python-sdk icon indicating copy to clipboard operation
python-sdk copied to clipboard
verified publisher icon modelcontextprotocol

Implement SEP-990: Enterprise Managed Authorization (Extension)

Open felixweinberger opened this issue 1 month ago • 3 comments

This is a tracking issue for implementation of SEP-990.

Summary

This extension enables secure authorization of MCP clients within enterprise environments by leveraging existing enterprise Identity Provider (IdP) infrastructure. The Python SDK needs to implement client-side OAuth flows including OpenID Connect/SAML integration, RFC8693 Token Exchange to obtain Identity Assertion JWT Authorization Grants (ID-JAG), and RFC7523 JWT Bearer Grant flows. Server-side implementations need JWT validation including signature verification, claims validation, and replay prevention. This extension provides seamless single sign-on for users while enabling enterprise administrators to control which MCP servers can be accessed and enforce policies through existing IdP infrastructure.

Related Issues & PRs

  • Implementation PRs: n/a
  • Related PRs: n/a
  • Related Issues: n/a

felixweinberger avatar Nov 07 '25 18:11 felixweinberger

Hi @BinoyOza-okta, @aaronpk mentioned you're planning to work on this one? Based on GH rules I think you need to comment before I can assign it to you.

felixweinberger avatar Nov 18 '25 23:11 felixweinberger

Hi @felixweinberger, yes, I'll be working on this one. You can assign it to me.

BinoyOza-okta avatar Nov 19 '25 04:11 BinoyOza-okta

Hi @felixweinberger, yes, I'll be working on this one. You can assign it to me.

Awesome thanks! Done.

felixweinberger avatar Nov 20 '25 13:11 felixweinberger