authgent
Apache 2.0 · IETF reference impl · production demo

Most MCP servers fail their own OAuth spec.

authgent is an open-source MCP-OAuth scanner — and a full OAuth 2.1 server you can run if you want to fix what it finds. Reference implementation of draft-ietf-oauth-identity-chaining-14 and draft-ietf-oauth-transaction-tokens-08.

Scan your MCP server See the registry Run your own 
# Audit any MCP server's OAuth posture against 10 RFC checks.
$ pip install authgent-server
$ authgent-server lint https://your-mcp-server.example.com

# Or run a complete OAuth 2.1 server in 60 seconds.
$ authgent-server run
Live · refreshed hourly

How major MCP servers grade today

Full registry  →
Server Vendor Grade
Loading…

Two products, one repo

authgent is unusual: it's a scanner you can use without installing anything, plus a full OAuth 2.1 server you can self-host if you want. Pick the side that fits your job.

FOR AUDITORS · BUILDERS · MCP DEVS
The scanner

Paste any MCP URL. Get an A–F grade against RFC 7591, 7636, 8414, 8707, 9207, 9449, 9728. Embed the badge in your README. Wire authgent-server lint into CI.

scan a URL → see the registry → github action →
FOR PLATFORMS · ENTERPRISES · IETF IMPLEMENTERS
The OAuth 2.1 server

Run your own. Multi-hop nested-act chains, signed delegation receipts, DPoP supported (opt-in). Reference impl of two WG-track IETF drafts. Bridges to Auth0/Okta via id_token exchange.

interactive playground → MCP client quickstart → standards report →

What the scanner actually checks

Every check maps to a specific RFC clause or a documented attack class. No opinion-based scoring.

MCP-PRM-001 — RFC 9728 Protected Resource Metadata present + well-formed.
MCP-AS-001 — RFC 8414 Authorization Server Metadata reachable.
MCP-PKCE-001 — PKCE S256 advertised; plain rejected.
MCP-AUD-001 — RFC 8707 Resource Indicators (confused-deputy mitigation).
MCP-ISS-001 — RFC 9207 / SEP-2468 iss on /authorize.
MCP-DCR-MIRROR-001 — Distinct DCR registrations yield distinct client_ids (Obsidian Jan 2026).
MCP-CSRF-001 — Implicit grant response_type=token not advertised.
MCP-REFRESH-001 — Refresh tokens issued with DPoP (RFC 9449) sender-constraint.
MCP-DCR-001 — Dynamic Client Registration (RFC 7591) advertised.

Reference implementation of the IETF agent-OAuth stack

Every spec maps to a file:line in the source — see STANDARDS.md.

draft-ietf-oauth-identity-chaining-14
Cross-domain delegation
draft-ietf-oauth-transaction-tokens-08
Transaction context
RFC 8693
Token Exchange + nested act
RFC 9449
DPoP sender-constrained tokens
RFC 9728
Protected Resource Metadata
RFC 8414
AS Metadata + path-suffix
RFC 9207
iss parameter (MCP SEP-2468)
RFC 8707
Resource Indicators
RFC 7591 / 7636
DCR + PKCE
RFC 7662 / 7009
Introspection + Revocation
MCP 2026-07-28
SEP-2350, 2351, 2352, 2468

Compose with what you already have

Already running Auth0 or Keycloak for human SSO? Bridge into authgent for the agent layer via id_token exchange.

vs Auth0
cost · self-host · agent-native
vs Keycloak
agent semantics · footprint
vs Ory Hydra
two IETF drafts · scanner