> ## Documentation Index > Fetch the complete documentation index at: https://docs.mcp-use.com/llms.txt > Use this file to discover all available pages before exploring further. # Authentication Overview > mcp-use supports multiple authentication methods for MCP servers including OAuth 2.1, bearer tokens, and custom authentication. ## Overview MCP servers can require authentication to protect resources and control access. `mcp-use` handles authentication automatically based on your configuration. ```mermaid theme={null} flowchart LR A["auth: string"] --> Bearer["Bearer Token"] B["auth: { }"] --> OAuth["OAuth 2.1"] C["auth: httpx.Auth"] --> Custom["Custom Auth"] Bearer --> R["Authorization: Bearer token"] OAuth --> R Custom --> R ``` ## Choose Your Method **Simplest option** Use a static API key or token. Best for services that issue long-lived credentials. ```python theme={null} "auth": "sk-your-api-key" ``` **MCP standard** Full OAuth flow with automatic discovery, PKCE, and token refresh. Required by many MCP servers. ```python theme={null} "auth": { "scope": "read write" } ``` **Full control** Use any `httpx.Auth` object for Basic, Digest, or custom authentication schemes. ```python theme={null} "auth": BasicAuth("user", "pass") ``` ## Quick Start Examples For servers with OAuth support, just provide the URL: ```python theme={null} from mcp_use import MCPClient config = { "mcpServers": { "linear": { "url": "https://mcp.linear.app/sse" # OAuth discovery + DCR happens automatically } } } client = MCPClient(config=config) ``` `mcp-use` will: 1. Discover the authorization server 2. Register a client (or use CIMD/pre-registered credentials) 3. Open your browser for authorization 4. Store and refresh tokens automatically For servers requiring manual OAuth app registration: ```python theme={null} config = { "mcpServers": { "github": { "url": "https://api.githubcopilot.com/mcp/", "auth": { "client_id": "your-github-client-id", "client_secret": "your-github-client-secret", "scope": "repo", "callback_port": 8080 } } } } ``` For API keys or static tokens: ```python theme={null} import os config = { "mcpServers": { "api": { "url": "https://api.example.com/mcp/sse", "auth": os.getenv("API_KEY") } } } ``` For public servers: ```python theme={null} config = { "mcpServers": { "public": { "url": "https://public.example.com/mcp/sse" } } } ``` ## Token Storage Authentication tokens are stored securely on disk: ``` ~/.mcp_use/tokens/ ├── {server}.json # Access tokens └── registrations/ └── {server}_registration.json # OAuth client credentials ``` Add `~/.mcp_use/` to your `.gitignore` to avoid committing credentials. ## Debugging Enable verbose logging to troubleshoot authentication: ```python theme={null} from mcp_use import set_debug set_debug(2) # Shows full OAuth flow, discovery, and token exchange ``` ## Security Best Practices * **Environment variables** - Never hardcode credentials in source code * **Token rotation** - Rotate long-lived tokens regularly * **Minimal scopes** - Request only the permissions you need * **HTTPS only** - All OAuth endpoints use HTTPS (except localhost callbacks)