Episode

Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360

Podcast

Application Security Weekly (Audio)

Published

Dec 9, 2025

Duration seconds

4063

Processing state

not_requested

Canonical source

https://aswaudio.libsyn.com/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360

Audio

https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_360_1--1419aceb-3ee6-4a1b-9447-288bb5d6fe91--audio-converted--b967f227-fd4f-4786-bf03-4224abcafa6d.mp3?dest-id=626765

JSON

/v1/public/podcasts/application-security-weekly-audio-436682/episodes/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360

Markdown

/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360.md

Actions

• POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360/transcription-requests
  Idempotently request low-priority transcript generation for this episode.
• GET https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360.md
  Read the agent-friendly Markdown representation of this episode resource.

Summary

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this. Segment resources: https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-360