Answer: MarkTechPost reported that the Model Context Protocol (MCP) now mandates OAuth 2.1 for protected HTTP deployments when authorization is implemented. The article listed requirements including OAuth 2.1 with PKCE, HTTPS, discoverable authorization server metadata, Protected Resource Metadata (RFC 9728), and validation of Resource Indicators (RFC 8707).
MarkTechPost also reported that Dynamic Client Registration is not universally required, stating that CIMD is preferred and DCR may be used. The article ranked authentication platforms for “AI agents and MCP servers” and highlighted enterprise-focused features including SSO, SCIM, audit logs, and fine-grained authorization. It cited WorkOS and Stytch, and noted that Twilio acquired Stytch in November 2025.
Source: MarkTechPost