This is a tracking issue for implementation of SEP-990.

Summary

This extension enables secure authorization of MCP clients within enterprise environments by leveraging existing enterprise Identity Provider (IdP) infrastructure. The TypeScript SDK needs to implement client-side OAuth flows including OpenID Connect/SAML integration, RFC8693 Token Exchange to obtain Identity Assertion JWT Authorization Grants (ID-JAG), and RFC7523 JWT Bearer Grant flows. Server-side implementations need JWT validation including signature verification, claims validation, and replay prevention. This extension provides seamless single sign-on for users while enabling enterprise administrators to control which MCP servers can be accessed and enforce policies through existing IdP infrastructure.

Related Issues & PRs

• Implementation PRs: n/a
• Related PRs: n/a
• Related Issues: n/a