releases.shpreview

MCP portals accept service tokens for autonomous agents

1 featureThis release1 featureNew capabilitiesAI-tallied from the release notes
From the original release noteView original ↗

You can now connect autonomous agents and bots to an MCP server portal using an Access service token. Service token sessions can reach upstream MCP servers through the portal without a browser-based OAuth flow.

To set this up:

  • Add a Service Auth policy that matches your service token to the portal's Access application.
  • Add a Service Auth policy that matches the same token to each linked MCP server's Access application.
  • Turn Require user auth off (on_behalf: false) for each linked server so the portal uses the admin credential instead of a per-user OAuth grant.

The bot connects with CF-Access-Client-Id and CF-Access-Client-Secret headers and sees the tools from every linked server it is authorized for. Servers that still require per-user OAuth are excluded from service token sessions because a service token cannot complete a per-user OAuth grant.

For step-by-step setup, refer to Connect with a service token.

Fetched July 1, 2026

MCP portals accept service tokens for autonomous agents —… — releases.sh