Concepts

Per-user OAuth: bring-your-own-account for MCP

Let each end user authorize their own account on a connector. The gateway stores per-user tokens and runs each call as that user - no shared credentials.

Per-user OAuth lets every end user connect their own account to a connector, so tool calls run under their identity instead of one shared org credential. This is how you safely give an agent access to user-scoped data like a user's own Slack, GitHub, or CRM records.

Identity modes

Shared (org): one credential the admin configures; every caller uses it.
Per-user: each caller authenticates individually; the gateway uses that user's own token and the downstream runs as them.
Either: the access key or call picks org vs user - useful when one connector serves both a service agent and interactive users.

The auth-link flow

When an agent calls a per-user tool and the user has not connected yet, the gateway returns an authorization link instead of an error. The user opens it, authorizes once, and the credential is stored - bound to their verified identity. Subsequent calls resolve transparently, and the user can revoke the connection at any time.

{
  "isError": true,
  "structuredContent": {
    "authRequired": true,
    "connector": "Slack",
    "authorizeUrl": "https://your-company.ucl.dev/u/connect?intent=..."
  }
}

FAQ

Where are per-user tokens stored?

Encrypted at rest in the gateway vault, keyed to the user's verified identity. Tokens are never returned to the LLM and are refreshed automatically.

Can a user revoke their connection?

Yes. Each user can disconnect any connector from their account, which deletes the stored credential immediately.

Last updated 2026-06-09