Docs Local Kubernetes Blog Enterprise Community Get Started GitHub

MCP authorization

Attach to:

Backend
(MCP Backends only)

The MCP authorization Authorization (AuthZ) The process of determining what actions an authenticated user or service is allowed to perform. Agentgateway supports HTTP authorization, MCP authorization, and external authorization services. policy works similarly to HTTP authorization, but runs in the context of an MCP request.

Note

This policy works only for MCP traffic. Note that all standard HTTP policies also apply to MCP traffic.

Instead of running against an HTTP request, MCP authorization policies run against specific MCP method invocations such as list_tools and call_tools.

If a tool, or other resource, is not allowed it will automatically be filtered in the list request.

mcpAuthorization:
  rules:
  # Allow anyone to call 'echo'
  - 'mcp.tool.name == "echo"'
  # Only the test-user can call 'add'
  - 'jwt.sub == "test-user" && mcp.tool.name == "add"'
  # Any authenticated user with the claim `nested.key == value` can access 'printEnv'
  - 'mcp.tool.name == "printEnv" && jwt.nested.key == "value"'

Refer to the CEL reference for allowed variables.

MCP authentication