PropelAuth · Capability

PropelAuth MCP Authentication — OAuth 2.1 for AI Agents

PropelAuth OAuth 2.1 server capability for Model Context Protocol clients. Provides authorization, token, introspection, dynamic client registration, and metadata discovery so MCP servers can be protected with PropelAuth identity and organization-scoped permissions.

PropelAuth MCP Authentication — OAuth 2.1 for AI Agents is a Naftiko capability published by PropelAuth, one of 5 capabilities the APIs.io network indexes for this provider. It bundles 4 operations.

The capability includes 2 read-only operations and 2 state-changing operations. Lead operation: Exchange code or refresh token for MCP access tokens. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include PropelAuth, MCP, OAuth 2.1, and AI Agents.

Run with Naftiko PropelAuthMCPOAuth 2.1AI Agents

MCP Tools

propelauth-mcp-token

Exchange code or refresh token for MCP access tokens.

propelauth-mcp-introspect

Introspect an MCP access token.

read-only idempotent
propelauth-mcp-register

Dynamically register a new MCP client.

propelauth-mcp-metadata

Fetch OAuth 2.1 authorization server metadata.

read-only idempotent

Capability Spec

mcp-authentication.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: PropelAuth MCP Authentication — OAuth 2.1 for AI Agents
  description: 'PropelAuth OAuth 2.1 server capability for Model Context Protocol clients. Provides authorization,
    token, introspection, dynamic client registration, and metadata discovery so MCP servers can be protected with
    PropelAuth identity and organization-scoped permissions.'
  tags:
  - PropelAuth
  - MCP
  - OAuth 2.1
  - AI Agents
  created: '2026-05-25'
  modified: '2026-05-25'
binds:
- namespace: env
  keys:
    PROPELAUTH_AUTH_URL: PROPELAUTH_AUTH_URL
capability:
  consumes:
  - type: http
    namespace: propelauth-mcp
    baseUri: '{{env.PROPELAUTH_AUTH_URL}}'
    description: PropelAuth MCP OAuth 2.1 endpoints.
    resources:
    - name: token
      path: /oauth/2.1/token
      operations:
      - name: mcpToken
        method: POST
        description: Exchange code or refresh token for an access token.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: introspect
      path: /oauth/2.1/introspect
      operations:
      - name: mcpIntrospect
        method: POST
        description: Validate an access token.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: register
      path: /oauth/2.1/register
      operations:
      - name: mcpRegister
        method: POST
        description: Dynamically register an MCP client.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: metadata
      path: /.well-known/oauth-authorization-server/oauth/2.1
      operations:
      - name: mcpAuthServerMetadata
        method: GET
        description: OAuth 2.1 authorization server metadata.
        outputRawFormat: json
    authentication:
      type: none
  exposes:
  - type: mcp
    namespace: propelauth-mcp-mcp
    port: 9093
    transport: http
    description: MCP adapter for PropelAuth MCP OAuth 2.1.
    tools:
    - name: propelauth-mcp-token
      description: Exchange code or refresh token for MCP access tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: propelauth-mcp.mcpToken
      with:
        body: tools.body
    - name: propelauth-mcp-introspect
      description: Introspect an MCP access token.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: propelauth-mcp.mcpIntrospect
      with:
        body: tools.body
    - name: propelauth-mcp-register
      description: Dynamically register a new MCP client.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: propelauth-mcp.mcpRegister
      with:
        body: tools.body
    - name: propelauth-mcp-metadata
      description: Fetch OAuth 2.1 authorization server metadata.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: propelauth-mcp.mcpAuthServerMetadata