日本語 
Authlete, Inc. has rolled out new updates to strengthen security and make development easier for companies building MCP compatible authorization servers. The latest enhancements are now available in Authlete 3.0, the company’s OAuth and OpenID Connect backend service, and include support for the OAuth Client ID Metadata Document specification, also known as CIMD, which was adopted in the latest Model Context Protocol specification.
MCP is an open source standard created to connect AI applications with external systems in a secure way. Since its proposal in 2024, MCP has been adopted by major technology providers, including cloud and AI platform vendors, and the latest version was released in November 2025. Any organization exposing an MCP server on the internet must operate its own OAuth authorization server to control access for customers and partners.
By supporting CIMD, Authlete allows authorization servers to dynamically retrieve client metadata from a URL provided by the client, instead of requiring advance client registration. This is especially useful in MCP environments where clients and servers are expected to interact dynamically.
Also Read: Japan’s New Active Cyber Defense Law: What It Means for Businesses and National Security
To address the security risks that come with dynamic registration, Authlete adds mechanisms such as allowlists for approved client ID domains and metadata policies that define security requirements and adjust retrieved metadata before registration. These features help prevent unintended client access while keeping flexibility.
Authlete also introduces developer friendly options such as disabling metadata caching and allowing HTTP schemes during development. Together, these updates help service providers build secure MCP infrastructure faster while staying aligned with evolving OAuth standards.
English