{
"$type": "site.standard.document",
"description": "Why most teams should let an API gateway handle the new MCP Protected Resource Metadata flow instead of hand-rolling OAuth in their own server code.",
"path": "/blog/mcp-prm-auth/",
"publishedAt": "2025-06-26T00:00:00.000Z",
"site": "at://did:plc:rkjxbatkiros6f7pwtgsir54/site.standard.publication/self",
"tags": [
"api",
"authorization",
"security",
"mcp",
"ai",
"distributed-systems",
"azure"
],
"title": "Please Don't Write Your Own MCP Authorization Code"
}