alt Hacker NewsIf only they would support the web and let you just issue a long running cookie....
I hacked the spec to pass through a cookie via the oauth handshake to do this without needing an oauth server.
Its really dumb they don't want to allow this.
If no cookie, open webpage.
If cookie set, close and persist.
I literally wrote an 80 page mini book on MCP yet it frustrates me to no end.
Replies
Ferret7446 • today at 2:14 AM
You're just asking for your credentials to get stolen. Long lived creds are a huge liability.
Hey - one of the lead maintainers of the MCP project here. There are a lot of scenarios where this simply won't scale (both from a usability and security standpoint). Cookies were made for the browser. MCP servers and clients often operate in environments where that is not a guarantee.