Basics of PPP (gekk.info)

1 points by ogurechny 7s ago 0 comments

Tim Owens Jazz and Broadcast Collection Digitized by Grammy Museum Grant (library.unt.edu)

2 points by gnabgib 1m ago 0 comments

Fine-Tuning LLMs Is a Waste of Time (codinginterviewsmadesimple.substack.com)

2 points by j-wang 5m ago 1 comments

AI Water and Energy Converter – understand the impact of personal AI usage (context.supply)

1 points by dameis 6m ago 1 comments

Easy place to read ancient philosophy (readphilosophy.org)

1 points by bridelamb 8m ago 0 comments

The Weaponization of Waymo (bloodinthemachine.com)

2 points by SLHamlet 10m ago 0 comments

Designing NoSQL Data: When to Normalize and When to Denormalize (constantinos.dev)

1 points by eerenio 11m ago 0 comments

Made a website dedicated to programming languages I'll never learn

1 points by backteria 12m ago 0 comments

God is hungry for Context: First thoughts on o3 pro (latent.space)

1 points by panarky 13m ago 0 comments

Reverse eng Claude Code to work with local and any OpenAI API models (youtube.com)

1 points by Sirvan3tr 16m ago 0 comments

Forth Feedback Loop (thomascountz.com)

1 points by thomascountz 16m ago 0 comments

Trump Says FEMA Phaseout to Begin After Hurricane Season (bloomberg.com)

4 points by petethomas 19m ago 0 comments

Ask HN: Jenkins Blue Ocean UX?

1 points by nittanymount 20m ago 0 comments

The Neuroscience of Pulling Oneself Up by the Bootstraps (psychologytoday.com)

2 points by squircle 21m ago 0 comments

Heroku Outage (bleepingcomputer.com)

1 points by benkitzelman 22m ago 1 comments

Ask HN: Would You Use a Declarative Back End (APIs, DB, Auth, Sync)?

3 points by Imazadi 23m ago 0 comments

Fine Structure Constant expression (2005) [pdf] (chip-architect.org)

1 points by tokenmemory 24m ago 0 comments

System prompts from AI coding products like Windsurf, Manus, Curso, and Bolt (drive.google.com)

1 points by coffee 30m ago 1 comments

Space-X Broadband: Coming to an Empty Traffic Island Near You (2020) (freepress.net)

2 points by throwawaysleep 32m ago 1 comments

Why USA is rethinking Air Power (youtube.com)

1 points by lifeisstillgood 36m ago 0 comments

A Mathematician Calculated Size of a Giant Meatball Made of Every Human (sciencealert.com)

3 points by dxs 38m ago 0 comments

Candid/Guidestar Alternative API for Nonprofit Verification (pactman.org)

1 points by kmalikakande 41m ago 1 comments

The Shadow Price of “Public” Information (gsb.stanford.edu)

2 points by Improvement 44m ago 0 comments

UK tests underwater drone for communications protection (militarnyi.com)

1 points by giuliomagnifico 46m ago 0 comments

Helion: A modern fast paced Doom FPS engine in C# (github.com)

3 points by klaussilveira 53m ago 0 comments

4chan and porn site investigated by Ofcom over online safety (bbc.com)

3 points by like_any_other 53m ago 0 comments

Show HN: ReqVis – Server Log Visualizer (github.com)

1 points by foxfired 54m ago 0 comments

SF Housing Madness. Tired of Screaming into the Void

1 points by Compzilla 58m ago 8 comments

Best Model Context Protocol (MCP) Servers (pomerium.com)

2 points by pom-ec 59m ago 1 comments

Impulse Becomes First Battery-Integrated Appliance Certified to Safety Standards (impulselabs.com)

1 points by surprisetalk 1h ago 0 comments

Meal Type Rather than Meal Sequence Affects Meal Duration, Chew Count and Tempo (mdpi.com)

1 points by PaulHoule 1h ago 0 comments

Anycast dongle stream audio/video from Ubuntu (github.com)

1 points by anycastubuntu 1h ago 1 comments

The Bluesky bubble hurts liberals and their causes (washingtonpost.com)

2 points by TMWNN 1h ago 1 comments

France Moves to Classify X as an Adult Site Amid Digital ID Crackdown (reclaimthenet.org)

4 points by like_any_other 1h ago 0 comments

Mastodon: Trunk and Tidbits, May 2025 (blog.joinmastodon.org)

3 points by doener 1h ago 0 comments

Show HN: MCP server to index external repositories (github.com)

1 points by lewq 1h ago 1 comments

OpenAI is storing deleted ChatGPT conversations as part of its NYT lawsuit (theverge.com)

2 points by thesecretceo 1h ago 0 comments

Openpgp.js – OpenPGP JavaScript Implementation (openpgpjs.org)

1 points by gjvc 1h ago 0 comments

Good Taste Is More Important Than Ever (theatlantic.com)

3 points by ecliptik 1h ago 1 comments

EDAN: Towards Understanding Memory Parallelism and Latency Sensitivity in HPC [pdf] (spcl.inf.ethz.ch)

1 points by matt_d 1h ago 0 comments

The EU challenges Google and Cloudflare with its own DNS resolver (techradar.com)

4 points by rolph 1h ago 0 comments

AI-assisted coding for teams that can't get away with vibes (blog.nilenso.com)

1 points by steveklabnik 1h ago 0 comments

MARM Protocol: Enhancing LLM Memory and Mitigating Hallucinations (github.com)

1 points by CogniFlow 1h ago 1 comments

What happened to the "floating license" model?

1 points by ashwinsundar 1h ago 2 comments

The Spying Scandal Rocking the World of HR Software (bloomberg.com)

4 points by m-hodges 1h ago 1 comments

World Bank predicts worst decade for global growth since 60s (bbc.com)

5 points by geox 1h ago 3 comments

What Happened with Siri and Apple Intelligence, According to Apple (techradar.com)

1 points by thoughtpeddler 1h ago 0 comments

Course: Alan Moore Storytelling (bbcmaestro.com)

1 points by ndsipa_pomu 1h ago 1 comments

Google is offering employee buyouts in Search and other orgs (theverge.com)

7 points by gametorch 1h ago 0 comments

Show HN: A Batteries-Included CLI Framework for Zig (github.com)

1 points by caeser 1h ago 3 comments

Secure any MCP server with drop-in OAuth 2.1

5 ravimadabhushi 1 6/10/2025, 5:31:09 AM docs.scalekit.com ↗

Comments (1)

ravimadabhushi · 18h ago

Hey folks — I’m Ravi, a 2× founder and currently building Scalekit. Before this, I led platform and auth infrastructure at Freshworks.

Been neck-deep in auth, identity, and security for more than a decade now.

We’re seeing more and more MCP servers being spun up to expose tools and workflows to AI agents. But honestly most of them are still unauthenticated or worse, they reuse agent tokens across systems.

This is clearly a problem because the March 2025 updated the MCP spec to now formally mandates OAuth 2.1 as the auth standard for MCP servers.

Also, as Aaron Parecki, Director of Identity Standards at Okta mentioned: “Just treat every MCP client as an OAuth client. Treat the MCP server as a resource server that uses an existing authorization server. That’s it. Problem solved.”

That's exactly what we did to help you separate the authz layer from your business logic - a drop-in OAuth 2.1 module for MCP servers. It handles: - Scoped, short-lived tokens - DCR + PKCE + metadata discovery - 401s with authorize_url for delegated 3P workflows.

Would love to hear your feedback if you’re building with agents or your MCP servers.