Full episode and show notes

Making OAuth Scale Securely for MCPs – Aaron Parecki – ASW #360

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth’s new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this. Segment resources: https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/

Full Segment Notes

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.

Segment resources:

Guest
Director of Identity Standards at Okta

Aaron Parecki is Director of Identity Standards at Okta with over 20 years of experience in the industry. He is active in multiple standards development organizations (SDOs), including IETF, OpenID Foundation, and W3C. He is an editor of OAuth 2.1 along with several other OAuth specifications, and co-chairs the SCIM working group at IETF, and the IPSIE working group at the OpenID Foundation. He has taught the fundamentals of OAuth and online security to thousands of developers worldwide through his book OAuth 2.0 Simplified as well as video courses and live online trainings.

List of Articles

Mike Shema

  1. Stop Hacklore!
  2. Cloud Threat Modeling 2025 | CSA

    CSA also has an article calling for continuous threat modeling. If you look at threat modeling as critical thinking about how an app could be used, that makes sense. But continuous doesn't have to be burdensome or overly formal -- it can be part of the evaluation that goes into a code review or change management process.

  3. React2Shell (CVE-2025-55182)

    See also the responses from React and Next.js.

    Lachlan Davidson has also posted some of this original PoC examples, which include references to how others have been creative about exploiting this vuln.

    This also lead to a brief outage at CloudFlare, whose internal changes to expand their traffic analysis and WAF for this vuln triggered an error that an internal system mishandled. This kind of postmortem is educational for dev teams working on resiliency and security teams working on secure code reviews and recommendations. It reads like the perils of legacy systems (migrating from a heavy Lua-based FL1 to a more Rust-based FL2) and the benefits of more strongly typed languages.

John Kinsella

  1. Zig programming language moves to CodeBerg partially to avoid AI slop

    Zig has announced they're leaving GitHub. In a post which can be at times abrasive, Andrew Kelley describes the reasons - mostly GitHub "selling out" to Microsoft and becoming more corporate than engineering-driven, but also points at finger at GitHub "aggressively pushing" the use of CoPilot to file issues, providing several examples of AI slop PRs.

    Leaving GH over AI PRs doesn't feel like the best way to solve this. What will the next year or two bring in this space?

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds