The latest version of the Model Context Protocol spec was released on June 18th, 2025. The previous version of the spec, 2024-11-05, did not define an authentication and authorization framework. Subsequent drafts added the requirement of MCP servers being both an OAuth authorization server and a protected resource server, which was a problem. Fortunately, this new stable version of the spec has a much more solid story for how authentication and authorization work in general, and for MCP servers in particular. The whole framework is based on OAuth 2.1.
Since the announcement of MCP support in Grafbase Gateway, we have been working on exposing your GraphQL federated graph to LLMs flexibly, without polluting your context window. This lead to a best-in-class MCP server implementation for GraphQL APIs, but for production workloads and remote MCPs, one crucial piece was missing: authentication and authorization.
Today, we're announcing full support for the 2025-06-18 version of the spec, including all the OAuth features.
Grafbase Gateway fits in the MCP architecture as an MCP server. It is responsible for enforcing access control and acting as an OAuth protected resource by implementing OAuth protected resource metadata (RFC 9728).
The Grafbase MCP server allows you to turn your GraphQL API into a spec-compliant MCP server with efficient management of the context and secure query execution. Access control is enforced for the execute tool, that executes GraphQL requests, just like it would be for any regular GraphQL query issued to the gateway, included operation limits and trusted documents.
Since the new version of the protocol uses HTTP streaming as a default protocol for remote sessions, the headers from the relevant HTTP request are directly passed through the execute tool and the credentials can be conveyed that way.
In a nutshell, previously, the execute tool would act as an unauthenticated, thus limited, client, but now credentials are forwarded and taken into account.
When the Grafbase MCP server acts as an OAuth protected resource, it implements the OAuth 2.0 Protected Resource Metadata specification (RFC 9728), which standardizes how protected resources expose their capabilities and requirements to clients and authorization servers.
As an OAuth protected resource, the Grafbase MCP server also publishes metadata about itself at a well-known URL (.well-known/oauth-protected-resource), including information about:
- Which authorization servers can be used with it
- What scopes it supports
- How clients should present access tokens
It can also dynamically inform clients about its metadata using the WWW-Authenticate HTTP header with a resource_metadata parameter
Implementing OAuth protected resource functionality in your Grafbase MCP server provides several benefits:
- Standardized security: Follows established OAuth 2.0 patterns for secure API access
- Clear authorization boundaries: Well-defined scopes for different MCP operations
- Flexibility: Works with various authorization servers, including your existing identity providers
- Enhanced client integration: Clients can discover capabilities dynamically through metadata
In Grafbase Gateway, authentication and authorization are implemented by extensions, either from the Marketplace of open source extensions or custom built for your needs.
We now give you all the tools you need to make your servers compliant with the MCP spec regarding authorization, with opt-in out-of-the-box, standardized support through two extensions.
- The
oauth-protected-resourceextension allows you to expose the protected resource metadata endpoint without any additional authentication (if you authenticate at the subgraph level for example). See the README for more details. - The
jwtextension now also has built-in support for the protected resource metadata RFC. See the README for the relevant configuration options. - For your own authentication extensions, there is a new optional
public_metadata()method onAuthorizationExtensionthat lets you expose the OAuth protected resource metadata endpoint.
When an MCP client needs to access your MCP server, it can:
- Discover the protected resource metadata
- Determine which authorization server to use
- Obtain the appropriate access token
- Present the token when making MCP requests to access your GraphQL federated graph
This enables secure, standardized authentication and authorization for production-grade MCP deployments.
With this release, Grafbase Gateway is the first GraphQL MCP server to support the full spec including OAuth protected resource metadata, enabling exposing more of your API, in more convenient ways, to more clients, without compromising on security, flexibility or convenience.
We're always looking forward to hearing from you, so don't hesitate to reach out for any reason!