As AI agents become a core part of modern development workflows, the need for secure, flexible authentication is quickly becoming essential.
In our latest product news episode, our engineering team takes a deep dive into how we implemented OAuth for Semaphore’s MCP server—and what we learned along the way.
This work is part of a broader shift in how we’re evolving Semaphore: from a traditional CICD platform into a foundation for running AI-powered developer workflows safely, transparently, and at scale.
Why OAuth Matters for MCP
As MCP servers move from local environments to remote infrastructure, authentication becomes critical.
API keys aren’t enough for this new world of agents and integrations. OAuth provides a more secure and flexible way for agents to authenticate and interact with MCP servers—while giving developers control over permissions and access.
But implementing OAuth in this ecosystem isn’t straightforward.
The Challenge: A Moving Target
One of the biggest challenges we encountered is that the MCP ecosystem is still evolving rapidly.
Different agents:
- Discover authentication endpoints in slightly different ways
- Support different versions of the MCP spec
- Handle OAuth flows inconsistently
Even small differences—like variations in URL paths—can break integrations.
On top of that, the MCP specification itself is changing quickly. New versions introduce new concepts, while older ones are still the most widely supported.
Key takeaway: the “latest” spec isn’t always the most practical one to implement.
Client Registration & Discovery Complexity
A core challenge in OAuth for MCP is client registration—how agents and servers identify and trust each other.
In a traditional system, this is predictable. In MCP:
- You don’t always know the client in advance
- You don’t control how agents behave
- Discovery mechanisms vary across implementations
This creates friction in establishing secure, reliable authentication flows.
Real-World Testing Beats Theory
Another major learning: testing across real agents is essential.
Specs alone aren’t enough.
We found that:
- Some clients behave differently than documented
- Errors are often unclear or missing
- Local + browser-based clients introduce additional complexity (like CORS issues)
Tools like MCP Jam Inspector proved invaluable for debugging and understanding how OAuth flows actually behave step by step.
Rethinking Authorization: Beyond Identity Providers
We initially used Keycloak as an identity provider—which worked well for authentication.
But when it came to fine-grained authorization (like project-level permissions), limitations became clear.
To maintain flexibility and control, we:
- Kept identity management external
- Built our own authorization logic internally
This aligns with a broader principle behind Semaphore’s evolution:
developers should stay in control, while automation handles execution.
Practical Advice for Developers
If you’re implementing OAuth for MCP today, here’s what we recommend:
- Start with a stable, widely supported spec (not the newest one)
- Test with multiple agents early and often
- Expect inconsistencies—and design for them
- Focus on real-world compatibility over theoretical completeness
In short: be conservative, iterate quickly, and validate everything in practice.
What This Means for Semaphore
This work is a building block for a bigger vision.
As we extend CICD with AI-driven capabilities, secure and flexible authentication becomes foundational. MCP servers—and the agents that use them—will play a key role in enabling:
- Agent-driven workflows
- Secure automation at scale
- Developer-controlled AI systems
This is how we move from pipelines to programmable, intelligent workflows—without sacrificing transparency or control.
🚀 Try Semaphore
Ready to explore what’s next for CICD and AI-powered development?
👉 Sign up for Semaphore and start building smarter, more automated workflows today.
Want to discuss this article? Join our Discord.
