OAuth2 Authentication

Add OAuth2 authentication as an alternative to Bearer Token for secured MCP servers and APIs.

Modern MCP servers and APIs increasingly rely on OAuth2 for secure access using short lived, scoped access tokens instead of static credentials. Supporting OAuth2 would allow monitors to authenticate through standardized token flows rather than long lived bearer secrets.

Benefits this unlocks for users:

• OAuth enables delegated access, allowing clients to access protected resources without exposing user credentials or long lived static tokens.

• Access is time limited and revocable. Tokens issued via OAuth can expire and be revoked, reducing risk if compromised compared to static bearer tokens.

• Fine grained permissions and scoped access make it possible to request only the permissions needed for monitoring instead of granting broad access.

• User credentials are never shared or stored. Only tokens are used, minimizing exposure of sensitive data.

• Integration with modern identity providers, enterprise SSO, and external authentication systems becomes straightforward, improving interoperability with real world production environments.

Suggested design and implementation notes:

• OAuth support should cover standard HTTP based MCP transports, since OAuth inherently operates over HTTP, similar to how other clients expose OAuth support.

• OAuth should be offered as an optional authentication mode alongside Bearer Token to avoid breaking existing setups.

• Token storage and automatic refreshing should be supported, including access and refresh tokens, to enable long lived monitoring without manual intervention.