MCP Authorization Review Stack
Source-backed collection for reviewing OAuth-backed and remote MCP servers: protected resource metadata, token audience checks, least-privilege scopes, config privacy, local tool access, and interactive server inspection.
Open the source and read safety notes before installing.
Safety notes
- This collection is a review workflow, not a guarantee that a remote MCP server is safe to connect to production accounts.
- Run write-capable, billing-capable, or deletion-capable MCP tools only in sandboxed accounts until scopes and confirmations are reviewed.
- Keep dynamic server inspection separate from source review; both can miss different failure modes.
Privacy notes
- Authorization metadata, issuer URLs, scopes, endpoint domains, tool names, and inspection traces can expose account architecture.
- Do not publish tokens, client secrets, refresh tokens, tenant identifiers, private endpoint URLs, or captured tool responses.
Prerequisites
- Remote or local MCP server endpoint, transport, authorization mode, and source repository.
- Scope map for account-backed tools and a list of write-capable operations.
- Test account or sandbox environment for inspection when the server can mutate data.
Schema details
- Install type
- copy
- Troubleshooting
- No
- Items
- 7 entries
- Estimated setup
- 60 minutes
- Difficulty
- intermediate
Full copyable content
Start with protected resource metadata, run an auth audit prompt, inspect the server surface, then apply local access and hardening rules before approval.About this resource
What this collection covers
This stack gives maintainers and AI coding agents a repeatable path for MCP authorization review. It combines source-backed guides, a review agent, an audit command, local access rules, hardening guidance, and an official inspection tool.
The collection is intentionally review-first. It does not say a server is safe because it has OAuth. It asks whether the OAuth boundary is specific, narrow, discoverable, and aligned with the MCP tools exposed to the user.
Review order
- Use the protected resource metadata guide to identify the MCP resource, authorization server, and advertised metadata.
- Apply the token audience checklist to confirm tokens are minted for the expected MCP resource and not reused across unrelated services.
- Ask the authorization boundary review agent for a concise accept, close, or manual-review recommendation.
- Run the MCP auth audit command against source, docs, and config snippets.
- Apply local tool access rules to decide whether file, shell, browser, or credential behavior is acceptable.
- Use MCP server security hardening guidance for runtime isolation and least privilege.
- Inspect the server with MCP Inspector only in a sandboxed environment when dynamic behavior needs confirmation.
Good fit
- Remote MCP servers with OAuth-backed account access.
- Local MCP servers that proxy to third-party APIs.
- Tool surfaces that include write, publish, delete, billing, or admin actions.
- Review workflows where public source evidence and private credential details need to stay separate.
Not enough by itself
- Malware scanning, dependency review, or binary/package trust.
- Legal review of third-party data-processing terms.
- Production incident response for an already-connected MCP server.
- Approval of broad account scopes without sandbox testing.
References
- MCP authorization specification - https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
- OAuth 2.0 Resource Indicators - https://www.rfc-editor.org/rfc/rfc8707
- OAuth 2.0 Protected Resource Metadata - https://www.rfc-editor.org/rfc/rfc9728
Source citations
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.