Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

MCP server auth on Vercel Edge: what changes for IAM teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9016
Topic starter  

TL;DR: Secure MCP server templates on Vercel Edge reduce the friction of adding authentication to AI tool servers, but they also expose a sharper governance issue: public and private tools can coexist unless authorization is enforced at the tool level, according to WorkOS. The real control question is whether identity checks are attached to execution paths, not just to the server wrapper.

NHIMG editorial — based on content published by WorkOS: The Vercel MCP + WorkOS AuthKit template for secure MCP server deployment

Questions worth separating out

Q: How should security teams govern MCP servers that mix public and private tools?

A: They should classify each tool by sensitivity and enforce authorisation at the tool level, not just at the server wrapper.

Q: Why do MCP servers create new identity governance issues for NHI programmes?

A: Because they act as access surfaces for software identities, not just as application endpoints.

Q: What do teams get wrong about authenticating MCP tools?

A: They often assume a valid token means the tool is safe to use.

Practitioner guidance

  • Classify every MCP tool by access sensitivity Separate read-only utility tools from tools that can touch user records, workflows, or downstream systems.
  • Verify tool-specific enforcement, not just server-level authentication Test that private tools reject calls when authInfo is missing, malformed, or insufficient for the requested action.
  • Map MCP servers into NHI governance reviews Include MCP servers in service-account and workload identity inventories so access scoping, audit trails, and entitlement ownership are reviewed alongside other non-human identities.

What's in the full article

WorkOS's full article covers the implementation detail this post intentionally leaves for the source:

  • The exact Next.js and Vercel Edge pattern used to wrap an MCP server with a single authentication handler.
  • The sample code paths for public tools and authenticated tools, including how authInfo is passed into handlers.
  • The JWT verification and WorkOS user lookup flow used to populate user context.
  • The built-in test interface for validating authenticated and unauthenticated tool behaviour before deployment.

👉 Read WorkOS's article on secure MCP server deployment with AuthKit →

MCP server auth on Vercel Edge: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Share: