GenAI & BeyondConference50min
Securing MCP Servers
This talk explains how to secure Model Context Protocol (MCP)-based LLM applications using OAuth2, clarifying common pitfalls and best practices. It covers MCP's authorization requirements, selecting OAuth2 grant types, handling client initialization, and feature restrictions, demonstrated through a practical implementation with Spring AI and the MCP Java SDK.
Daniel Garnier-MoirouxSpring
talkDetail.whenAndWhere
talks.scheduleTBD
Room 4
talks.roomOccupancytalks.noOccupancyInfo
Model Context Protocol is the de-facto standard for enhancing your LLM applications, providing resources and access to tools. When they are exposed to the public internet, you cannot leave them with open access: you need some level of access control. For that, MCP leverages the popular, but sometimes misunderstood, OAuth2 framework.
Most frameworks and languages have some support for OAuth2. But merely having the tools is not enough for implementing a full end-to-end flow, and you need to get the details right. What type of OAuth2 grant should you use? Can you initialize an MCP Client on app startup, when no user is present? How do you restrict access to certain features for admin only?
In this presentation, you'll learn what the MCP spec has to say about authorization and what it means in practice for your applications, both server and client. We'll work through an actual implementation, using Spring AI and the MCP Java SDK.
Most frameworks and languages have some support for OAuth2. But merely having the tools is not enough for implementing a full end-to-end flow, and you need to get the details right. What type of OAuth2 grant should you use? Can you initialize an MCP Client on app startup, when no user is present? How do you restrict access to certain features for admin only?
In this presentation, you'll learn what the MCP spec has to say about authorization and what it means in practice for your applications, both server and client. We'll work through an actual implementation, using Spring AI and the MCP Java SDK.
Daniel Garnier-Moiroux
Daniel Garnier is a software engineer at Broadcom, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.