---
summary: Protect MCP server tools with SigID OAuth access tokens, delegated agent context, scopes, tenant checks, and audit logging.
tags:
  - mcp
  - agents
  - oauth
  - delegation
  - token validation
categories:
  - AI Agents
---

# MCP Server Integration

<!-- agent:page
You are a coding agent protecting an MCP server with SigID OAuth access tokens by following this reference.
First collect: MCP server audience, tenant or workspace ID, tool names, required scopes per tool, allowed subject types, delegation requirements, audit fields, and redaction rules for tool parameters.
Require a bearer token on every tool call, validate signature, issuer, audience, expiry, tenant, scope, and subject type before tool execution, and distinguish autonomous agent tokens from delegated human-triggered agent access.
Map each tool to the narrowest scope set, require delegated access and human approval for sensitive or irreversible tools, and log subject ID, actor context, tenant ID, tool name, request ID, and authorization decision without raw tokens or secrets.
Verify unauthenticated, wrong-audience, wrong-tenant, missing-scope, unknown-tool, and overbroad autonomous-agent calls fail before tool code runs.
-->

MCP (Model Context Protocol) servers should require OAuth access tokens for
tool calls.

## Authentication Flow

For every tool request:

1. Parse bearer token from Authorization header
2. Validate issuer, audience, signature, expiry, tenant, and scope
3. Require subject type `agent` or delegated actor context
4. Map each tool to one or more scopes
5. Enforce resource-level tenant checks
6. Record high-impact tool calls in audit logs

## Tool Policy Design

Example tool policy:

```
Tool: search_docs
Audience: https://mcp.example.com
Scope: tools:search
Allowed subject: agent or delegated agent

Tool: delete_project
Audience: https://mcp.example.com
Scope: projects:delete
Allowed subject: delegated agent only
Extra condition: human approval and fresh user session
```

## Token Validation

Use [Verify Tokens](../developers/verify-tokens.md) for
backend claim checks.

Key claims to verify:

- `iss`: Must be your SigID issuer
- `aud`: Must match your MCP server
- `sub`: Agent ID or user ID (for delegated)
- `act`: Agent ID (present for delegated tokens)
- `scope`: Must include required tool scopes

## Example Implementation

```typescript
import { validateAccessToken } from "@sigid/client";

export async function validateMcpRequest(authHeader: string) {
  const [scheme, token] = authHeader.trim().split(/\s+/, 2);
  if (scheme?.toLowerCase() !== "bearer" || !token) {
    throw new Error("Bearer access token required");
  }

  const requiredScopes = getRequiredScopesForTool("search_docs");
  const claims = await validateAccessToken(token, {
    issuer: process.env.SIGID_ISSUER_URL!,
    audience: "https://mcp.example.com",
    tenantId: process.env.SIGID_TENANT_ID!,
    scopes: requiredScopes,
    allowedSubjectTypes: ["agent"],
    allowDelegation: true,
  });

  return claims;
}
```

## Scope Mapping

Map tools to scopes:

| Tool | Required Scope | Subject Type |
|------|---------------|--------------|
| `search_docs` | `tools:search` | agent or delegated |
| `read_project` | `projects:read` | agent or delegated |
| `write_project` | `projects:write` | delegated only |
| `delete_project` | `projects:delete` | delegated + approval |
| `sign_transaction` | `wallet:sign` | delegated + approval |

The example uses `validateAccessToken()` from the public `@sigid/client`
package. In a Next.js route handler, you can also use
`requireAccessToken()` from `@sigid/next` to extract the bearer token from the
request before running the same issuer, audience, tenant, scope, and subject
checks.

## Audit Logging

Log all tool calls with:

- Agent or user ID
- Tool name
- Parameters (redacted if sensitive)
- Timestamp
- Result

## See Also

- [Agent Authentication](agent-auth.md) - Agent auth methods
- [Delegation](delegation.md) - Delegated access
- [Verify Tokens](../developers/verify-tokens.md) - Backend token validation
