# WorkOS MCP > WorkOS MCP is an OAuth 2.1 authorization server for securing Model Context Protocol servers, providing dynamic client registration, PKCE, JWT verification, and token management for AI agents—plus enterprise SSO, directory sync, and admin tooling. WorkOS MCP is an OAuth 2.1-compatible authorization server built to secure Model Context Protocol (MCP) servers with minimal configuration. It handles the complete OAuth flow for MCP clients—including dynamic client registration, authorization endpoints, token issuance, and JWT verification—so developers can focus on building MCP tools and resources instead of authentication infrastructure. WorkOS MCP supports the latest MCP specification for fine-grained authorization of agentic applications and workflows. - **MCP OAuth Authorization** — Implement spec-compliant OAuth 2.0 for MCP servers; WorkOS MCP auto-discovers endpoints and validates JWTs so MCP clients can authenticate users and access protected resources with zero-config interoperability. - **Dynamic Client Registration** — Enable MCP clients to self-register using OAuth 2.0 Dynamic Client Registration (RFC 7591); clients discover and connect to your MCP server without prior configuration. - **Token Verification & Metadata** — Verify access tokens issued by WorkOS MCP using JWT validation; serve `.well-known/oauth-protected-resource` metadata so clients automatically discover the authorization server and authenticate seamlessly. - **Standalone MCP OAuth** — Integrate MCP authorization with existing authentication systems; redirect users to your own login UI while WorkOS MCP handles OAuth consent, token issuance, and MCP client authorization. - **PKCE & Security** — Built-in support for Proof Key for Code Exchange (PKCE), scopes, refresh tokens, and introspection endpoints to secure AI agent access with industry-standard OAuth 2.1 flows. - **Enterprise Features** — WorkOS also provides Single Sign-On (SAML/OIDC), Directory Sync (SCIM/HRIS), Admin Portal, Audit Logs, and multi-factor authentication for teams building enterprise-ready applications. - **Developer Tooling** — Use official SDKs (Node, Python, Go, Ruby, .NET, Java), FastMCP integration examples, webhooks, quickstart guides, and open-source templates to ship MCP servers in days. To get started with WorkOS MCP, enable Dynamic Client Registration in the WorkOS Dashboard, implement token verification middleware, and serve the required metadata endpoints. WorkOS MCP handles all OAuth complexity so you can focus on building MCP tools. ## Features - MCP OAuth 2.1 Authorization Server - Dynamic Client Registration (RFC 7591) - PKCE & OAuth Security - JWT Token Verification - OAuth Protected Resource Metadata - Standalone MCP OAuth (Bring Your Own Auth) - FastMCP Integration - Single Sign-On (SAML & OIDC) - Directory Sync (SCIM & HRIS) - Hosted Auth UI (AuthKit) - Role-Based Access Control (RBAC) - Audit Logs and Log Streaming - Multi-Factor Authentication (TOTP/SMS) - Admin Portal for IT self-serve onboarding - Official SDKs for multiple languages ## Integrations FastMCP, Model Context Protocol (MCP), Anthropic Claude Desktop, Cloudflare Workers, Okta, Entra ID, ADFS, BambooHR, Rippling, Microsoft (social auth), Google (social auth), SIEM (log streaming), Datadog ## Platforms WEB, API, DEVELOPER_SDK ## Pricing Open Source, Free tier available ## Links - Website: https://workos.com/mcp - Documentation: https://workos.com/docs/authkit/mcp - Repository: https://github.com/workos/mcp.shop - EveryDev.ai: https://www.everydev.ai/tools/workos-mcp