Implementing MCP Authorization using Spring Security OAuth 2.1 capabilities

The Model Context Protocol (MCP) specification defines authorization capabilities for HTTP-based transports based on established specifications using the OAuth 2.1 Authorization Framework (IETF Draft) and extension specifications, specifically, OAuth 2.0 Authorization Server Metadata (RFC 8414), OAuth 2.0 Protected Resource Metadata (RFC 9728) and OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591).

This talk will step through the Authorization Flow detailed in the MCP specification and will demonstrate how to configure and customize Spring Security OAuth 2.1 capabilities to implement authorization server discovery, dynamic client registration, obtaining an access token and making a request to a MCP protected resource.