MCP - thangchung/mcp-labs GitHub Wiki
Introduction
MCP Authorisation
- Protected Resource Metadata (RFC 9728): Servers publish metadata describing trusted authorisation servers.
- Authorisation Server Metadata (RFC 8414): Clients discover how to interact with authorisation servers.
- Dynamic Client Registration (RFC 7591): Clients can automatically register with new authorisation servers, avoiding manual setup.
- Resource Indicators (RFC 8707): Clients bind tokens explicitly to the intended MCP server.
- PKCE and Redirect Security: Clients must protect authorisation codes and secure redirects, per OAuth 2.1 best practices.
- Strict Token Audience Binding: Servers must validate that tokens are issued specifically for them, blocking misuse or passthrough to upstream APIs.
From video [Keynote] MCP201: The Protocol in Depth with David Soria Parra at Anthropic: https://youtu.be/C_nqAWHsldo?si=QiByVsiH_rbcxZTd
That's not the name of workspace because it's not local, it might point to a remote Notion workspace.
mindmap
root((MCP))
"The Protocol in Depth"
"Keynote - MCP 201"
Primitives
Prompts
What: Pre-defined templates for AI interactions
When: User explicitly wants to add to context
Example: /gh-issue <id>, /usage-example
Capabilities: Dynamic content, Auto-completion
Resources
What: Data or content exposed by the server
Examples: Files, DB records, Memory
When: Application should control content
Use case: RAG input, Visualization (e.g., DB schema)
Tools
What: Actions that can be invoked
When: Model decides when to call an action
Examples: Send message, Update DB, Take action
Capabilities: Automation, Interacting with external systems
"Server primitives: Interaction model"
"Prompts": User driven
"@ / slash commands in context windows"
"Resources": Application driven
"File-like, RAG Input, etc"
"Tools": Model driven
"Actions"
"Outcome": Rich AI Applications
"Advanced features"
Sampling
What: Allows a server to request a completion from the client
Benefit: User application has full control over security, privacy, and cost
Use case: Issue Tracker server requests inference from client's Claude model
Roots
What: Server asks the client "What projects do you have open?" (URIs/workspaces)
Benefit: Allows server to operate on specific local or remote contexts opened by the client
(Note: Speaker mentions confusing name, implies broader scope than just local workspaces)
"Going Remote"
"Integrations: Bringing MCP to the web"
Concept: MCP servers exposed as web URLs (e.g., https://mcp.saas.com)
Benefit: Enables ubiquitous availability, acts as a true standard
Authorization
Allows private context to be shared from trusted data sources
Enables MCP server authors to bind server capabilities to a user account
Securely connects to third-party integrations (e.g., payment providers, enterprise IDP)
Scaling
"Streamable HTTP"
"Scaling MCP servers is similar to normal APIs"
"Server authors can choose:
- Return results directly
- Use SSE streams for richer interactions"
Servers cannot initiate client connection (client responsible for connection)
"What's Next"
Agents
Tasks: Asynchronous execution (e.g., tasks taking hours/days)
Elicitation: Improved human-in-the-loop (e.g., user consent, legal terms)
"Official Registry API"
"Central place to publish and discover MCP servers"
"Will be open source"
Multimodality
"Streaming results"
"Ecosystem Growth":
"Ruby SDK"
"Go SDK"
"More SDKs and client implementations"
From video [Session] Intro to OAuth for MCP Servers with Aaron Parecki, Okta: https://youtu.be/mYKMwZcGynw?si=rGKQo8Jub_AoTARH
RFC-9728: Protected Resource Metadata (enable people to build MCP servers that can be used by MCP clients that have never before seen that client)
RFC-7591: Dynamic Client Registration (Puts client name and logo in an approve page)
Enteprise - Single Sign-On: