Authorization determines what authenticated users can access. While authentication verifies who a user is, authorization controls what they can do.
Authorization Layers
MCP Gateway provides authorization at multiple levels:
| Level | What it controls | Status |
|---|
| Workspace | Which teams can access which MCP servers | Available |
| MCP Server | Access to specific servers based on claims | Available |
| Tool | Access to specific tools within a server | Coming soon |
Server-Level Claim-Based Authorization
Control access to MCP servers based on JWT claims. This is configured through JWT Validation using requiredClaims and claimValues.
Require Specific Claims
Ensure tokens include specific claims before allowing access:
{
"jwt_validation": {
"jwksUri": "https://your-idp.com/.well-known/jwks.json",
"requiredClaims": ["sub", "email", "groups"]
}
}
Validate Claim Values
Authorize based on claim valuesβgroup membership, roles, or other attributes:
{
"jwt_validation": {
"jwksUri": "https://your-idp.com/.well-known/jwks.json",
"claimValues": {
"groups": {
"values": ["engineering", "platform"],
"matchType": "contains"
},
"iss": {
"values": "https://your-idp.com",
"matchType": "exact"
}
}
}
}
Match Types
| Type | Description | Example |
|---|
exact | Claim value must match exactly | iss must equal "https://your-idp.com" |
contains | Claim must include at least one value (OR) | User must be in engineering OR platform group |
containsAll | Claim must include all values (AND) | User must have both mcp:read AND mcp:write scopes |
regex | Match against a regular expression | Email must match @yourcompany\.com$ |
Example: Restrict to Engineering Team
Only allow users in the engineering group:
{
"jwt_validation": {
"jwksUri": "https://your-idp.com/.well-known/jwks.json",
"requiredClaims": ["sub", "groups"],
"claimValues": {
"groups": {
"values": ["engineering"],
"matchType": "contains"
}
}
}
}
Example: Require Admin Role
Only allow users with admin role:
{
"jwt_validation": {
"jwksUri": "https://your-idp.com/.well-known/jwks.json",
"claimValues": {
"role": {
"values": "admin",
"matchType": "exact"
}
}
}
}
Example: Restrict by Email Domain
Only allow users from your company domain:
{
"jwt_validation": {
"jwksUri": "https://your-idp.com/.well-known/jwks.json",
"claimValues": {
"email": {
"values": "@yourcompany\\.com$",
"matchType": "regex"
}
}
}
}
Tool-level claim-based authorization is coming in a future release.
{
"tool_authorization": {
"delete_issue": {
"required_claims": {
"role": {
"values": ["admin", "maintainer"],
"matchType": "contains"
}
}
}
}
}
- Allow read tools for all users, write tools for specific roles
- Restrict dangerous operations to admins
- Enable different tool sets for different teams
Webhooks for Authorization
Webhook-based authorization is coming in a future release.
{
"authorization_webhook": {
"url": "https://your-service.com/authorize",
"timeout_ms": 1000,
"on_error": "deny"
}
}
- User identity and claims
- Target MCP server
- Tool being called
- Request parameters
Return allow or deny with an optional reason.
Enables:
- Dynamic authorization based on external systems
- Context-aware decisions (time of day, request patterns)
- Integration with existing authorization infrastructure
- Custom business logic for access control
Combining with Team Provisioning
Authorization works alongside Team Provisioning:
- Team Provisioning controls which workspaces see which servers
- JWT Validation adds claim-based rules on top
A user must pass both checks to access an MCP server.
User Request
β
βΌ
βββββββββββββββββββββββββββββββ
β Team Provisioning Check β Is server provisioned to user's workspace?
βββββββββββββββββββββββββββββββ
β β
βΌ
βββββββββββββββββββββββββββββββ
β JWT Claim Validation β Does token have required claims/values?
βββββββββββββββββββββββββββββββ
β β
βΌ
Access Granted
Next Steps
