MCP OAuth (remote clients)
Nolixan is a spec-compliant OAuth 2.1 authorization + resource server, so remote MCP clients like Claude.ai can connect, consent, and call governed tools.
The MCP gateway lets you call governed tools over JSON-RPC with an API key. MCP OAuth lets a remote MCP client — e.g. Claude.ai's custom connectors — discover Nolixan, run an OAuth 2.1 consent flow, and receive a scoped token, all without you sharing an API key. Nolixan acts as both the authorization server and the resource server.
Discovery
Clients discover the endpoints from standard well-known documents (no auth):
| Path | Spec | Returns |
|---|---|---|
/.well-known/oauth-authorization-server | RFC 8414 | authorization_endpoint, token_endpoint, revocation_endpoint, registration_endpoint, … |
/.well-known/oauth-protected-resource | RFC 9728 | resource, authorization_server, … |
The flow
-
Dynamic client registration (RFC 7591) — the client self-registers:
Redirect URIs must be HTTPS. Public PKCE clients receive no secret.
-
Authorize (OAuth 2.1, PKCE S256 required) —
GET /api/v1/oauth-server/authorize?response_type=code&client_id=…&redirect_uri=…&code_challenge=…&code_challenge_method=S256&scope=…&state=…. Nolixan validates the client and redirect URI and shows a consent screen where the user picks the environment and approves scopes. -
Token (RFC 6749, form-encoded) — exchange the code (with the PKCE
code_verifier) for an opaque access token + rotating refresh token: -
Call tools — the client uses the access token as a bearer token against the MCP endpoint. The token's scope is bound to the same least-privilege grant allowlist as API keys, so the client only sees and calls what it was granted.
Opaque tokens & revocation
Access tokens are opaque (not JWTs), so they can be revoked instantly — there's no signature to keep honoring until expiry.
Users can review and revoke connected apps:
| Method | Path | Purpose |
|---|---|---|
GET | /oauth-server/connected-apps | Apps you've authorized over MCP |
DELETE | /oauth-server/connected-apps/{client_id}?environment_id= | Revoke all tokens for an app in an environment |
Because writes are still governed by policy, default-deny on writes correctly hides write tools from a freshly connected client until you allow them. Full security notes: docs/MCP_OAUTH_SECURITY.md; connection walkthrough: docs/MCP_OAUTH_CONNECT.md.