This is fantastic. Ive been so fortunate to work with the mcp folks last few months on a couple of the SEPs (and my own experimental sdk in go). I used to be a naysayer. "Its just apis" I used to say. "Sheesh the invented another abstraction" I used to say.
What folks dont realize is it is the "P" in MCP that throws people off. When you build a traditional app you have to build forms, ui, req/response handling, bidirectional channels, long running tasks, auth and so on.
With mcp 80% of this common layer is taken care for you. So mcp is really an "app framework" than a protocol (well there is that too).
Unified auth is a huuuge boost. Can't wait to see more cool things!
Huge congrats to the folks behind this at Okta, A\, Microsoft, Figma, Linear, etc...
For the MCP nay-sayers - don't worry there's something here for you too :)
This is powered by a new token format called an ID-JAG - https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-a... - and isn't MCP specific at all. ID-JAGs can be used for safe and secure data sharing anywhere where data is shared between applications that use the same SSO provider.
Before you get too far into the usual “MCP is dead, Skills forever” debate
The real valuable capability MCP offers over skills/CLI is isolating the auth flow outside of the agent’s context window, and potentially out of the harness completely. This is valuable from a security perspective obviously. It’s also just a much easier user experience for normies and large businesses adopting AI tools. I hear all the context bloat and tool call redundancy complaints. But this structure for handling auth has real value.
Maybe the idealized form of MCP is just an auth gateway for the API and nothing else. That’d still be a win.
Hey folks - I am one of the folks at Anthropic that helped deliver this in partnership with Okta and a handful of MCP partners. We're very excited about this taking shape in Claude (in addition to the MCP spec, of course, where EMA is now a stable extension) and are looking to expand adoption to other identity providers and clients as well.
If you have any feedback, feel free to drop it in here! Always happy to hear about folks' experience and how we can make it better.
Wait this is awesome. A huge issue with Enterprise OAuth2.0 is managing all the random apps. Each with their own half-baked enterprise controls for managing scopes, token expiry, and no control over device bound sessions.
So instead, you can run centralized infra to validate a user, device, what scopes their requesting and duration, and enforce policies for all your apps?
What's interesting about this standard is that it's not really MCP-specific. It can work just as nicely for any other workload - it just requires the authorization server/IdP to support it and the receiver to know how to handle the trust relationship.
In regular OAuth, end users consent to share their data with applications individually. This makes sense for consumer usecases, where the end users own their data. But it doesn't make sense for many business usecases, where the business is the entity that should control data sharing and access, not the end user. As an employee at Acme, I shouldn't decide to link my Acme Google Drive data to Claude or ChatGPT, that should be the decision of my IT Department.
Enterprise-Managed OAuth, or Cross App Access (XAA), brings this IT-Admin centrally controlled sharing model into the OAuth framework so it works with the existing ecosystem.
There's also a great UX benefit from moving data sharing consent management from employees to IT Admins - it means that employees don't need to sit through a bunch of OAuth flows to link their accounts together. Their IT Admin has already set up all the sharing controls. Everything plugs in together and should Just Work from day one. Think joining a new company on the first day and your Slack is already linked to your Zoom, your Drive, your Calendar, etc...
Sure, if I’m a business, I will make a business decision to share, or not share, some resource with ChatGPT. But, if I do decide to share something with ChatGPT, I absolutely do NOT want it shared with every single ChatGPT thread, more or less how I don’t want it shared with every single tab an employee has open in a browser.
Auth has been a wild journey in MCP. It really is a valuable differentiator to things like Skills for enterprises though. Congrats to the team on the ship.
What folks dont realize is it is the "P" in MCP that throws people off. When you build a traditional app you have to build forms, ui, req/response handling, bidirectional channels, long running tasks, auth and so on.
With mcp 80% of this common layer is taken care for you. So mcp is really an "app framework" than a protocol (well there is that too).
Unified auth is a huuuge boost. Can't wait to see more cool things!
For the MCP nay-sayers - don't worry there's something here for you too :)
This is powered by a new token format called an ID-JAG - https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-a... - and isn't MCP specific at all. ID-JAGs can be used for safe and secure data sharing anywhere where data is shared between applications that use the same SSO provider.
The real valuable capability MCP offers over skills/CLI is isolating the auth flow outside of the agent’s context window, and potentially out of the harness completely. This is valuable from a security perspective obviously. It’s also just a much easier user experience for normies and large businesses adopting AI tools. I hear all the context bloat and tool call redundancy complaints. But this structure for handling auth has real value.
Maybe the idealized form of MCP is just an auth gateway for the API and nothing else. That’d still be a win.
If you have any feedback, feel free to drop it in here! Always happy to hear about folks' experience and how we can make it better.
So instead, you can run centralized infra to validate a user, device, what scopes their requesting and duration, and enforce policies for all your apps?
Can we get this in other OAuth 2.0 clients?
Enterprise-Managed OAuth, or Cross App Access (XAA), brings this IT-Admin centrally controlled sharing model into the OAuth framework so it works with the existing ecosystem.
There's also a great UX benefit from moving data sharing consent management from employees to IT Admins - it means that employees don't need to sit through a bunch of OAuth flows to link their accounts together. Their IT Admin has already set up all the sharing controls. Everything plugs in together and should Just Work from day one. Think joining a new company on the first day and your Slack is already linked to your Zoom, your Drive, your Calendar, etc...
Sure, if I’m a business, I will make a business decision to share, or not share, some resource with ChatGPT. But, if I do decide to share something with ChatGPT, I absolutely do NOT want it shared with every single ChatGPT thread, more or less how I don’t want it shared with every single tab an employee has open in a browser.