Descope and Model Context Protocol (MCP)
The Model Context Protocol (MCP) is an emerging open standard developed by Anthropic that allows AI agents and large language models (LLMs) to discover and securely communicate with remote services.
As MCP expands to support remote deployments across the internet, robust authentication and authorization capabilities for MCP servers and clients are becoming more and more critical.
This guide explains how Descope can be used to implement secure and standards-based authentication and authorization for MCP—both from the perspective of building an MCP server and creating MCP clients.
About MCP
MCP defines how agents and tools can interact with services through a standardized, secure interface.
Originally built for local interprocess communication, MCP has evolved to support networked environments via HTTP, Server-Sent Events (SSE), and structured messaging formats. This shift introduces new security concerns that must be addressed when exposing MCP servers publicly.
The MCP specification encourages the use of OAuth 2.1 for authenticating and authorizing these interactions, allowing for consistent access control based on scopes and dynamic client registration.
To learn more about MCP and its authentication model, refer to the following resources:
Why Use Descope with MCP
Descope offers several integration paths for MCP developers looking to secure their infrastructure:
- Protect your MCP server with Descope by using Inbound Apps, which expose fully managed OAuth 2.1 authorization endpoints and hosted consent flows.
- Manage access tokens to other OAuth-protected MCP servers on behalf of your MCP client using Outbound Apps.
Outbound Apps can also be used within an MCP server to obtain OAuth tokens for third-party APIs, enabling the construction of rich tools that integrate with external systems such as Google Calendar, Salesforce, and Slack.
Protecting Your MCP Server with OAuth
As MCP servers become accessible over the internet, robust authentication and authorization are critical to ensuring that only trusted agents—representing real users or tenants—can access or invoke tools.
The Model Context Protocol authorization spec is built on OAuth 2.1, which enables:
- Verifying the identity of requesting clients
- Issuing scoped access tokens
- Collecting user consent
- Supporting token revocation and refresh
Rather than building all of this yourself, Inbound Apps give you a fully managed OAuth 2.1 provider layer that integrates seamlessly with your MCP server.
Descope offers two ways to use Inbound Apps in your server:
Use the MCP Express SDK (Recommended for Node.js)
If you are building your MCP server with Node.js and Express, the @descope/mcp-express SDK provides everything you need to integrate with Inbound Apps quickly and securely.
This SDK wraps the Inbound App functionality and exposes:
- OAuth 2.1 metadata endpoints
- Authorization and token exchange routes (with PKCE)
- Dynamic client registration
- Middleware for validating and enforcing scopes on protected routes
Although it provides Express middleware out of the box, the SDK is primarily a convenience layer that configures and connects your Express-powered MCP server to Descope Inbound Apps with minimal boilerplate.
→ Get Started with the MCP Express SDK
Use Inbound Apps Directly
If you are building on a non-Express platform or serverless infrastructure, you can integrate with Descope Inbound Apps directly using standard OAuth 2.1 endpoints.
Inbound Apps allow your MCP server to:
- Delegate OAuth flows and token issuance to Descope
- Present hosted login and consent screens
- Enforce scope-based access using validated JWTs
- Register clients dynamically according to the MCP spec
This is ideal for teams who want to quickly add standards-based authorization without managing any of the underlying OAuth infrastructure themselves.
To see a code example of this, visit our sample app here.
→ Learn more about Inbound Apps
Connecting Multiple MCP Servers to a Single MCP Client
As MCP adoption increases, you may want to allow your MCP client (e.g., an AI agent interface) to connect with multiple remote MCP servers—such as services for scheduling, document generation, or CRM access.
Descope Outbound Apps can be used to manage all OAuth connections from the MCP client to these various remote servers.
Features of this approach include:
- One-time user consent and connection to each MCP server
- Secure storage of access and refresh tokens (per user or tenant)
- Automatic token refresh management
- Support for multiple tokens per user or tenant, each with different scopes
- Progressive scoping to allow additional permissions to be granted later
This model allows you to build highly flexible, secure clients that work across a variety of services and organizations, with Descope managing the OAuth infrastructure behind the scenes.
→ Learn more about Outbound Apps
Tool Calling: Connecting to External APIs from Within an MCP Server
MCP servers often expose tools that make external API calls on behalf of users. If these external APIs are OAuth-protected (e.g., Google APIs, Microsoft Graph), you can use Descope Outbound Apps to manage access tokens within your MCP server.
This enables your tools to:
- Prompt for OAuth consent via Descope flows
- Store and retrieve tokens tied to users or tenants
- Perform secure, scoped actions via third-party APIs
Example use cases include:
- A calendar scheduling tool that connects to Google Calendar
- A meeting assistant tool that creates Zoom meetings
- A document generation tool that updates content in Google Docs
By offloading token handling to Descope, you simplify your MCP server's architecture and improve security.
Example Projects and Deployment Scenarios
To help you get started, Descope provides several example MCP projects that demonstrate different deployment models and integration patterns:
| Project Type | Description | Link |
|---|---|---|
| Remote Weather MCP Server | Uses Inbound Apps to secure an Express-based SSE server | Example |
| Cloudflare Worker MCP Server | Serverless deployment using Inbound Apps for token management | Coming soon |
| Local MCP Server with Management Key | Legacy method using Descope Management Key (not recommended for production) | Example |
Next Steps
Explore the documentation and examples linked above to start integrating Descope with your MCP projects. Whether you are building MCP servers, clients, or AI tooling platforms, Descope provides the necessary components to build secure, flexible authentication and authorization for your MCP implementation.
For more advanced support, reach out to the Descope team through our support channels or join our AuthTown community directly!