Roles OAuth defines four roles: Resource owner (the user) Resource server (the API) Authorization server (can be the same server as the API) Client (the| OAuth 2.0 Simplified
RFC 7636: Proof Key for Code Exchange| oauth.net
The OAuth 2.0 Dynamic Client Registration extension provides a mechanism for dynamically or programmatically registering clients. This spec was derived from the OpenID Connect Dynamic Client Registration spec and is still compatible with OpenID Connect servers.| oauth.net
The Authorization Server Metadata spec (also known as OAuth Discovery) defines a format for clients to use to look up the information needed to interact with a particular OAuth server. This includes things like finding the authorization endpoint, and listing the supported scopes and client authentication mechanisms.| oauth.net
You can now build and deploy remote MCP servers to Cloudflare, and we handle the hard parts of building remote MCP servers for you. Unlike local MCP servers you may have previously used, remote MCP servers are Internet-accessible. People simply sign in and grant permissions to MCP clients using familiar authorization flows.| The Cloudflare Blog
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.| IETF Datatracker