Description

The authorization protocol allows MCP to implement course grained authorization checks e.g. a principal can/cannot access the server.

For advanced use cases though it is useful to be able to limit access on a per tool/resource/prompt basis.

There are a range of authorization tools that can be used however rather than being specific I suggest it is better to provide a plugin API that allows providers to pick their underlying authorization approach.

I have a patch that shows this idea, I'll open a draft pull request to illustrate the idea and allow for further testing & refinement.

References

No response