RFC 9728 | The road

MCP OAuth on AgentCore Gateway + Cognito via APIGW Façade
May 19, 2026 · 18 min read · MCP Model Context Protocol AWS Bedrock AgentCore AgentCore Gateway Amazon Cognito API Gateway SST OAuth 2.1 RFC 9728 RFC 8414 RFC 7591 PKCE Claude Code ·
Share on:
Introduction Amazon Bedrock AgentCore Gateway is the most pragmatic way to host a Model Context Protocol server on AWS today. Declare your tools as OpenAPI or as Lambda targets, get a managed multi-target MCP endpoint, and inherit AWS-native authentication via a customJwtAuthorizer. For machine-to-machine traffic that …

Read More about MCP OAuth on AgentCore Gateway + Cognito via APIGW Façade
Technical Deconstruction of MCP Authorization: A Deep Dive into OAuth 2.1 and IETF RFC Specifications
Nov 12, 2025 · 22 min read · MCP Model Context Protocol OAuth 2.1 OAuth 2.0 PKCE JWT RFC 7636 RFC 9700 RFC 9728 Resource Indicators Federated Authentication AI Security ·
Share on:
Executive Summary This article provides a deep-dive technical analysis of the Model Context Protocol (MCP) authorization flow. The central insight is that MCP's authorization model is not a generic application of OAuth 2.0 but a sophisticated implementation of the emerging OAuth 2.1 standard. The MCP protocol …

Read More about Technical Deconstruction of MCP Authorization: A Deep Dive into OAuth 2.1 and IETF RFC Specifications