The MCP Authorization spec recommends using OAuth Dynamic Client Registration (DCR) for registering MCP clients with MCP servers. More specifically, it suggests using anonymous DCR: meaning any client should be able to discover how to register itself and dynamically obtain an OAuth client without any prior credentials. In a recent blog post, I explored why this model can be problematic in enterprise environments where anonymous registration is often restricted or outright disabled. In this bl...
