When to Use
Customize OAuth client metadata when:- The OAuth server requires a pre-registered
software_idor specific scopes - You need custom branding during OAuth consent screens (your company name/logo instead of Portkey’s)
- Compliance requires specific contact info, terms of service, or privacy policy URLs
- The MCP server expects specific OAuth client configuration
How It Works
When a user first accesses an OAuth-protected MCP server, Portkey initiates the OAuth flow. As part of this process, Portkey presents client metadata to the authorization server (per RFC 7591 - OAuth 2.0 Dynamic Client Registration).Configuration
Addoauth_metadata in Advanced Configuration when setting up your MCP integration in the MCP Registry.
Available Fields
Default Values
If not customized, Portkey uses:Security Notes
redirect_uris Cannot Be Customized
Theredirect_uris field is never customizable. Portkey always uses its own callback URL for OAuth flows:
Fields That Cannot Be Set
The following fields are excluded from customization:redirect_uris- Must be gateway-controlled for securityjwks_uri- Not yet supportedjwks- Not yet supportedsoftware_statement- Not yet supported
Example: Enterprise Compliance
Your enterprise requires all OAuth registrations to include legal contact information and link to corporate policies:Example: Pre-Registered Client
Some OAuth servers require clients to be pre-registered with a specificsoftware_id:
Example: Custom Scopes
Request specific OAuth scopes from the MCP server:Example: Servers Without Dynamic Client Registration (GitHub)
Some MCP servers like GitHub don’t support OAuth Dynamic Client Registration (DCR). For these servers, create an OAuth App manually and provide the credentials to Portkey. Required fields for non-DCR servers:
GitHub example:
The
redirect_uri configured in Portkey must exactly match the Authorization callback URL set when creating the GitHub OAuth App.
