Skip to main content
When Portkey connects to OAuth-protected MCP servers using OAuth Auto, it registers as an OAuth client with the server’s authorization endpoint. By default, Portkey uses standard client metadata. For compliance or branding requirements, you can customize this.

When to Use

Customize OAuth client metadata when:
  • The OAuth server requires a pre-registered software_id or specific scopes
  • You need custom branding during OAuth consent screens (your company name/logo instead of Portkey’s)
  • Compliance requires specific contact info, terms of service, or privacy policy URLs
  • The MCP server expects specific OAuth client configuration

How It Works

When a user first accesses an OAuth-protected MCP server, Portkey initiates the OAuth flow. As part of this process, Portkey presents client metadata to the authorization server (per RFC 7591 - OAuth 2.0 Dynamic Client Registration).

Configuration

Add oauth_metadata in Advanced Configuration when setting up your MCP integration in the MCP Registry.

Available Fields


Default Values

If not customized, Portkey uses:

Security Notes

redirect_uris Cannot Be Customized

The redirect_uris field is never customizable. Portkey always uses its own callback URL for OAuth flows:
This ensures OAuth tokens are delivered securely to Portkey’s gateway, not to an arbitrary URL.

Fields That Cannot Be Set

The following fields are excluded from customization:
  • redirect_uris - Must be gateway-controlled for security
  • jwks_uri - Not yet supported
  • jwks - Not yet supported
  • software_statement - Not yet supported
If you include these fields, they’re ignored.

Example: Enterprise Compliance

Your enterprise requires all OAuth registrations to include legal contact information and link to corporate policies:
When users authorize access, they see “Acme Corp MCP Gateway” with your logo instead of generic Portkey branding.

Example: Pre-Registered Client

Some OAuth servers require clients to be pre-registered with a specific software_id:

Example: Custom Scopes

Request specific OAuth scopes from the MCP server:
The authorization server will request consent for these specific scopes.

Example: Servers Without Dynamic Client Registration (GitHub)

Some MCP servers like GitHub don’t support OAuth Dynamic Client Registration (DCR). For these servers, create an OAuth App manually and provide the credentials to Portkey. Required fields for non-DCR servers: GitHub example:
The redirect_uri configured in Portkey must exactly match the Authorization callback URL set when creating the GitHub OAuth App.
See the GitHub MCP server guide for complete setup instructions.
Last modified on April 8, 2026