Static API keys in client config are the easy way to authenticate an MCP server and the easy way to leak a credential. The Model Context Protocol's answer is OAuth: let the agent obtain a short-lived, scoped token through a proper authorization flow instead of carrying a long-lived secret around. It is the right direction. It is also where a single agent's clean flow turns into a fleet's token-management problem. How MCP OAuth works The MCP authorization spec builds on OAuth 2.1. A remote server