Changelog

Recent updates, fixes, and new features shipped to mcpauth's OAuth server, SDK, and dashboard.

July 2026

Initial release

  • OAuth 2.1 authorization server: register, authorize, token, revoke, and introspect endpoints.
  • Dynamic Client Registration (RFC 7591) at POST /api/oauth/register.
  • RFC 8414 authorization server metadata discovery at /.well-known/oauth-authorization-server.
  • PKCE (S256) required on the /oauth/authorize flow, per OAuth 2.1.
  • Token revocation (RFC 7009) and token introspection (RFC 7662) endpoints.
  • Server-to-server token minting via POST /api/oauth/token/exchange, for MCP servers embedded in a product with its own existing users.
  • mcpauth SDK on npm: the mcpAuth() Express middleware, McpAuthTokenVerifier, mintToken(), and RFC 9728 resource-metadata helpers.
  • Self-serve dashboard with GitHub OAuth login for creating projects and issuing registration secrets.
  • Free and Pro pricing tiers.