MCP-compatible provider list
This list contains providers that have been tested with MCP Auth.
| Provider | Type | OAuth 2.1 | Metadata URL | Dynamic Client Registration | Resource Indicator |
|---|---|---|---|---|---|
| Logto | OpenID Connect | ✅ | ✅ | ❌1 | ✅ |
| Keycloak | OpenID Connect | ✅ | ✅ | ⚠️2 | ❌ |
If you have tested MCP Auth with another provider, please feel free to submit a pull request to add it to the list.
Is Dynamic Client Registration required?
Dynamic Client Registration is not required for MCP servers and MCP Auth. In fact, you can choose the approach that best suits your needs:
- If you are developing an MCP server for internal use or a specific application you control: it's fine to manually register your MCP client with the provider and configure the client ID (and optionally, the client secret) in your MCP client.
- If you are developing an MCP server that will be used by public applications (MCP clients):
- You can leverage Dynamic Client Registration to allow your MCP clients to register themselves with the provider dynamically. Make sure to implement proper security measures to prevent unauthorized or malicious registrations.
- Alternatively, you can develop a custom registration flow that allows your MCP clients to register with the provider using a secure and controlled process, such as a web interface or an API endpoint that you control, without relying on Dynamic Client Registration. As long as your provider supports Management API or similar functionality, you can use it in your custom endpoints to register the MCP clients.
Test your provider
Enter the URL of your authorization server's issuer or metadata endpoint below to check if it's compatible with MCP.