Skip to content

Document client credentials grant for MCP authentication #5218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mintlify wants to merge 1 commit into
base: main
Choose a base branch
from
+43 −0
Open

Document client credentials grant for MCP authentication #5218

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions ai/model-context-protocol.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
The MCP search tool supports optional parameters that AI applications use to control and refine search results.

- **`pageSize`**: Number of results to return, between 1 and 50. Defaults to 10.
- **`scoreThreshold`**: Minimum relevance score between 0 and 1. Only returns results at or above this threshold. Use this to filter out low-relevance matches.

Check warning on line 41 in ai/model-context-protocol.mdx

View check run for this annotation

Mintlify / Mintlify Validation (mintlify) - vale-spellcheck

ai/model-context-protocol.mdx#L41 

Use 'preceding' instead of 'above'.
- **`version`**: Filter results to a specific documentation version. For example, `'v0.7'`. Only returns content tagged with the specified version or content available across all versions.
- **`language`**: Filter results to a specific language code. For example, `'en'`, `'zh'`, or `'es'`. Only returns content in the specified language or content available across all languages.

Expand Down Expand Up @@ -104,6 +104,49 @@
</Step>
</Steps>

### Client credentials for server-to-server access

If you need to connect to an authenticated MCP server from an automated system, CI/CD pipeline, or backend service, you can use the OAuth 2.0 `client_credentials` grant type instead of the interactive browser-based flow.

The `client_credentials` grant authenticates using a client ID and client secret, so no user interaction is required. This is useful when an application needs to access your MCP server programmatically without a browser.

Check warning on line 111 in ai/model-context-protocol.mdx

View check run for this annotation

Mintlify / Mintlify Validation (mintlify) - vale-spellcheck

ai/model-context-protocol.mdx#L111 

In general, use active voice instead of passive voice ('is required').

To authenticate with client credentials, send a `POST` request to your MCP server's token endpoint with the `client_credentials` grant type. You can provide the client ID and secret as form parameters or with an HTTP Basic `Authorization` header.

<Tabs>
<Tab title="Form parameters">

```bash
curl -X POST https://your-docs-site.com/mcp/oauth/token \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"
```

</Tab>
<Tab title="Authorization header">

```bash
curl -X POST https://your-docs-site.com/mcp/oauth/token \
-d "grant_type=client_credentials" \
-H "Authorization: Basic $(echo -n 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' | base64)"
```

</Tab>
</Tabs>

A successful response returns an access token:

```json
{
"access_token": "eyJhbGci...",
"token_type": "Bearer",
"expires_in": 1209600,
"scope": "mcp:search"
}
```

Client credentials tokens are subject to server-side revocation checks. If a credential is revoked in the dashboard, any tokens issued with that credential stop working immediately. This does not affect tokens issued through the interactive authorization code flow.

### Rate limits

To protect availability, Mintlify applies rate limits to MCP servers.
Expand Down
Loading