Home / Kong Plugin Hub
Edit
Report

AI MCP OAuth2

AI License Required Tech Preview
Overview ExamplesGuidesConfiguration reference Changelog
This feature is currently in Tech Preview and should not be used in a production environment.
Related Documentation
Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Priority
1015
Minimum Version
Kong Gateway - 3.12
Tags
#ai #mcp #security
Related Resources
OAuth 2.0 specification for MCP
MCP Traffic Gateway

3.14.0.3

Release date 2026/05/25

Bugfix

  • Fixed an issue where downstream scope-based ACL evaluation used claims from the inbound token instead of the exchanged token when token exchange was enabled.

3.14.0.2

Release date 2026/04/28

Bugfix

  • Fixed an issue where token_exchange.cache.enabled = false was ignored and exchanged tokens were still cached because the cache toggle incorrectly read token_exchange.cache.ttl instead of token_exchange.cache.enabled.

  • Fixed an issue where token exchange actor tokens were not sourced correctly from token_exchange.request, ensuring correct forwarding of actor tokens configured in headers or plugin config.

3.14.0.0

Release date 2026/04/07

Feature

  • Added Token Exchange support to swap JWT tokens before accessing MCP Server.

  • Added support for mapping claim to authenticated credential.

  • Made the client_id field not required when client_auth is set to something other than client_secret_basic or client_secret_post

  • Added upstream_headers field for mapping token claims to upstream headers using path-based access. Mutually exclusive with claim_to_header.

  • Added support for passing tokens upstream.

  • Added support for multiple token validation methods.

  • Added support mapping claims in token to consumer and consumer_groups.

Bugfix

  • Fixed an issue where we didn’t clear header for absent claim.

3.13.0.1

Release date 2026/02/01

Bugfix

  • Fixed an issue where we didn’t clear header for absent claim.

3.13.0.0

Release date 2025/12/18

Bugfix

  • Fixed an issue where MCP-like request was not authenticated.

  • Fixed an issue where the oidc schema was polluted during merging.

  • Fixed an issue where resource without path was not correctly handled.

  • Fixed an issue where there was an unexpected required: false in the plugin schema.

  • Fixed an issue where x-forwarded-* headers were not respected.

3.12.0.3

Release date 2026/02/26

Bugfix

  • Fixed an issue where we didn’t clear header for absent claim.

3.12.0.2

Release date 2025/12/10

Bugfix

  • Fixed an issue where MCP-like request was not authenticated. Previously, we only authenticated requests that satisfied the MCP spec. As a result, the attacker can bypass this via an MCP-like request. Therefore, now we change to authenticate all the requests.

  • Fixed an issue where the oidc schema was polluted during merging.

  • Fixed an issue where resource without path was not correctly handled.

  • Fixed an issue where x-forwarded-* headers were not respected.

3.12.0.0

Release date 2025/10/01

Feature

  • Introduced the AI MCP OAuth2 plugin, which protects the MCP traffic with OAuth2.

  • Dropped the enabled field, as we already have one in plugin table.

Something wrong?
Report an Issue | Edit this Page
View all Kong documentation

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help?

Ask in our Slack Community
Contact Support