Frequently Asked Questions

General Questions

Q: Do I need to modify my existing tools significantly? A: No! Just add the @protected_by_AuthSec decorator. Minimal changes required.

Q: What happens if a user loses their JWT token? A: They simply re-authenticate by calling oauth_start again. The entire process takes less than 30 seconds.

Q: Can I use my own OAuth provider? A: Absolutely! AuthSec SDK works with any OAuth 2.0 provider (Google, GitHub, Custom Logon, etc.).

Security & Performance

Q: How does RBAC validation actually work? A: User roles/scopes from JWT are validated against your tenant database. Access is granted only if they exist in both places.

Q: Are credentials really secure? A: Yes. Credentials are stored in HashiCorp Vault, never in your code. They're fetched on-demand and never exposed to end users.

Q: What's the performance impact? A: Minimal. AuthSec SDK uses connection pooling and caching. Typical validation overhead is <5ms per request.

Development & Testing

Q: Can I test this locally? A: Yes! You can run your MCP server locally using AuthSec SDK locally for testing as well.

Q: What about compliance and audit logs? A: All authentication and tool access is logged. Audit logging features are available on the AuthSec Dashboard

Support

If you have additional questions, feel free to:

Email us at support@authsec.dev
Visit our documentation at docs.authsec.dev
Check our GitHub repository at github.com/authsec-ai/sdk-authsec

General Questions​

Security & Performance​

Development & Testing​

Support​

General Questions

Security & Performance

Development & Testing

Support