Archives

A walkthrough of connecting Claude Desktop to PayPal’s remote MCP server over HTTP, highlighting the full OAuth 2.0 flow with Postman from discovery to authorization

MCP explained from the inside out, starting with a real developer workflow then unwrapping the protocol layer by layer: roles, messages, connection lifecycle, and STDIO transport.

OAuth 2.0 could automate client registration and AS discovery, but clients still had to hardcode which authorization server protects a given resource. Protected Resource Metadata fixes that. Here's how PRM completes the dynamic integration story, and why AI agents made it urgent.

mTLS and OAuth2 — Certificate-Bound Tokens

Shared secrets can be stolen, leaked, or brute-forced. mTLS-based client authentication uses certificates to prove private key possession. Learn how to apply TLS handshake–based authentication to meet OAuth 2.0 client authentication requirements.

Simple Story of Two Keys — PKCE

Securing Response Using JWT Secured Authorization Response Mode (JARM)

Push Authorization Request (PAR) to Rescue

Secure OAuth2 (Part -2): Put it in a JAR (JWT-Secured Authorization Request)

Is Authorization Code Grant Type Secure Enough?

OAuth2 Token Exchange in Practice

How to register and manage OAuth2 clients?

How do you discover the OAuth2 server configuration?

Understanding OAuth2 Landscape

API Security: How to avoid Broken Object Level Authorization & Broken Function Level Authorization

Web Browser SSO Profile

IdP Discovery

Why do you need SAML Metadata?

SAML Basics

Reloading SAML: Do you really need SAML?