HackerTrans
TopNewTrendsCommentsPastAskShowJobs

norcalkc

no profile record

Submissions

Underwater RF Communication at 700M Using Magnetoelectric Antennas

arxiv.org
5 points·by norcalkc·letzten Monat·1 comments

The Tinker Pledge

tinkerpledge.org
5 points·by norcalkc·letzten Monat·1 comments

What It Takes to Send Pixels

arewecooked.dev
3 points·by norcalkc·vor 6 Monaten·0 comments

Test your MCP Server for spec compliance, security, and agent-friendliness

mcpscan.dev
2 points·by norcalkc·vor 6 Monaten·0 comments

aileaks.dev - Community driven database of AI related security incidents

aileaks.dev
11 points·by norcalkc·letztes Jahr·0 comments

comments

norcalkc
·letztes Jahr·discuss
Came here to ask this. Two arms? I'll pay.
norcalkc
·letztes Jahr·discuss
> Allowing an execution environment to also access MCPs, tools, and user data requires careful design to where API keys are stored, and how tools are exposed.

If your tools are calling APIs on-behalf of users, it's better to use OAuth flows to enable users of the app to give explicit consent to the APIs/scopes they want the tools to access. That way, tools use scoped tokens to make calls instead of hard to manage, maintain API keys (or even client credentials).
norcalkc
·letztes Jahr·discuss
If the apps the AI assistant is trying to connect to support OAuth 2.0, it's easy to setup a social connection (or a custom social connection) with Auth0 (Auth for GenAI). It allows you to connect to hundreds of API services, and configure the granularity of scopes you want to set at a per connection level.

Checkout the step-by-step quickstart [1] if you want to go through calling the Google Calendar API from an AI agent (Vercel AI SDK based in this case). There are also how-tos for other frameworks like LangGraph, GenKit, LlamaIndex, etc. Async authorization is also supported via CIBA (Client-Initiated Backchannel Authentication).

You can also secure remote MCP servers [1] with Auth0.

[0] https://auth0.com/ai/docs/call-others-apis-on-users-behalf [1] https://auth0.com/blog/secure-and-deploy-remote-mcp-servers-...

Disclosure: I work for Auth0.