{"podcast":{"title":"Application Security Weekly (Audio)","slug":"application-security-weekly-audio-436682","podcast_index_feed_id":436682,"rss_url":"https://aswaudio.libsyn.com/rss","website_url":"https://securityweekly.com/asw","image_url":"https://static.libsyn.com/p/assets/0/a/1/5/0a15d1d27c1a4bbc27a2322813b393ee/ASW_Cover_1920x1920-20240930-x3a3ohx73b.png","author":"Security Weekly Productions","episode_count":398,"summary":"About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/application-security-weekly-audio-436682"},"episode":{"title":"Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360","slug":"making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360","published_at":"2025-12-09T10:00:00+00:00","page_url":"https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360","show_page_url":"https://stenobird.com/podcast/application-security-weekly-audio-436682","url":"https://aswaudio.libsyn.com/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360","audio_url":"https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_360_1--1419aceb-3ee6-4a1b-9447-288bb5d6fe91--audio-converted--b967f227-fd4f-4786-bf03-4224abcafa6d.mp3?dest-id=626765","summary":"The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this. Segment resources: https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-360","meta_description":"The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs,…","key_points":[],"chapters":[],"topics":[],"duration_seconds":4063,"processing_state":"not_requested","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/application-security-weekly-audio-436682/making-oauth-scale-securely-for-mcps-aaron-parecki-asw-360.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}