MCP servers require authentication for protocol operations, tool execution, resource access, and prompt retrieval using the same two methods as the Management API.

OAuth 2.1 Client Credentials

Standard OAuth flow for production MCP clients:

curl -X POST https://us-east-1clpqjbygz.auth.us-east-1.amazoncognito.com/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -u "client_id:client_secret" \
  -d "grant_type=client_credentials&scope=mgmt.read+mgmt.write"

Response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "mgmt.read mgmt.write"
}

Personal Access Tokens (PATs)

Long-lived tokens for MCP server access, suitable for automation and development workflows.

Key Characteristics:

  • Long-lived (no expiration by default)
  • Generated via web UI for specific MCP server instances
  • Uses same JWT structure as OAuth tokens for compatibility
  • Suitable for CI/CD, automation, and development scenarios

Token Claims Structure:

PAT tokens follow standard JWT structure with these key claims:

{
  "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_CLpqjbYgz",
  "aud": "kambrium-mcp",
  "sub": "account_id",
  "client_id": "pat_<random_string>",
  "scopes": ["mgmt.read", "mgmt.write"],
  "token_use": "access",
  "token_type": "pat",
  "mcp_server_id": 1,
  "iat": 1704067200,
  "jti": "pat_<token_identifier>"
}

Available Scopes

Based on the Management API, the following scopes are used for MCP server access:

  • mgmt.read - Read MCP server configurations, status, tools, resources, and prompts
  • mgmt.write - Create, update, and delete MCP server connections
  • mgmt.admin - Administrative operations and system management

MCP Protocol Authentication

Session Initialization

All MCP protocol operations require proper authentication headers:

curl -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: <session_id>" \
  https://mcp.kambrium.com/user_endpoint

Authentication Flow

  1. Obtain Token: Use OAuth 2.1 Client Credentials or PAT
  2. Initialize Session: Send initialize request with capabilities
  3. Session Established: Receive session ID in Mcp-Session-Id header
  4. Send Notification: Send notifications/initialized
  5. Authenticated Requests: Include both Bearer token and session ID in subsequent requests

Session Headers

Required headers for all MCP requests:

Authorization: Bearer <access_token>
Content-Type: application/json
Mcp-Session-Id: <session_id>

Token Validation

MCP servers validate tokens on every request:

  • OAuth tokens: Verified against OAuth provider and checked for expiration
  • PAT tokens: Validated against stored hash and scope permissions
  • Session correlation: Session ID must match authenticated user context

Server-Specific Access

Tokens with mcp_server_id: Access specific MCP server instance
Tokens without mcp_server_id: Access all authorized MCP servers

Security Considerations

Token Lifecycle

  • OAuth tokens: 1-hour expiration, automatic refresh required
  • PAT tokens: Long-lived, manual rotation recommended
  • Session tokens: Temporary, tied to connection lifetime

Best Practices

  • Store tokens securely in application memory or credential vault
  • Implement token refresh logic for OAuth flows
  • Monitor authentication failures and rate limits
  • Use minimum required scopes for principle of least privilege