releases.shpreview
Auth0/Auth0 Changelog/Auth for MCP is now Generally Available

Auth for MCP is now Generally Available

May 6, 2026Auth0 Changelog
$npx @buildinternet/releases get rel_xWcMeZ_-gXg3gLGjlcPe0

We are excited to announce Auth for MCP is now Generally Available.

Auth for MCP gives you a straightforward way to add authentication and authorization to any MCP server, so you control exactly who gets access, and what they get access to. Implement authentication, CIMD registration, and OBO token exchange for AI agents.

Auth for MCP is a product capability that uses the combination of the following features:

Client ID Metadata (CIMD) Registration (GA)

For MCP clients to connect to MCP servers, they need to identify themselves. But how does a server trust a new client it's never seen? The MCP spec solves this by recommending the use of CIMD: each client hosts a document containing its metadata at a URL that identifies the client. In Auth0, tenant admins provide that URL, and Auth0 fetches the metadata, validates it, and displays it for confirmation before creating the client. You get control over which clients can access your MCP server ensuring no surprise registrations.

On-Behalf-Of Token Exchange (GA)

After a user's agent authenticates with an MCP server and issues a request, it needs to call another API like a Salesforce instance or HR system to finish the job. The question is: how does that second API know the request is legitimate and who it's actually for? On-Behalf-Of Token Exchange lets MCP servers trade the user’s access token for one that works with the downstream API, scoped correctly and still tied to the original user. No shared secrets, no service accounts with too much power. And full auditing and visibility into every action.

Resource Parameter Compatibility Mode (GA)

The MCP spec uses "resource" identifiers to indicate which server an agent wants to talk to, rather than the "audience" parameter that OAuth has traditionally used. Auth0 now supports this natively, allowing MCP implementations to stay spec-compliant without workarounds or translation layers.

Enhanced Security Controls for Third-Party Applications (GA)

As you open your APIs to AI agents, partners, and developer ecosystems, third-party applications need to be secure by default. The recently shipped Enhanced Security Controls gives third-party apps a production-ready, secure-by-default posture, with the control you need over what external applications can access.

Documentation Links

Fetched May 6, 2026