to launched: every tool call requires a valid OAuth token with the right scopes, and admins control access from the dashboard without touching your code. Budget ~15 minutes for a first pass.
Before you start
- A workspace on https://mcpauthz.com
- An MCP server (or any HTTP API) with a public URL — for local development, an ngrok tunnel works (local development)
The path
Each step is one page, one dashboard tab, one decision:
| Step | Page | You decide |
|---|---|---|
| 1 | Register an application | Name, public URL, protected path, scope vocabulary |
| 2 | Set up the environment and SDK | Credentials, env vars, and the mount_mcp wiring |
| 3 | Run the protection test | Eight checks that show exactly where your setup stands |
| 4 | Tool inventory | How AuthSec learns your tool list (manifest or scan) |
| 5 | Define scopes | The permission vocabulary |
| 6 | Map tools to scopes | Which scope gates each tool — deny by default |
| 7 | Access policy & default role | Who gets which role, and what a new caller receives |
| 8 | Launch | Flip enforcement on |
| 9 | Clients and connections | Who may call: DCR, CIMD, pre-registered |
| 10 | Monitor | Watch drift and runtime after launch |
In a hurry? From zero to launched is the same path condensed to one page. Prefer code-first? Protect your MCP server (Python) walks the identical flow from the SDK side.
What you'll have at the end
- Unauthenticated calls → 401 with a
WWW-Authenticatechallenge that tells agents where to authenticate - Valid token, missing scope → 403
insufficient_scopefor that tool - Valid token, granted scope → the tool runs — and
tools/listis filtered to what the caller may see - Policy changes propagate to your running server in ~30 seconds, no redeploy
Then: nothing can call it yet
Launching enforces policy — it doesn't hand out tokens. The next section onboards your callers:
→ Connect agents and services — service accounts (client secret, private-key JWT, Kubernetes/SPIFFE) and AI agents acting on behalf of users (ID-JAG).