Use Stytch for Remote MCP Server authorization

The growing popularity of Artificial Intelligence (AI) and Large Language Models (LLM) has driven an industry-wide trend towards more humanist experiences with our IT tools. Along with this shift there has been a parallel movement in how those tools interact with each other. As AI gets increasingly sophisticated in communicating with us it is simultaneously growing more capable in what it can do for us.

Within the ecosystem of a particular provider, interconnectivity often already exists between tools. For example, Google has integrated Gemini in many of its own applications. Users can ask Gemini to create a task, for instance, and Gemini has the capability to create a new item in Google Keep. Apple Intelligence can summarize your emails and help you respond in Apple Mail. AI that can take actions on behalf of users instead of simply talking to them is a clear direction of progress.

The ability to bring this type of interconnectedness to the ecosystem at large has huge potential benefits for users of AI. This next-generation connectivity between tools has been in active development through a number of different means, but one promising specification that we'll cover here is Anthropic's Model Context Protocol (MCP)

MCP is a specification for how AI agents can communicate with, and discover the capabilities of, servers which implement specific functionality. Whereas an LLM may not natively have the capability to perform certain actions, such as sending email, if it can communicate with an MCP server that advertises this capability it is empowered to delegate the implementation of email sending to that server. Naturally, this type of interaction can extend beyond email to whatever services implementers wish to create.

For a short while, MCP was a local-to-machine protocol that enabled a federation of locally hosted services to operate together. The success of this model has inspired a major upcoming extension, Remote MCP, which is poised to bring this kind of service federation to servers across the Internet.

Authorization and authentication becomes increasingly important as MCP becomes remote and servers become publicly available on the Internet. Stytch supports handling the auth process for MCP servers to create a seamless experience for securing access to their services.

From the purposes of implementing authorization with Stytch, MCP servers are a type of Connected App. Stytch supports enabling Dynamic Client Registration in the Connected Apps dashboard. This means, rather than configuring a client app manually, remote MCP Servers can add themselves as a client app in Stytch. After the app registers it operates as a standard Connected Apps client in Stytch, including user management and, when developing a B2B app, Role-Based Access Control.

MCP is designed as a Remote Procedure Call (RPC) inter-process communication between applications which originally were running on the same machine using standard inter-process communication methods. This provides an efficient and responsive experience between the MCP client and server. Remote MCP extends this concept by using HTTP as a transport layer with Server-Sent Events and HTTP POST requests to exchange messages.

This is different from HTTP's base idioms and there are few out-of-the-box tools and web services that yet operate according to this protocol. To provide a foundation for creating MCP servers Cloudflare has implemented Remote MCP servers as Cloudflare workers. This is one of the fastest and easiest ways to create a responsive and always-available serverless remote MCP server which can serve requests to the LLM / MCP Client of your choice. This server can then handle the incoming request in a number of ways, such as connecting to other web services to implement functionality for the LLM.