The MCP authorization spec - OAuth Tutorial

- Most of the meaningful stuff we do online is done in a way where you control your account and you have to make sure other people cannot control the account. When we have MCP servers acting on, allow LLMs to act on our behalf, we need to ensure that they have access to those services, but we need to ensure that they're doing it in a secure way. MCP has an authorization spec. As you can see on this page, it is still in draft, but it is already being implemented quite broadly. And the authorization spec is based on existing authorization standards that make sense. They are set up for OAuth 2.0 and 2.1, which is the standard way of authorizing pretty much everything and the authorization spec supports things like third-party authorization. You know, when you go to a website and you can log into the website through Google, or GitHub, or some other third party, you can set up your MCP servers to use those type of authorization specs. That way, when a user comes in, they don't have to set…