oauth_support
Whether the provider supports OAuth 2.0 authentication for remote MCP servers, including token storage and automatic refresh.
Type: bool Content type: mcp
Provider Support
Section titled “Provider Support”| Provider | Supported | Mechanism |
|---|---|---|
| amp | ✓ | oauth_support: Amp supports OAuth 2.0 authentication for remote MCP servers |
| claude-code | ✓ | mcp_oauth_authentication: OAuth 2.0 for HTTP MCP servers; dynamic client registration or CIMD auto-discovery; token storage in macOS keychain or credentials file; auto-refresh; oauth.scopes pins requested scope set; authServerMetadataUrl overrides discovery chain |
| codex | ✓ | mcp_oauth_support: Codex supports OAuth 2.0 authentication for remote MCP servers |
| cursor | ✓ | Remote servers using the streamable-http transport support OAuth authentication; static client credentials can be used instead of dynamic registration. The documentation explicitly notes OAuth as a streamable-http capability. |
| factory-droid | ✓ | OAuth authentication supported for HTTP servers; tokens stored globally in system keyring rather than per-project; managed via /mcp interactive manager |
| gemini-cli | ✓ | oauth_authentication: Gemini CLI supports OAuth 2.0 for remote MCP servers via SSE or HTTP transports; authProviderType selects dynamic_discovery, google_credentials, or service_account_impersonation; tokens stored in ~/.gemini/mcp-oauth-tokens.json and auto-refreshed |
| opencode | ✓ | Remote MCP servers support OAuth 2.0 authentication with Dynamic Client Registration (RFC 7591). OpenCode auto-detects 401 responses and initiates the OAuth flow, storing tokens in ~/.local/share/opencode/mcp-auth.json. Pre-registered client credentials can be supplied via the oauth object (clientId, clientSecret, scope). OAuth can be disabled per-server by setting oauth: false. |
| windsurf | ✓ | Windsurf supports OAuth for each transport type (stdio, Streamable HTTP, and SSE) for remote MCP server authentication |
| zed | ✓ | When a remote MCP server is configured with a url but no Authorization header, Zed prompts the user to authenticate using the standard MCP OAuth flow |
| cline | ✗ | Cline MCP does not document OAuth 2.0 authentication for remote servers |
| copilot-cli | ✗ | Copilot CLI MCP does not document OAuth 2.0 authentication |
| crush | ✗ | Crush MCP does not document OAuth 2.0 authentication for remote servers |
| kiro | ✗ | Kiro MCP does not document OAuth 2.0 authentication; remote server auth uses static headers |
| pi | ✗ | not documented |
| roo-code | ✗ | No OAuth 2.0 authentication flow documented for Roo Code MCP servers |