I am Jakob, an Engineer at Hypr MCP, where we help companies connect their internal applications to LLM-based workflows with the power of MCP servers. Join our waitlist or book a demo to learn more. In this blog post, I want to show you how and why we built an MCP Server Gateway that acts as a reverse proxy for one or more upstream MCP servers while adding support for the authorization framework provided by the MCP specification.
The Model Context Protocol (MCP) has emerged as the de-facto standard way for Large Language Models (LLMs) to interact with other systems. First released in November 2024, it gained traction very quickly which led to some rapid iterations in the months that followed. One of the most anticipated additions to the specification, which was added in March 2025, was support for authorization when offering an MCP server remotely via HTTP. The MCP authorization framework is built on top of the well-established OAuth2 authorization standard, specifically the currently in-progress draft version 2.1, additionally requiring identity providers (IdPs) to implement the Authorization Server Metadata (ASM) and Dynamic Client Registration (DCR) optional extensions. In June 2025, the specification was further revised to also require MCP servers to act as OAuth2 compatible Protected Resource Servers (PRS), another optional extension.
In a nutshell, the protocol requires the client to first discover the authorization server URI by querying the PRS endpoint and the DCR and authorization endpoints by querying the authorization server’s ASM endpoint. It must then create an OAuth2 client using the DCR protocol and use that client to perform a regular OAuth2 authorization flow.
# Comparing authentication providers for MCP servers
This is a well-thought-through authorization framework, as, theoretically, it does not require implementers to add anything that is not part of the OAuth2 specification, while also allowing to authorize MCP clients without any OAuth2 client configuration. In practice though, we discovered that actually implementing this framework is not as straight-forward as it might seem at first glance, for several reasons:
Most existing authorization infrastructure is built on Open ID Connect (OIDC), rather than OAuth2. In a lot of cases, this does not matter, since OIDC is itself an extension of OAuth2. However, the MCP authorization framework requires the aforementioned ASM extension which OIDC includes in a slightly incompatible way. In principle, an IdP can implement both OAuth2 and OIDC ASM, but most we found do not. There have not been many legitimate use-cases for DCR before the advent of the MCP. Therefore, support for it among IdP software is very sparse.
An honorable mention at this point is deserved by Keycloak, which does implement both the ASM and DCR extensions, however it does not allow configuration of CORS headers for the DCR endpoint which makes it incompatible with most web-based MCP client software. Dex used to have partial support for OIDC DCR, but from what we could gather, it was never possible to enable it via configuration and has since been removed entirely.
We also looked at OAuth2-Proxy as a general inspiration, but it would have required too much additional plumbing to make it work. Since OAuth2-Proxy is not an IdP, we wouldn’t expect it to support DCR, ASM, or CORS anyway.
Project GitHub Url Dynamic Client Registration (DCR) support Authorization Server Metadata (ASM) support Cross-Origin Resource Sharing (CORS) support OAuth2-Proxy oauth2-proxy/oauth2-proxy ❌ (no) ❌ (no) ❌ (no) Dex dexidp/dex ❌ (Only via gRPC API) ⚠️ (Only compatible with OIDC) ❌ (no) Keycloak keycloak/keycloak ✅ (yes) ✅ (yes) ⚠️ (Not for DCR) Hypr MCP Gateway hyprmcp/mcp-gateway ✅ (yes) ✅ (yes) ✅ (yes)
After discovering these issues, we made it our goal to build an easy-to-use component that would help MCP server implementers by providing everything explained in the rest of this blog post in a ready-to-use package. Check out the https://github.com/hyprmcp/mcp-gateway/ project if you want to learn more.
... continue reading