Skip to content

[Auth] OAuth proxy / DCR facade for non-DCR providers (e.g. Entra ID + Claude Code) #1446

New issue
New issue
Open
Open
[Auth] OAuth proxy / DCR facade for non-DCR providers (e.g. Entra ID + Claude Code)#1446
Labels
enhancementNew feature or request
@loekensgard

Description

@loekensgard
loekensgard
opened on Mar 18, 2026

Is your feature request related to a problem? Please describe.

Securing an MCP server with Entra ID is not workable when the connecting client is Claude Code. Entra ID doesn't support Dynamic Client Registration, and Claude Code has no app registration and no client_metadata_document_uri to offer, so there's no client_id to present and no supported registration path. Claude Code simply can't authenticate against an Entra-backed MCP server today.

This is distinct from #648 / PR #1402, which fix the resource= parameter bug for clients that already have a pre-registered client_id. That fix is necessary but not sufficient: our problem is upstream of it.

Describe the solution you'd like

A server-side OAuth proxy / DCR facade in ModelContextProtocol.AspNetCore, similar to what FastMCP (Python) ships as OAuthProxy / OIDCProxy. At a high level it would:

  1. Present a DCR-compliant surface to MCP clients: handle POST /register and return pre-registered credentials rather than attempting real DCR against the upstream provider
  2. Handle callback forwarding: store the MCP client's dynamic redirect URI, use the server's fixed redirect URI with the upstream provider, and forward back to the client after token exchange
  3. Issue its own short-lived JWTs to MCP clients rather than forwarding the upstream token (token factory pattern), preventing token passthrough
  4. Encrypt and store upstream tokens server-side using IDataProtector and IDistributedCache
  5. Support OIDC discovery: Entra exposes /.well-known/openid-configuration, so endpoints should be auto-discoverable rather than manually configured

Describe alternatives you've considered

  • External sidecar proxy (e.g. mcp-auth-proxy): works, but adds ops complexity with no idiomatic .NET integration
  • Use a DCR-capable AS (Auth0, WorkOS): viable, but forces a third-party IdP dependency on teams already standardised on Entra
  • Pre-registration + surfacing client_id in PRM: only works for clients that support pre-registration or CIMD; Claude Code supports neither

Additional context

FastMCP's implementation is a useful reference for the security design: it includes confused deputy mitigation via state cookie binding, PKCE validation at both the client-to-proxy and proxy-to-upstream legs, and a token factory that ensures upstream tokens are never exposed to MCP clients.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions