Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

MCP authentication

Attach to:

Backend
(MCP Backends only)

MCP authentication enables OAuth 2.0 protection for MCP servers, helping to implement the MCP Authorization specification. Agentgateway can act as a resource server, validating JWT tokens and exposing protected resource metadata.

Note

This policy works only for MCP traffic. Note that all standard HTTP policies also apply to MCP traffic.

There are three deployment scenarios.

Authorization Server Proxy

Agentgateway can adapt traffic for authorization servers that don’t fully comply with OAuth standards. For example, Keycloak exposes certificates at a non-standard endpoint.

In this mode, agentgateway:

  • Exposes protected resource metadata on behalf of the MCP server
  • Proxies authorization server metadata and client registration
  • Validates tokens using the authorization server’s JWKS
  • Returns 401 Unauthorized with appropriate WWW-Authenticate headers for unauthenticated requests
mcpAuthentication:
  issuer: http://localhost:7080/realms/mcp
  jwks:
    url: http://localhost:7080/protocol/openid-connect/certs
  provider:
    keycloak: {}
  resourceMetadata:
    resource: http://localhost:3000/mcp
    scopesSupported:
    - read:all
    bearerMethodsSupported:
    - header
    - body
    - query
    resourceDocumentation: http://localhost:3000/stdio/docs
    resourcePolicyUri: http://localhost:3000/stdio/policies

Resource Server Only

Agentgateway acts solely as a resource server, validating tokens issued by an external authorization server.

mcpAuthentication:
  issuer: http://localhost:9000
  jwks:
    url: http://localhost:9000/.well-known/jwks.json
  resourceMetadata:
    resource: http://localhost:3000/mcp
    scopesSupported:
    - read:all
    bearerMethodsSupported:
    - header
    - body
    - query

Authentication mode

You can control how agentgateway handles requests that lack valid credentials by setting the mode field. The following modes are supported:

ModeBehavior
strict (default)A valid token issued by a configured issuer must be present. Requests without a valid token are rejected with 401 Unauthorized.
optionalIf a token is present, it is validated. Requests without a token are permitted.
permissiveRequests are never rejected based on authentication.

The following example sets the mode to permissive:

mcpAuthentication:
  mode: permissive
  issuer: http://localhost:9000
  jwks:
    url: http://localhost:9000/.well-known/jwks.json
  resourceMetadata:
    resource: http://localhost:3000/mcp
    scopesSupported:
    - read:all

Passthrough

When the MCP server already implements OAuth authentication, no additional configuration is needed. Agentgateway will pass requests through without modification.

External authorizationMCP authorization
Agentgateway assistant

Ask me anything about agentgateway configuration, features, or usage.

Note: AI-generated content might contain errors; please verify and test all returned information.

Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.

Switching topics? Starting a new conversation improves accuracy.
↑↓ navigate select esc dismiss

What could be improved?

Your feedback helps us improve assistant answers and identify docs gaps we should fix.

Need more help? Join us on Discord: https://discord.gg/y9efgEmppm

Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here: https://search.solo.io/.