Is MCP authentication that complicated?
Let's take a closer look into the authentication for MCP servers!
MCP started with a basic implementation using local socket to communicate. Nobody really liked it but then when the time came to add authentication lots of vibe coders started to imagine that it’s very complicated. We even saw these kind of presentations:
but we have been doing this forever. We have been implementing auth flows with GitHub, Google, etc. for ages and it’s exactly the same flow. You authenticate the user and this time instead of just using the token to get person’s Google avatar or their GitHub repos we store the token so we can use it for MCP calls.
Time to try MCP auth for ourselves.
How Helix OAuth works
In Helix we first introduced OAuth support to be able to authenticate to third party APIs on behalf of the user. This enables users to automate various tasks that can be done by the agent. It’s a two step process:
Enabling the supported provider in the admin dashboard
Connecting it in the user’s OAuth connections page:
Using HubSpot MCP
One fun thing that I thought of was trying out HubSpot’s MCP. It allows LLMs to query it’s database so you can get information about various deals. You can create a new agent by visiting https://app.helix.ml/new-agent.
There’s an endless path in improving agent’s system prompt but something as simple as this would do the trick:
You are a helpful AI assistant called Helix. Today is {{ .LocalDate }}, local time is {{ .LocalTime }}. You can access Hubspot CRM data through an MCP tools that are provided to you.
Select gpt-4o-mini model.
Then, we open Skills tab and add HubSpot configuration under the MCP tab. Details:
name: hubspot
MCP server URL: https://mcp.hubspot.com/
OAuth Configuration: select the HubSpot
Trying it out
We can go to any other tab that has a preview side panel and try it out:
You can also visit “Usage” tab to view how the agent approached the task:
This tab is instrumental in building reliable agents. You can view all requests, responses, how long they took and how many tokens were consumed.
Next steps:
You can combine this with Helix Tasks that can run agents on a schedule:
Also, feel free to iterate on the system prompt to improve the report structure.
Excellent analysis! I always wonder why alot of the dev community complicates auth so much. You've really hit the nail on the head, it's astonishing how it's essentially the same OAuth flow we've been using for Google or GitHub, just repurposed for MCP. It's quite elegant when you break it down like this.