# Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360

Page: https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360
Text version: https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360.md
Podcast: [Application Security Weekly (Audio)](https://stenobird.com/podcast/application-security-weekly-audio-436682)
Published: 2025-12-09T10:00:00+00:00
Episode link: https://aswaudio.libsyn.com/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360
Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_360_1--1419aceb-3ee6-4a1b-9447-288bb5d6fe91--audio-converted--b967f227-fd4f-4786-bf03-4224abcafa6d.mp3?dest-id=626765
Processing state: not_requested
JSON: https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360
Duration seconds: 4063

## Resource

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this. Segment resources: https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-360

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.