Support strict MCP gateways by exposing required OAuth/OIDC discovery endpoints | Voters

Support strict MCP gateways by exposing required OAuth/OIDC discovery endpoints

Kavita Pant

Customers using strict 3rd‑party MCP gateways (e.g., kagent gateway) report that Port MCP is unusable because required OAuth/OIDC metadata endpoints are missing or incomplete:

Missing protected resource endpoint: The gateway expects a protected resource metadata endpoint and fails token validation when it’s not available.

Internal analysis of Port MCP also notes issues around the protected resource metadata endpoint not being served.

Missing OpenID configuration endpoint: The gateway expects an OpenID configuration endpoint for discovery.

Without it, third‑party tools cannot properly verify tokens returned by Port MCP.

Request:

Add the missing OAuth/OIDC discovery/metadata endpoints so that strict MCP gateways can:

>Discover Port MCP’s authorization / token / resource configuration.

> Validate tokens in a standards‑compliant way.

> Use Port MCP as a backend tool provider without custom workarounds.

22 hours ago