MCP's auth spec is lacking and Auth0 isn't helping
github.comMCP makes the old WS-stack from Microsoft look well designed.
Seems like it isn't all the protocol? A lot of it is the and the current tools. If you have a hardcore dev who knows auth they can implement to spec and be safe/simple-ish.
Actual title "The Auth Section Conflates Two Auth Flows".